Hi everyone, first off I would like to thank everyone for any help I can get, this has been a bit of a stubborn removal for me. I have even reformatted, and reinstalled windows but strangely, its still infected. any help, again is really appreciated. 
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Windows 7 infected with something [Solved]
Started by
leafaninottawa
, Jan 28 2014 11:55 AM
-
This topic is locked
32 replies to this topic
#1
leafaninottawa
-
- Authentic Member
-
- 18 posts
New Member
Posted 28 January 2014 - 11:55 AM
Register to Remove
#2
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 30 January 2014 - 09:10 PM
Hi leafaninottawa,
My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Please stay with this topic until I let you know that your system appears to be "All Clear"
Important: All tools MUST be run from the Desktop.
=========================
=========================
Security Check
Download Security Check by screen317 from here or here.
aswMBR
Download aswMBR.exe and save it to your desktop.
OTL
Download OTL to your desktop.
In your next post please provide the following:
My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
- I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
- The fixes are specific to your problem and should only be used for the issues on this machine.
- Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
- It's often worth reading through these instructions and printing them for ease of reference.
- If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
- Please reply to this thread. Do not start a new topic.
- Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Please stay with this topic until I let you know that your system appears to be "All Clear"
Important: All tools MUST be run from the Desktop.
=========================
Not sure how you can still be infected if you did a re-install, but follow the steps below, post the logs requested and give a description of what symptoms you are experiencing and we'll get to work to try and sort it out.I have even reformatted, and reinstalled windows but strangely, its still infected.
=========================
Security CheckDownload Security Check by screen317 from here or here.
- Save it to your Desktop.
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
aswMBRDownload aswMBR.exe and save it to your desktop.
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
- When asked if you want to download Avast's virus definitions please select Yes.
- Click Scan
- Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
- You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
OTLDownload OTL to your desktop.
- Make sure all other windows are closed and to let it run uninterrupted.
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
- When the window appears, underneath Output at the top change it to Minimal Output.
- Check the boxes beside LOP Check and Purity Check.
- Under Custom Scan paste this in
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
services.*
/md5stop
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
dir "%systemdrive%\*" /S /A:L /C
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
BASESERVICES
DRIVES
CREATERESTOREPOINT - Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
- You may need two posts to fit them both in.
In your next post please provide the following:
- checkup.txt
- aswMBR.txt
- attach MBR.zip
- OTL.txt
- Extras.txt
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#3
leafaninottawa
-
- Authentic Member
-
- 18 posts
New Member
Posted 31 January 2014 - 04:27 PM
TY for your assistance, I could not access the site to download security check, is there another link I could get it from?
#4
leafaninottawa
-
- Authentic Member
-
- 18 posts
New Member
Posted 31 January 2014 - 05:03 PM
here is the aswMBR log.
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-01-31 17:29:25
-----------------------------
17:29:25.341 OS Version: Windows x64 6.1.7601 Service Pack 1
17:29:25.341 Number of processors: 2 586 0x1706
17:29:25.356 ComputerName: STEVE-PC UserName: Easyhome
17:29:26.482 Initialize success
17:45:17.239 AVAST engine defs: 14013101
17:45:45.215 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:45:45.222 Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
17:45:45.403 Disk 0 MBR read successfully
17:45:45.411 Disk 0 MBR scan
17:45:45.426 Disk 0 Windows 7 default MBR code
17:45:45.443 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 244869 MB offset 2048
17:45:45.474 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 232068 MB offset 501493760
17:45:45.616 Disk 0 scanning C:\Windows\system32\drivers
17:46:05.967 Service scanning
17:46:37.122 Modules scanning
17:46:37.146 Disk 0 trace - called modules:
17:46:37.217 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:46:37.231 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80058ed060]
17:46:37.244 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004bf8050]
17:46:38.014 AVAST engine scan C:\Windows
17:46:44.167 AVAST engine scan C:\Windows\system32
17:52:10.678 AVAST engine scan C:\Windows\system32\drivers
17:52:31.606 AVAST engine scan C:\Users\Easyhome
17:59:19.855 AVAST engine scan C:\ProgramData
18:01:31.612 Scan finished successfully
18:02:42.200 Disk 0 MBR has been saved successfully to "C:\Users\Easyhome\Desktop\MBR.dat"
18:02:42.208 The log file has been saved successfully to "C:\Users\Easyhome\Desktop\aswMBR.txt"
Attached Files
-
MBR.zip 555bytes
210 downloads
Edited by leafaninottawa, 31 January 2014 - 05:05 PM.
#5
leafaninottawa
-
- Authentic Member
-
- 18 posts
New Member
Posted 31 January 2014 - 05:31 PM
OTL logfile created on: 31/01/2014 6:07:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Easyhome\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
4.00 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 43.72% Memory free
7.99 Gb Paging File | 5.47 Gb Available in Paging File | 68.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 239.13 Gb Total Space | 170.91 Gb Free Space | 71.47% Space Free | Partition Type: NTFS
Drive E: | 226.63 Gb Total Space | 31.28 Gb Free Space | 13.80% Space Free | Partition Type: NTFS
Computer Name: STEVE-PC | User Name: Easyhome | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found
PRC - C:\Users\Easyhome\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe (Anvisoft)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
PRC - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe (Anvisoft)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\sqlite3.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\Cyberlink\Power2Go\CLMediaLibrary.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (.Net Main) -- C:\Windows\SysNative\idle-Threads.exe ()
SRV:64bit: - (.Net Security) -- C:\Windows\SysNative\latch-Threads.exe ()
SRV:64bit: - (.Net Crypt) -- C:\Windows\SysNative\mutex-Threads.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer)
SRV:64bit: - (O2FLASH) -- C:\Windows\SysNative\drivers\o2flash.exe (O2Micro International)
SRV - (AnviCsbSvc) -- C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe (Anvisoft)
SRV - (VaultSvc) -- C:\Windows\SysWOW64\lsass.exe ()
SRV - (SamSs) -- C:\Windows\SysWOW64\lsass.exe ()
SRV - (ProtectedStorage) -- C:\Windows\SysWOW64\lsass.exe ()
SRV - (Netlogon) -- C:\Windows\SysWOW64\lsass.exe ()
SRV - (KeyIso) -- C:\Windows\SysWOW64\lsass.exe ()
SRV - (EFS) -- C:\Windows\SysWOW64\lsass.exe ()
SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (asdsrv) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe (Anvisoft)
SRV - (ZAPrivacyService) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (Disc Soft Ltd)
DRV:64bit: - (usbvox) -- C:\Windows\SysNative\Drivers\usbvox64.sys ()
DRV:64bit: - (scssifilter) -- C:\Windows\SysNative\drivers\scssifilter64.sys (Microsoft Corporation)
DRV:64bit: - (usbmp3) -- C:\Windows\SysNative\Drivers\usbmp364.sys ()
DRV:64bit: - (usbwav) -- C:\Windows\SysNative\Drivers\usbwav64.sys ()
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (asdrs) -- C:\Windows\SysNative\drivers\asdrs.sys (Anvisoft)
DRV:64bit: - (asdrm) -- C:\Windows\SysNative\drivers\asdrm.sys (Anvisoft)
DRV:64bit: - (asdws) -- C:\Windows\SysNative\drivers\asdws.sys ()
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (O2SDRDR) -- C:\Windows\SysNative\drivers\o2sdx64.sys (O2Micro )
DRV:64bit: - (O2MDRDR) -- C:\Windows\SysNative\drivers\o2mdx64.sys (O2Micro )
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.entru.com/?s=21983
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACGW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.entru.com/?s=21983
IE - HKCU\..\SearchScopes,DefaultScope = {A653A084-C13D-4DD2-A04B-87215BCE6F00}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACGW_enCA566
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{A653A084-C13D-4DD2-A04B-87215BCE6F00}: "URL" = http://search.zoneal...Id=&ver=&&r=151
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Easyhome\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
[2013/12/14 08:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.ca/
CHR - Extension: Google Docs = C:\Users\Easyhome\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Easyhome\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Easyhome\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Easyhome\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Easyhome\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\Easyhome\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2013/12/25 09:35:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [CLMLServer] c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [CloudSystemBooster] C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe (Anvisoft)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{578895BC-C9D1-48F0-A42C-C021DA8806F9}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEBCE5E1-F9F2-456C-ADCC-ACF0B81EAF13}: DhcpNameServer = 216.218.29.11 207.219.69.11
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
Drivers32:64bit: msacm.ac3acm - ac3acm.acm (fccHandler)
Drivers32:64bit: msacm.l3acm - l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.l3codecp - l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FFDS - ff_vfw.dll ()
Drivers32:64bit: VIDC.LAGS - lagarith.dll ( )
Drivers32:64bit: VIDC.X264 - x264vfw64.dll (x264vfw project)
Drivers32:64bit: VIDC.XVID - xvidvfw.dll ()
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.LAGS - C:\Windows\SysWow64\lagarith.dll ( )
Drivers32: VIDC.X264 - C:\Windows\SysWow64\x264vfw.dll (x264vfw project)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2014/01/31 17:23:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Easyhome\Desktop\OTL.exe
[2014/01/31 17:23:45 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Easyhome\Desktop\aswMBR.exe
[2014/01/30 15:12:48 | 000,000,000 | R--D | C] -- C:\Users\Easyhome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2014/01/16 07:54:42 | 000,000,000 | ---D | C] -- C:\Users\Easyhome\AppData\Local\ElevatedDiagnostics
[2014/01/16 05:40:34 | 000,000,000 | ---D | C] -- C:\Users\Easyhome\AppData\Local\Diagnostics
[2014/01/10 14:18:25 | 000,000,000 | ---D | C] -- C:\Users\Easyhome\Desktop\backups
========== Files - Modified Within 30 Days ==========
[2014/01/31 18:10:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/31 18:04:59 | 000,000,555 | ---- | M] () -- C:\Users\Easyhome\Desktop\MBR.zip
[2014/01/31 18:02:42 | 000,000,512 | ---- | M] () -- C:\Users\Easyhome\Desktop\MBR.dat
[2014/01/31 17:24:50 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Easyhome\Desktop\aswMBR.exe
[2014/01/31 17:24:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Easyhome\Desktop\OTL.exe
[2014/01/31 17:22:18 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/31 17:11:02 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2559462982-4009010215-310766029-1000UA.job
[2014/01/31 04:42:34 | 002,626,514 | RHS- | M] () -- C:\Windows\SysNative\masteraclini.enu
[2014/01/31 04:42:34 | 000,000,124 | RH-- | M] () -- C:\Windows\SysNative\masteraclbini.enu
[2014/01/31 02:21:47 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/31 02:21:47 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/31 02:02:42 | 000,009,529 | -H-- | M] () -- C:\Windows\SysWow64\BTImages.dat
[2014/01/30 20:11:05 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2559462982-4009010215-310766029-1000Core.job
[2014/01/30 15:12:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/30 15:12:18 | 3217,272,832 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/29 08:41:54 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/28 14:23:57 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/28 14:23:57 | 000,628,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/28 14:23:57 | 000,110,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
========== Files Created - No Company Name ==========
[2014/01/31 18:04:59 | 000,000,555 | ---- | C] () -- C:\Users\Easyhome\Desktop\MBR.zip
[2014/01/31 18:02:42 | 000,000,512 | ---- | C] () -- C:\Users\Easyhome\Desktop\MBR.dat
[2014/01/28 14:31:03 | 002,227,226 | ---- | C] () -- C:\Users\Easyhome\Desktop\100_0917.JPG
[2014/01/28 14:31:03 | 002,065,003 | ---- | C] () -- C:\Users\Easyhome\Desktop\100_0916.JPG
[2014/01/28 14:29:44 | 200,488,374 | ---- | C] () -- C:\Users\Easyhome\Desktop\100_0919.MOV
[2013/12/23 15:15:30 | 000,640,957 | ---- | C] () -- C:\Windows\unins000.exe
[2013/12/23 15:15:30 | 000,000,800 | ---- | C] () -- C:\Windows\unins000.dat
[2013/12/16 23:06:50 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2013/12/16 23:06:49 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013/12/16 23:06:49 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013/12/16 23:06:48 | 000,217,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/12/16 23:06:47 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/12/14 10:23:25 | 000,660,257 | ---- | C] () -- C:\Users\Easyhome\AppData\Local\census.cache
[2013/12/14 10:22:54 | 000,079,137 | ---- | C] () -- C:\Users\Easyhome\AppData\Local\ars.cache
[2013/12/14 10:06:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\winlogon.exe
[2013/12/14 10:06:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\smss.exe
[2013/12/14 10:06:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\services.exe
[2013/12/14 10:06:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsass.exe
[2013/12/14 10:06:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\csrss.exe
[2013/12/14 09:59:20 | 000,009,529 | -H-- | C] () -- C:\Windows\SysWow64\BTImages.dat
[2013/12/14 09:44:46 | 000,000,036 | ---- | C] () -- C:\Users\Easyhome\AppData\Local\housecall.guid.cache
[2013/12/13 17:31:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/12/13 17:31:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/12/13 17:31:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/12/13 17:31:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/12/13 17:31:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/21 20:52:44 | 000,001,639 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2012/02/21 20:05:36 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2012/02/21 20:05:34 | 000,000,302 | ---- | C] () -- C:\Windows\PidList_C.ini
========== ZeroAccess Check ==========
[2009/07/14 03:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:47:52 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:47:08 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/12/25 22:26:42 | 000,000,000 | ---D | M] -- C:\Users\Easyhome\AppData\Roaming\Anvisoft
[2013/12/14 08:49:01 | 000,000,000 | ---D | M] -- C:\Users\Easyhome\AppData\Roaming\Check Point Software Technologies LTD
[2013/12/21 23:08:49 | 000,000,000 | ---D | M] -- C:\Users\Easyhome\AppData\Roaming\DAEMON Tools Lite
[2013/12/23 17:46:38 | 000,000,000 | ---D | M] -- C:\Users\Easyhome\AppData\Roaming\MPC-HC
========== Purity Check ==========
========== Custom Scans ==========
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< %temp%\smtmp\*.* /s > >
< MD5 for: EXPLORER.ADML >
[2009/07/14 04:35:48 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml
< MD5 for: EXPLORER.ADMX >
[2009/07/13 20:48:04 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
< MD5 for: EXPLORER.EXE >
[2012/02/21 20:52:06 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2012/02/21 20:52:06 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 22:41:14 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2012/02/21 20:52:06 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2012/02/21 21:17:06 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2012/02/21 20:52:06 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2012/02/21 20:52:08 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2012/02/21 20:52:08 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2012/02/21 20:52:08 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2012/02/21 20:52:08 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012/02/21 21:14:38 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2012/02/21 20:52:06 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2012/02/21 20:52:06 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2012/02/21 21:17:06 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2012/02/21 21:14:38 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2012/02/21 21:17:06 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2012/02/21 21:14:38 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 22:56:52 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2012/02/21 21:17:06 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2012/02/21 20:52:06 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2012/02/21 21:14:38 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: EXPLORER.EXE.MUI >
[2009/07/14 04:35:28 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/14 04:35:28 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/14 04:35:50 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/14 04:35:50 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui
< MD5 for: IEXPLORE.EXE >
[2013/03/03 23:49:09 | 000,672,928 | ---- | M] (Microsoft Corporation) MD5=050A612C1CE0C7095CAD64EA32C570DB -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21484_none_1a42c5438bf82907\iexplore.exe
[2013/12/15 07:02:13 | 000,763,632 | ---- | M] (Microsoft Corporation) MD5=140325733F0DFB82A6A600CE301478EE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16526_none_0d599df380650659\iexplore.exe
[2009/07/13 22:43:32 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2012/02/21 20:47:28 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=38668C6CADABC9487C683FADD3D165D0 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16930_none_19eb591872b56d75\iexplore.exe
[2013/12/15 07:02:13 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=43E6F2A7FB182F2D7CB0CE5B8F1005CF -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16526_none_17ae4845b4c5c854\iexplore.exe
[2013/03/02 00:06:58 | 000,672,912 | ---- | M] (Microsoft Corporation) MD5=58D926F3B2113BF849162C9C26FE21DC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17267_none_19d1c74872c7a039\iexplore.exe
[2010/11/20 08:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2013/12/17 09:22:35 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=8E6225096C44271A88FD201C7188BDFC -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/12/17 09:22:35 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=8E6225096C44271A88FD201C7188BDFC -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16750_none_167d6dbc1e46cfdd\iexplore.exe
[2013/12/17 09:22:36 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=9ED469260687108F5F8FD544D56ABC54 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/12/17 09:22:36 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=9ED469260687108F5F8FD544D56ABC54 -- C:\Windows\erdnt\cache86\iexplore.exe
[2013/12/17 09:22:36 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=9ED469260687108F5F8FD544D56ABC54 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16750_none_20d2180e52a791d8\iexplore.exe
[2012/02/21 20:47:28 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=A3F56CED7B94A30BE8954387F0E2B5D2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16930_none_0f96aec63e54ab7a\iexplore.exe
[2013/03/02 00:50:08 | 000,696,480 | ---- | M] (Microsoft Corporation) MD5=AFB0FE34A9B7F1B7A70276B9C1A78114 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17267_none_0f7d1cf63e66de3e\iexplore.exe
[2013/03/04 00:42:51 | 000,696,464 | ---- | M] (Microsoft Corporation) MD5=B1B17B56E0F9AE84A1F75E757217154E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21484_none_0fee1af15797670c\iexplore.exe
[2012/02/21 20:47:28 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=C152529FD67ABB61F0609EF5A299794C -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21108_none_104895c75752f56b\iexplore.exe
[2012/02/21 20:47:28 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=C53E41F92B19EC97D987F968403BEC49 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21108_none_1a9d40198bb3b766\iexplore.exe
[2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2009/07/13 22:58:58 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
< MD5 for: IEXPLORE.EXE.MUI >
[2013/12/15 07:02:13 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2013/12/15 07:02:13 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2013/12/17 09:22:36 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2013/12/17 09:22:36 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/12/17 09:22:36 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_103c8b6555e6a67e\iexplore.exe.mui
[2013/12/17 09:22:36 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_1a9135b78a476879\iexplore.exe.mui
[2009/07/14 04:35:30 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui
[2009/07/14 04:35:52 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui
< MD5 for: SERVICES >
[2009/07/13 19:40:38 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
< MD5 for: SERVICES.EXE >
[2009/07/13 22:19:46 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 22:19:46 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 22:19:46 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2013/12/14 10:06:10 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Windows\SysWOW64\services.exe
< MD5 for: SERVICES.EXE.MUI >
[2009/07/14 04:35:48 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/14 04:35:48 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
< MD5 for: SERVICES.LNK >
[2009/07/14 03:54:04 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 03:54:04 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOF >
[2009/06/10 19:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 19:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
< MD5 for: SERVICES.MSC >
[2009/07/14 04:35:34 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/07/13 20:34:42 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/14 04:35:54 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/07/13 20:44:22 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/14 04:35:34 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/07/13 20:34:42 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/14 04:35:54 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/07/13 20:44:22 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
< MD5 for: SERVICES.PTXML >
[2009/07/13 19:16:16 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 19:16:16 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
< MD5 for: SERVICES.RDB >
[2011/01/17 21:52:22 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- C:\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb
[2011/01/17 21:51:48 | 005,539,328 | ---- | M] () MD5=F2B666905F7FDAA80C86A101A7DE62F9 -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb
< MD5 for: WINLOGON.ADML >
[2009/07/14 04:35:48 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml
< MD5 for: WINLOGON.ADMX >
[2009/07/13 20:41:32 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 22:52:48 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/02/21 21:17:06 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/12/14 10:06:10 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Windows\SysWOW64\winlogon.exe
[2012/02/21 21:17:06 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WINLOGON.EXE.MUI >
[2010/11/20 08:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2010/11/20 08:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
[2009/07/14 04:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui
< MD5 for: WINLOGON.MFL >
[2009/07/14 04:35:48 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/14 04:35:48 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl
< MD5 for: WINLOGON.MOF >
[2009/07/13 20:41:42 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 20:41:42 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
< %SYSTEMDRIVE%\*.* >
[2013/12/13 19:31:51 | 000,009,635 | -H-- | M] () -- C:\BackupSys.log
[2010/11/20 07:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2013/12/25 09:43:06 | 000,025,671 | ---- | M] () -- C:\ComboFix.txt
[2014/01/30 15:12:18 | 3217,272,832 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/30 15:12:23 | 4289,699,840 | -HS- | M] () -- C:\pagefile.sys
[2012/02/21 21:08:24 | 000,004,956 | RHS- | M] () -- C:\Patch.rev
[2012/02/21 20:43:30 | 3409,490,696 | RHS- | M] () -- C:\pcRestore.sys
[2009/10/28 21:03:16 | 000,000,194 | RHS- | M] () -- C:\Preload.rev
< %systemroot%\Fonts\*.com >
[2009/07/14 04:32:38 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 04:32:38 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 04:32:38 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 04:32:38 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/07/14 01:36:42 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2002/04/05 21:57:26 | 000,237,568 | ---- | M] () -- C:\Windows\Matrix Code Emulator.scr
[2009/07/10 16:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2009/07/14 03:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is Gateway
Volume Serial Number is B6AA-FDA9
Directory of C:\
13/12/2013 07:30 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
13/12/2013 07:30 PM <JUNCTION> Application Data [C:\ProgramData]
13/12/2013 07:30 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
13/12/2013 07:30 PM <JUNCTION> Documents [C:\Users\Public\Documents]
13/12/2013 07:30 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
13/12/2013 07:30 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
13/12/2013 07:30 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
13/12/2013 07:30 PM <SYMLINKD> All Users [C:\ProgramData]
13/12/2013 07:30 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
13/12/2013 07:30 PM <JUNCTION> Application Data [C:\ProgramData]
13/12/2013 07:30 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
13/12/2013 07:30 PM <JUNCTION> Documents [C:\Users\Public\Documents]
13/12/2013 07:30 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
13/12/2013 07:30 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
13/12/2013 07:30 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
13/12/2013 07:30 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
13/12/2013 07:30 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
13/12/2013 07:30 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
13/12/2013 07:30 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
13/12/2013 07:30 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
13/12/2013 07:30 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
13/12/2013 07:30 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
13/12/2013 07:30 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
13/12/2013 07:30 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
13/12/2013 07:30 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
13/12/2013 07:30 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
13/12/2013 07:30 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
13/12/2013 07:30 PM <JUNCTION> My Music [C:\Users\Default\Music]
13/12/2013 07:30 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
13/12/2013 07:30 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Easyhome
13/12/2013 07:30 PM <JUNCTION> Application Data [C:\Users\Easyhome\AppData\Roaming]
13/12/2013 07:30 PM <JUNCTION> Cookies [C:\Users\Easyhome\AppData\Roaming\Microsoft\Windows\Cookies]
13/12/2013 07:30 PM <JUNCTION> Local Settings [C:\Users\Easyhome\AppData\Local]
13/12/2013 07:30 PM <JUNCTION> My Documents [C:\Users\Easyhome\Documents]
13/12/2013 07:30 PM <JUNCTION> NetHood [C:\Users\Easyhome\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
13/12/2013 07:30 PM <JUNCTION> PrintHood [C:\Users\Easyhome\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
13/12/2013 07:30 PM <JUNCTION> Recent [C:\Users\Easyhome\AppData\Roaming\Microsoft\Windows\Recent]
13/12/2013 07:30 PM <JUNCTION> SendTo [C:\Users\Easyhome\AppData\Roaming\Microsoft\Windows\SendTo]
13/12/2013 07:30 PM <JUNCTION> Start Menu [C:\Users\Easyhome\AppData\Roaming\Microsoft\Windows\Start Menu]
13/12/2013 07:30 PM <JUNCTION> Templates [C:\Users\Easyhome\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Easyhome\AppData\Local
13/12/2013 07:30 PM <JUNCTION> Application Data [C:\Users\Easyhome\AppData\Local]
13/12/2013 07:30 PM <JUNCTION> History [C:\Users\Easyhome\AppData\Local\Microsoft\Windows\History]
13/12/2013 07:30 PM <JUNCTION> Temporary Internet Files [C:\Users\Easyhome\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Easyhome\Documents
13/12/2013 07:30 PM <JUNCTION> My Music [C:\Users\Easyhome\Music]
13/12/2013 07:30 PM <JUNCTION> My Pictures [C:\Users\Easyhome\Pictures]
13/12/2013 07:30 PM <JUNCTION> My Videos [C:\Users\Easyhome\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
13/12/2013 07:30 PM <JUNCTION> My Music [C:\Users\Public\Music]
13/12/2013 07:30 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
13/12/2013 07:30 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
49 Dir(s) 183,475,822,592 bytes free
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
[2014/01/06 19:45:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Anvisoft\Cloud System Booster\bak
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/12/15 07:44:01 | 000,000,221 | -HS- | M] () -- C:\Users\Easyhome\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2014/01/31 17:24:50 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Easyhome\Desktop\aswMBR.exe
[2013/12/25 22:21:22 | 015,627,064 | ---- | M] (Anvisoft) -- C:\Users\Easyhome\Desktop\csbsetup.exe
[2013/12/13 17:24:46 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Easyhome\Desktop\HijackThis.exe
[2014/01/31 17:24:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Easyhome\Desktop\OTL.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
========== Base Services ==========
SRV:64bit: - [2009/07/13 22:21:28 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 00:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 23:08:46 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 08:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 08:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV - [2013/12/14 10:06:10 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 23:00:02 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 22:44:38 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 17:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 00:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 23:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 08:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 08:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 07:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2012/02/21 20:49:56 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 23:12:22 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 23:06:24 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 22:51:08 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 23:10:14 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 08:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 22:37:06 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 23:22:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 23:08:12 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 23:12:40 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 22:56:58 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 12:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 22:21:20 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2012/02/21 20:49:08 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 01:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
SRV - [2013/12/14 10:06:10 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 23:10:10 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 08:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 08:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 08:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV - [2013/12/14 10:06:10 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 22:48:32 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 08:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 08:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 07:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 08:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 08:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 07:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 22:54:46 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 00:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 08:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 08:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 08:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 08:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 08:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 08:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 08:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 08:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 07:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 22:47:26 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 17:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 08:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 23:07:34 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 08:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
========== Drive Information ==========
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST9500325AS
Partitions: 2
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 239.00GB
Starting Offset: 1048576
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 227.00GB
Starting Offset: 256764805120
Hidden sectors: 0
< End of report >
#6
leafaninottawa
-
- Authentic Member
-
- 18 posts
New Member
Posted 31 January 2014 - 05:32 PM
OTL Extras logfile created on: 31/01/2014 6:07:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Easyhome\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
4.00 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 43.72% Memory free
7.99 Gb Paging File | 5.47 Gb Available in Paging File | 68.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 239.13 Gb Total Space | 170.91 Gb Free Space | 71.47% Space Free | Partition Type: NTFS
Drive E: | 226.63 Gb Total Space | 31.28 Gb Free Space | 13.80% Space Free | Partition Type: NTFS
Computer Name: STEVE-PC | User Name: Easyhome | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D737381-E983-4FD9-B2B1-9C334E8A9C42}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1793A384-50CE-480D-B122-2AEFB494900C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{517AFB6F-54CE-4D70-9464-4767823B8471}" = rport=139 | protocol=6 | dir=out | app=system |
"{626E78CD-B26F-435A-853B-306C97F8D7D2}" = rport=138 | protocol=17 | dir=out | app=system |
"{62A7CF4B-6C38-4513-93FC-78CD8866CCED}" = rport=445 | protocol=6 | dir=out | app=system |
"{6360CF6A-480E-4BF1-9452-26752D44AE98}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{66515A91-97BF-43EE-8F93-A61CA156599D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8865EEBC-A7EA-43DB-8042-3DB8C8E739AE}" = rport=137 | protocol=17 | dir=out | app=system |
"{8CE1BE07-A830-4695-A141-DCFAA431F02D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8E7B2B03-E928-4BFD-A215-D8B6D5EA731C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8F67AEE5-240F-4B8C-9278-FA30C6B43563}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9C05F147-CD03-4C33-AA64-F83D40621753}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A28866BB-7D94-4FAE-A5C2-1065364A5CDC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A34F0611-44FF-4FEC-BCC7-F83AB19818FA}" = lport=138 | protocol=17 | dir=in | app=system |
"{B7A89DFC-1B74-482A-AD84-8114F7FD8E90}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C9D85275-8CD6-4018-8589-4E7D3F11C67C}" = lport=137 | protocol=17 | dir=in | app=system |
"{D3D264B6-A416-4DD3-AA80-E5878EBCB16F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D8D68DEA-3C05-4CC4-B3C8-D4F1171C49BA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D95DABF4-CB3F-45B8-B360-A004CDFAF282}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC337E71-144F-4113-80C5-4FF920D23FF9}" = lport=445 | protocol=6 | dir=in | app=system |
"{F790862A-A3B1-41C8-A8CA-CE6B3A3C1767}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FD7D7280-CD10-4E4B-AE0A-A08AC9460FEF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FE30C1BF-DA03-4C12-A73E-C2B06BF722E0}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14B17065-58E3-4EB9-A343-7177A2995B93}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1FC05D4B-8AB3-4DC4-ADA4-C6B3364B2892}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3C7BDBAE-9368-4EFD-8B54-AFAF77DEBC77}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3CD9FB26-C2BE-49E6-85C4-E8CAFD9F43D1}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4C18DA1C-326E-4EC6-8846-5350641C9C80}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{649E3564-AE79-4E12-B262-87B3E6F23FFE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6B126AC7-F49C-423E-B8CA-54722F7FF885}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6DD2100B-59CF-4B2A-BC64-3D07468F1F1C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{74DA300C-7947-446D-9936-1A056FD2439B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7684A38D-4C1B-4FD2-B127-A6D9C0E8E445}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7A03E78A-A814-4B64-951E-744E1940B6F1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7D893536-83DB-49D6-ACCB-7592889163A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8290E1C7-6EAC-48E3-87E0-0F157E52CAB2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8DEF16F1-3EA1-4AED-80E2-074244AEE359}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{9132FFF8-5EE7-4A56-8ADF-503DF2111A1E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{96410458-3BA3-4304-A24B-CFD2A2F569DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A109CDC1-DA76-4A48-8C53-34D408D34910}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A271F11E-8D3B-4C57-8B6F-500CA3C3A2CF}" = protocol=6 | dir=out | app=system |
"{B0C4BE9A-4D51-4B6B-8086-A18C125CC95B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B498B8C0-0DB5-46BA-A5DF-42B9B339A44A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{BB1D95F9-3CF4-4774-812A-B51B96A966C7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{BC8CBCDA-8C18-4A40-BDA9-2F7DF807849D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C17CB9A3-7761-4849-A6C4-6D933AE98E71}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C17D54C2-824A-40F8-9EC7-87AA50B3D46E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C5C13C86-89DB-457A-A27B-C101F15962EB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C93A68F4-8732-49B4-BD3B-405A14AC423B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D19D5E06-BFC5-4E37-8DE9-63F13A192C27}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D2DF206E-151F-4B70-B2B3-9B85CE3237D6}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{D5EDE048-D6DF-4722-A3E2-D99FC89CD6C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8AEFA35-2FD2-4EEF-B9F4-02D797FDD25F}" = dir=in | app=c:\users\easyhome\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{E9B2D02F-5C93-4706-8377-B94E0E9F504D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FCB7FA65-337C-48E6-AB24-E01FD2D9CE58}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7C552757-172E-4C18-AA3E-3DFAC5A15DAA}" = O2Micro Flash Memory Card Reader Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12A1B519-5934-4508-ADBD-335347B0DC87}" = Video Web Camera
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55938E68-F7B3-42B1-9317-60D44067869C}" = ZoneAlarm Antivirus
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{954146E0-49FF-4039-AF58-2257506C7D45}" = ZoneAlarm Firewall
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B769E2BD-8A06-4B03-9496-5B991025A2C6}" = ZoneAlarm Security
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Anvi Smart Defender" = Anvi Smart Defender 1.9.3
"Cloud System Booster" = Cloud System Booster
"DAEMON Tools Lite" = DAEMON Tools Lite
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Welcome Center" = Welcome Center
"Google Chrome" = Google Chrome
"Heroes of Might and Magic V - Collectors Edition3.1" = Heroes of Might and Magic V - Collectors Edition
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 10.1.5
"Marvell Miniport Driver" = Marvell Miniport Driver
"Matrix Code Emulator_is1" = Matrix Code Emulator 1.50
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30/01/2014 6:14:23 PM | Computer Name = Steve-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
Error - 30/01/2014 6:16:55 PM | Computer Name = Steve-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.
Error - 30/01/2014 6:18:04 PM | Computer Name = Steve-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 30/01/2014 6:18:04 PM | Computer Name = Steve-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 30/01/2014 6:18:04 PM | Computer Name = Steve-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 30/01/2014 6:18:04 PM | Computer Name = Steve-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 31/01/2014 2:56:38 AM | Computer Name = Steve-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
Error - 31/01/2014 2:57:17 AM | Computer Name = Steve-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.
Error - 31/01/2014 2:57:32 AM | Computer Name = Steve-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 31/01/2014 2:57:32 AM | Computer Name = Steve-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 31/01/2014 2:57:32 AM | Computer Name = Steve-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 31/01/2014 2:57:32 AM | Computer Name = Steve-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
[ System Events ]
Error - 22/01/2014 12:18:11 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 22/01/2014 3:11:23 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 25/01/2014 2:55:14 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 25/01/2014 2:55:53 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 25/01/2014 2:56:03 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 25/01/2014 4:38:45 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 28/01/2014 1:29:16 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 28/01/2014 3:33:25 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 30/01/2014 4:13:01 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 30/01/2014 4:13:14 PM | Computer Name = Steve-PC | Source = WMPNetworkSvc | ID = 866300
Description =
< End of report >
#7
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 31 January 2014 - 08:35 PM
Hi leafaninottawa,
In future replies please copy and paste all logs requested into one reply. I appreciate your cooperation.
=========================
I could not access the site to download security check, is there another link I could get it from?
http://www.bleepingc.../securitycheck/
=========================
You logs look pretty good. Can you tell me what symptoms you are having that lead you to believe your infected.
Also, you logs show you have run ComboFix in the past. Was that in relation to this issue?
Locate the log if it is still present and post in your next reply.
C:\ComboFix.txt
In your next post please provide the following:
- checkup.txt
- Answers to my questions.
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#8
leafaninottawa
-
- Authentic Member
-
- 18 posts
New Member
Posted 02 February 2014 - 09:28 AM
my symptoms are high CPU most of the time, and the fan runs sometimes for long periods of time at a higher than normal rpm.... as well I have come across a few processes in the Task manager more specifically, idle-threads.exe, latch-Threads.exe, and a while ago, I had mutex-Threads.exe, and semaphore-Threads.exe
here is the checkup log.
Results of screen317's Security Check version 0.99.79
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ZoneAlarm Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 22
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 32.0.1700.102
Google Chrome 32.0.1700.76
````````Process Check: objlist.exe by Laurent````````
Anvisoft Anvi Smart Defender ASDSrv.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm ZAPrivacyService.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
And the combofix log, I couldnt find an older one, so I just ran the scan again
ComboFix 13-12-24.02 - Easyhome 02/02/2014 0:05.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4091.1805 [GMT -5:00]
Running from: c:\users\Easyhome\Downloads\ComboFix.exe
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft Corporation\Microsoft® Windows® Operating System
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.Net Semaphore
.
.
((((((((((((((((((((((((( Files Created from 2014-01-02 to 2014-02-02 )))))))))))))))))))))))))))))))
.
.
2014-02-02 05:20 . 2014-02-02 05:20 8007680 ------r- c:\windows\system32\Microsoft.mshtml.dll
2014-02-02 05:15 . 2014-02-02 05:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-02-02 05:15 . 2014-02-02 05:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-02 05:10 . 2014-02-02 05:16 -------- d-----w- c:\programdata\Microsoft Corporation
2014-01-16 12:54 . 2014-01-16 12:54 -------- d-----w- c:\users\Easyhome\AppData\Local\ElevatedDiagnostics
2014-01-16 10:40 . 2014-01-16 10:40 -------- d-----w- c:\users\Easyhome\AppData\Local\Diagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-23 20:15 . 2013-12-23 20:15 640957 ----a-w- c:\windows\unins000.exe
2013-12-22 04:05 . 2013-12-22 04:05 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-12-17 23:36 . 2013-12-17 23:36 597104 ---h--r- c:\windows\system32\ProgramlicenseRequired.exe
2013-12-17 17:14 . 2012-02-22 03:35 126976 ------w- c:\windows\system32\Interop.SHDocVw.dll
2013-12-17 17:13 . 2012-02-22 03:35 18928 ------r- c:\windows\system32\drivers\scssifilter64.sys
2013-12-17 14:22 . 2013-12-17 14:22 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-17 14:22 . 2013-12-17 14:22 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-17 14:22 . 2013-12-17 14:22 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-17 14:22 . 2013-12-17 14:22 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-17 14:22 . 2013-12-17 14:22 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-17 14:22 . 2013-12-17 14:22 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-17 14:22 . 2013-12-17 14:22 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-17 14:22 . 2013-12-17 14:22 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-17 14:22 . 2013-12-17 14:22 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-12-17 14:22 . 2013-12-17 14:22 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-12-17 14:22 . 2013-12-17 14:22 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-12-17 14:22 . 2013-12-17 14:22 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-17 14:22 . 2013-12-17 14:22 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-12-17 14:22 . 2013-12-17 14:22 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-17 14:22 . 2013-12-17 14:22 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-12-17 14:22 . 2013-12-17 14:22 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-17 14:22 . 2013-12-17 14:22 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-17 14:22 . 2013-12-17 14:22 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-12-17 14:22 . 2013-12-17 14:22 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-17 14:22 . 2013-12-17 14:22 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-17 14:22 . 2013-12-17 14:22 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-17 14:22 . 2013-12-17 14:22 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-17 14:22 . 2013-12-17 14:22 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-17 14:22 . 2013-12-17 14:22 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-17 14:22 . 2013-12-17 14:22 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-17 14:22 . 2013-12-17 14:22 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-17 14:22 . 2013-12-17 14:22 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-17 14:22 . 2013-12-17 14:22 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-17 14:22 . 2013-12-17 14:22 855552 ----a-w- c:\windows\system32\jscript.dll
2013-12-17 14:22 . 2013-12-17 14:22 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-17 14:22 . 2013-12-17 14:22 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-17 14:22 . 2013-12-17 14:22 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-12-17 14:22 . 2013-12-17 14:22 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-12-17 14:22 . 2013-12-17 14:22 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-17 14:22 . 2013-12-17 14:22 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-17 14:22 . 2013-12-17 14:22 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-12-17 14:22 . 2013-12-17 14:22 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-12-17 14:22 . 2013-12-17 14:22 526336 ----a-w- c:\windows\system32\ieui.dll
2013-12-17 14:22 . 2013-12-17 14:22 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-17 14:22 . 2013-12-17 14:22 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-12-17 14:22 . 2013-12-17 14:22 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-12-17 14:22 . 2013-12-17 14:22 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-17 14:22 . 2013-12-17 14:22 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-17 14:22 . 2013-12-17 14:22 441856 ----a-w- c:\windows\system32\html.iec
2013-12-17 14:22 . 2013-12-17 14:22 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-12-17 14:22 . 2013-12-17 14:22 3959808 ----a-w- c:\windows\system32\jscript9.dll
2013-12-17 14:22 . 2013-12-17 14:22 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-17 14:22 . 2013-12-17 14:22 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-17 14:22 . 2013-12-17 14:22 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-17 14:22 . 2013-12-17 14:22 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-12-17 14:22 . 2013-12-17 14:22 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-12-17 14:22 . 2013-12-17 14:22 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-12-17 14:22 . 2013-12-17 14:22 235008 ----a-w- c:\windows\system32\url.dll
2013-12-17 14:22 . 2013-12-17 14:22 2241536 ----a-w- c:\windows\system32\wininet.dll
2013-12-17 14:22 . 2013-12-17 14:22 216064 ----a-w- c:\windows\system32\msls31.dll
2013-12-17 14:22 . 2013-12-17 14:22 197120 ----a-w- c:\windows\system32\msrating.dll
2013-12-17 14:22 . 2013-12-17 14:22 19271168 ----a-w- c:\windows\system32\mshtml.dll
2013-12-17 14:22 . 2013-12-17 14:22 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-12-17 14:22 . 2013-12-17 14:22 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-17 14:22 . 2013-12-17 14:22 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-12-17 14:22 . 2013-12-17 14:22 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-12-17 14:22 . 2013-12-17 14:22 149504 ----a-w- c:\windows\system32\occache.dll
2013-12-17 14:22 . 2013-12-17 14:22 144896 ----a-w- c:\windows\system32\wextract.exe
2013-12-17 14:22 . 2013-12-17 14:22 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-17 14:22 . 2013-12-17 14:22 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-17 14:22 . 2013-12-17 14:22 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-17 14:22 . 2013-12-17 14:22 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-12-17 14:22 . 2013-12-17 14:22 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-12-17 14:22 . 2013-12-17 14:22 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-17 14:22 . 2013-12-17 14:22 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-17 14:22 . 2013-12-17 14:22 102912 ----a-w- c:\windows\system32\inseng.dll
2013-12-17 14:20 . 2013-12-17 14:20 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-12-17 14:20 . 2013-12-17 14:20 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-12-17 14:20 . 2013-12-17 14:20 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-12-17 14:20 . 2013-12-17 14:20 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-17 14:20 . 2013-12-17 14:20 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-17 14:20 . 2013-12-17 14:20 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-12-17 14:20 . 2013-12-17 14:20 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-12-17 14:20 . 2013-12-17 14:20 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-12-17 14:20 . 2013-12-17 14:20 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-12-17 14:20 . 2013-12-17 14:20 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-12-17 14:20 . 2013-12-17 14:20 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2012-02-22 03:59 405504 --sha-r- c:\windows\System32\vshadow.exe
2012-02-22 03:59 364032 --sha-r- c:\windows\System32\vshadowamd64.exe
2012-02-22 03:59 352256 --sha-r- c:\windows\System32\vshadowXP.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"CloudSystemBooster"="c:\program files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe" [2013-12-24 527544]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2012-02-22 600688]
"CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-10-26 73832]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"Anvi Smart Defender"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2013-10-21 1636536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 .Net Crypt;Microsoft.NET Framework SecurityCrypt x2.0c;c:\windows\system32\mutex-Threads.exe;c:\windows\SYSNATIVE\mutex-Threads.exe [x]
R2 .Net Security;Microsoft.NET Framework KernelSecurity x2.0c;c:\windows\system32\latch-Threads.exe;c:\windows\SYSNATIVE\latch-Threads.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 scssifilter;scssifilter;c:\windows\system32\Drivers\scssifilter64.sys;c:\windows\SYSNATIVE\Drivers\scssifilter64.sys [x]
S0 usbmp3;usbmp3;c:\windows\system32\Drivers\usbmp364.sys;c:\windows\SYSNATIVE\Drivers\usbmp364.sys [x]
S0 usbvox;usbvox;c:\windows\system32\Drivers\usbvox64.sys;c:\windows\SYSNATIVE\Drivers\usbvox64.sys [x]
S0 usbwav;usbwav;c:\windows\system32\Drivers\usbwav64.sys;c:\windows\SYSNATIVE\Drivers\usbwav64.sys [x]
S1 asdrm;asdrm;c:\windows\system32\DRIVERS\asdrm.sys;c:\windows\SYSNATIVE\DRIVERS\asdrm.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 .Net Main;Microsoft.NET Framework Kernel x2.0c;c:\windows\system32\idle-Threads.exe;c:\windows\SYSNATIVE\idle-Threads.exe [x]
S2 AnviCsbSvc;Anvi Cloud System Booster Speed Service;c:\program files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe;c:\program files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe [x]
S2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys;c:\windows\SYSNATIVE\DRIVERS\asdrs.sys [x]
S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [x]
S2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\DRIVERS\asdws.sys;c:\windows\SYSNATIVE\DRIVERS\asdws.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2mdx64.sys [x]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdx64.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-29 13:38 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2559462982-4009010215-310766029-1000Core.job
- c:\users\Easyhome\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-16 01:06]
.
2014-02-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2559462982-4009010215-310766029-1000UA.job
- c:\users\Easyhome\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-16 01:06]
.
2014-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-13 21:59]
.
2014-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-13 21:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-29 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2012-02-22 206208]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2012-02-22 823840]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.entru.com/?s=21983
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.entru.com/?s=21983
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Facebook Update - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}"=hex:51,66,7a,6c,4c,1d,38,12,50,ad,9c,
47,dd,f3,bd,01,d4,9d,4f,3c,86,0e,9b,4d
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}"=hex:51,66,7a,6c,4c,1d,38,12,14,1c,97,
2e,26,ee,cb,08,c9,cf,c8,d1,38,a5,3e,98
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b5,f4,bc,f4,a5,12,cf,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,39,38,90,d3,91,e4,41,86,8c,2a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,39,38,90,d3,91,e4,41,86,8c,2a,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2014-02-02 00:27:34 - machine was rebooted
ComboFix-quarantined-files.txt 2014-02-02 05:27
ComboFix2.txt 2013-12-25 14:43
ComboFix3.txt 2013-12-13 22:45
.
Pre-Run: 183,102,918,656 bytes free
Post-Run: 183,025,299,456 bytes free
.
- - End Of File - - C542112C62BF4ABFB1105FBE96296CA7
A36C5E4F47E84449FF07ED3517B43A31
#9
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 02 February 2014 - 11:19 PM
Hi leafaninottawa,
I was just asking for you to locate the log, I didn't mean for you to run a new scan with Combofix. Please don't run any tools unless requested to do so.
=========================
I can't find clear evidence that these files are malware related. They appear to be part of Microsoft .Net Framework.
c:\windows\system32\mutex-Threads.exe
c:\windows\system32\latch-Threads.exe
c:\windows\system32\idle-Threads.exe
========================= TDSSKiller
Please download TDSSKiller.zip - Extract it to your desktop
- TDSSKiller.exe
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
- Press Start Scan
- Only if Malicious objects are found then ensure Cure is selected
- Then click Continue > Reboot now
- Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)
=========================
In your next post please provide the following:
- TDSSKiller log
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#10
leafaninottawa
-
- Authentic Member
-
- 18 posts
New Member
Posted 03 February 2014 - 09:27 AM
here is the TDSSKiller log
10:23:36.0961 0x0e28 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
10:23:41.0485 0x0e28 ============================================================
10:23:41.0485 0x0e28 Current date / time: 2014/02/03 10:23:41.0485
10:23:41.0485 0x0e28 SystemInfo:
10:23:41.0485 0x0e28
10:23:41.0485 0x0e28 OS Version: 6.1.7601 ServicePack: 1.0
10:23:41.0485 0x0e28 Product type: Workstation
10:23:41.0485 0x0e28 ComputerName: STEVE-PC
10:23:41.0485 0x0e28 UserName: Easyhome
10:23:41.0485 0x0e28 Windows directory: C:\Windows
10:23:41.0485 0x0e28 System windows directory: C:\Windows
10:23:41.0485 0x0e28 Running under WOW64
10:23:41.0485 0x0e28 Processor architecture: Intel x64
10:23:41.0485 0x0e28 Number of processors: 2
10:23:41.0485 0x0e28 Page size: 0x1000
10:23:41.0485 0x0e28 Boot type: Normal boot
10:23:41.0485 0x0e28 ============================================================
10:23:42.0390 0x0e28 KLMD registered as C:\Windows\system32\drivers\74962734.sys
10:23:42.0670 0x0e28 System UUID: {C8A5CD92-24B6-5CDF-CA85-672695F060E2}
10:23:43.0607 0x0e28 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:23:43.0607 0x0e28 Drive \Device\Harddisk1\DR1 - Size: 0x1E2400000 (7.54 Gb), SectorSize: 0x200, Cylinders: 0x3D7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:23:43.0639 0x0e28 ============================================================
10:23:43.0639 0x0e28 \Device\Harddisk0\DR0:
10:23:43.0639 0x0e28 MBR partitions:
10:23:43.0639 0x0e28 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1DE42800
10:23:43.0639 0x0e28 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1DE43000, BlocksNum 0x1C542000
10:23:43.0639 0x0e28 \Device\Harddisk1\DR1:
10:23:43.0639 0x0e28 MBR partitions:
10:23:43.0639 0x0e28 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x40, BlocksNum 0xF10BC2
10:23:43.0639 0x0e28 ============================================================
10:23:43.0685 0x0e28 C: <-> \Device\Harddisk0\DR0\Partition1
10:23:43.0763 0x0e28 E: <-> \Device\Harddisk0\DR0\Partition2
10:23:43.0763 0x0e28 ============================================================
10:23:43.0763 0x0e28 Initialize success
10:23:43.0763 0x0e28 ============================================================
10:23:46.0603 0x1194 ============================================================
10:23:46.0603 0x1194 Scan started
10:23:46.0603 0x1194 Mode: Manual;
10:23:46.0603 0x1194 ============================================================
10:23:46.0603 0x1194 KSN ping started
10:23:49.0582 0x1194 KSN ping finished: true
10:23:53.0061 0x1194 ================ Scan system memory ========================
10:23:53.0061 0x1194 System memory - ok
10:23:53.0061 0x1194 ================ Scan services =============================
10:23:53.0623 0x1194 [ 7F88561ACFD4C57FC2B67BC637AFAF50, 0B8E7159F6C966A06079BAEF1D34C54BA3DABBBAB2D8224D570FE0AEE59674C3 ] .Net Crypt C:\Windows\system32\mutex-Threads.exe
10:23:53.0685 0x1194 Suspicious file ( NoAccess ): C:\Windows\system32\mutex-Threads.exe. md5: 7F88561ACFD4C57FC2B67BC637AFAF50, sha256: 0B8E7159F6C966A06079BAEF1D34C54BA3DABBBAB2D8224D570FE0AEE59674C3
10:23:53.0716 0x1194 .Net Crypt - detected LockedFile.Multi.Generic ( 1 )
10:23:56.0821 0x1194 Detect skipped due to KSN trusted
10:23:56.0821 0x1194 .Net Crypt - ok
10:23:57.0289 0x1194 [ 22049A7E612D84B0DDAD53ECC80E983E, C5B5C17D8A516968C9F6BBC886CF1D421BA6A6241D68E1F2C5F22A4EB3011E4C ] .Net Main C:\Windows\system32\idle-Threads.exe
10:23:57.0289 0x1194 Suspicious file ( NoAccess ): C:\Windows\system32\idle-Threads.exe. md5: 22049A7E612D84B0DDAD53ECC80E983E, sha256: C5B5C17D8A516968C9F6BBC886CF1D421BA6A6241D68E1F2C5F22A4EB3011E4C
10:23:57.0304 0x1194 .Net Main - detected LockedFile.Multi.Generic ( 1 )
10:24:00.0471 0x1194 Detect skipped due to KSN trusted
10:24:00.0471 0x1194 .Net Main - ok
10:24:00.0923 0x1194 [ C0882FA78ADFB7CFF958797316532CEB, AC59657FC758A3F1BD454FC52F77EA0A590D2F0B147254531D9653EDC72AAD59 ] .Net Security C:\Windows\system32\latch-Threads.exe
10:24:00.0923 0x1194 Suspicious file ( NoAccess ): C:\Windows\system32\latch-Threads.exe. md5: C0882FA78ADFB7CFF958797316532CEB, sha256: AC59657FC758A3F1BD454FC52F77EA0A590D2F0B147254531D9653EDC72AAD59
10:24:00.0939 0x1194 .Net Security - detected LockedFile.Multi.Generic ( 1 )
10:24:04.0121 0x1194 Detect skipped due to KSN trusted
10:24:04.0137 0x1194 .Net Security - ok
10:24:04.0277 0x1194 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:24:04.0324 0x1194 1394ohci - ok
10:24:04.0387 0x1194 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:24:04.0418 0x1194 ACPI - ok
10:24:04.0449 0x1194 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:24:04.0449 0x1194 AcpiPmi - ok
10:24:04.0527 0x1194 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:24:04.0574 0x1194 adp94xx - ok
10:24:04.0589 0x1194 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:24:04.0605 0x1194 adpahci - ok
10:24:04.0652 0x1194 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:24:04.0699 0x1194 adpu320 - ok
10:24:04.0745 0x1194 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:24:04.0745 0x1194 AeLookupSvc - ok
10:24:04.0839 0x1194 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys
10:24:04.0901 0x1194 AFD - ok
10:24:04.0948 0x1194 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
10:24:04.0948 0x1194 agp440 - ok
10:24:04.0995 0x1194 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
10:24:05.0011 0x1194 ALG - ok
10:24:05.0057 0x1194 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
10:24:05.0073 0x1194 aliide - ok
10:24:05.0104 0x1194 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
10:24:05.0120 0x1194 amdide - ok
10:24:05.0151 0x1194 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:24:05.0167 0x1194 AmdK8 - ok
10:24:05.0182 0x1194 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:24:05.0198 0x1194 AmdPPM - ok
10:24:05.0229 0x1194 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:24:05.0245 0x1194 amdsata - ok
10:24:05.0307 0x1194 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:24:05.0354 0x1194 amdsbs - ok
10:24:05.0401 0x1194 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:24:05.0416 0x1194 amdxata - ok
10:24:05.0510 0x1194 [ E6E693E595996E1D92773C0DC52A54BF, 29757FB82B4C1D74769C16AA59C6CC0C63C4BD41118FE416145F7941AC804FFD ] AnviCsbSvc C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe
10:24:05.0603 0x1194 AnviCsbSvc - ok
10:24:05.0650 0x1194 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
10:24:05.0681 0x1194 AppID - ok
10:24:05.0728 0x1194 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:24:05.0759 0x1194 AppIDSvc - ok
10:24:05.0775 0x1194 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
10:24:05.0791 0x1194 Appinfo - ok
10:24:05.0900 0x1194 [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:24:05.0993 0x1194 Apple Mobile Device - ok
10:24:06.0025 0x1194 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
10:24:06.0040 0x1194 arc - ok
10:24:06.0103 0x1194 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:24:06.0118 0x1194 arcsas - ok
10:24:06.0181 0x1194 [ 44837F1CB5BD166A7BD8869F9E86E907, 59AB25E5A48DAD4110E1823FC60FEA40792F6BFB5800096D7FB62DE0A8A4F0F4 ] asdrm C:\Windows\system32\DRIVERS\asdrm.sys
10:24:06.0212 0x1194 asdrm - ok
10:24:06.0243 0x1194 [ 88390FE440DCC3F10556AE41F4EDFCA1, 7F433FA283DBFD16A11721951DEAEB921516680217A41CA0806641DDED1D3656 ] asdrs C:\Windows\system32\DRIVERS\asdrs.sys
10:24:06.0259 0x1194 asdrs - ok
10:24:06.0352 0x1194 [ 87DC760739935C73915D0CD7EC3C237C, ADF8266AFEF465FB338E9AD7C0E813CE4DC28673385B366EF8584896C9046A34 ] asdsrv C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
10:24:06.0524 0x1194 asdsrv - ok
10:24:06.0555 0x1194 [ 2D6D1BCBE6B7D0688681CE71C4A4C828, 86959EC12A328D78CB87FF7573CD0CEEA21AF22E924334643ABB1EEE3F828DEF ] asdws C:\Windows\system32\DRIVERS\asdws.sys
10:24:06.0571 0x1194 asdws - ok
10:24:06.0586 0x1194 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:24:06.0602 0x1194 AsyncMac - ok
10:24:06.0664 0x1194 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
10:24:06.0680 0x1194 atapi - ok
10:24:06.0773 0x1194 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:24:06.0820 0x1194 AudioEndpointBuilder - ok
10:24:06.0836 0x1194 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:24:06.0851 0x1194 AudioSrv - ok
10:24:06.0945 0x1194 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:24:06.0961 0x1194 AxInstSV - ok
10:24:07.0023 0x1194 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:24:07.0070 0x1194 b06bdrv - ok
10:24:07.0101 0x1194 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:24:07.0132 0x1194 b57nd60a - ok
10:24:07.0226 0x1194 [ 9E84A931DBEE0292E38ED672F6293A99, 2945EAF0AC091709E0C5508B45EC343EDE507AC2B08A2D7D64F286D38424CBC4 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
10:24:07.0366 0x1194 BCM43XX - ok
10:24:07.0397 0x1194 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
10:24:07.0397 0x1194 BDESVC - ok
10:24:07.0429 0x1194 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
10:24:07.0444 0x1194 Beep - ok
10:24:07.0507 0x1194 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
10:24:07.0553 0x1194 BFE - ok
10:24:07.0631 0x1194 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
10:24:07.0694 0x1194 BITS - ok
10:24:07.0709 0x1194 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:24:07.0725 0x1194 blbdrive - ok
10:24:07.0834 0x1194 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:24:07.0881 0x1194 Bonjour Service - ok
10:24:07.0928 0x1194 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:24:07.0943 0x1194 bowser - ok
10:24:07.0975 0x1194 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:24:07.0990 0x1194 BrFiltLo - ok
10:24:08.0006 0x1194 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:24:08.0021 0x1194 BrFiltUp - ok
10:24:08.0068 0x1194 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:24:08.0099 0x1194 BridgeMP - ok
10:24:08.0146 0x1194 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
10:24:08.0177 0x1194 Browser - ok
10:24:08.0209 0x1194 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:24:08.0240 0x1194 Brserid - ok
10:24:08.0271 0x1194 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:24:08.0271 0x1194 BrSerWdm - ok
10:24:08.0302 0x1194 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:24:08.0302 0x1194 BrUsbMdm - ok
10:24:08.0333 0x1194 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:24:08.0333 0x1194 BrUsbSer - ok
10:24:08.0349 0x1194 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:24:08.0365 0x1194 BTHMODEM - ok
10:24:08.0443 0x1194 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
10:24:08.0458 0x1194 bthserv - ok
10:24:08.0458 0x1194 catchme - ok
10:24:08.0505 0x1194 [ D1787E11C6A0078DDEAF8CF3EE2AB293, 15362A48EFF3DDD6C6D9B333CB7F5FE835B60A256B29467AD749DCFAC6C761D3 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
10:24:08.0536 0x1194 CAXHWAZL - ok
10:24:08.0567 0x1194 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:24:08.0567 0x1194 cdfs - ok
10:24:08.0614 0x1194 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:24:08.0630 0x1194 cdrom - ok
10:24:08.0677 0x1194 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
10:24:08.0708 0x1194 CertPropSvc - ok
10:24:08.0770 0x1194 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:24:08.0770 0x1194 circlass - ok
10:24:08.0833 0x1194 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
10:24:08.0864 0x1194 CLFS - ok
10:24:08.0942 0x1194 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:24:08.0989 0x1194 clr_optimization_v2.0.50727_32 - ok
10:24:09.0051 0x1194 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:24:09.0082 0x1194 clr_optimization_v2.0.50727_64 - ok
10:24:09.0176 0x1194 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:24:09.0207 0x1194 clr_optimization_v4.0.30319_32 - ok
10:24:09.0254 0x1194 [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:24:09.0269 0x1194 clr_optimization_v4.0.30319_64 - ok
10:24:09.0301 0x1194 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:24:09.0316 0x1194 CmBatt - ok
10:24:09.0347 0x1194 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:24:09.0363 0x1194 cmdide - ok
10:24:09.0410 0x1194 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
10:24:09.0441 0x1194 CNG - ok
10:24:09.0550 0x1194 [ 0D23C3312838EEA1ED55D5F135BCA613, 2A73A2B45A6A1B72F4957EA041C1137AA8C05CF6D3B4B44D6FA4EAD07C2888C8 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
10:24:09.0597 0x1194 CnxtHdAudService - ok
10:24:09.0628 0x1194 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:24:09.0644 0x1194 Compbatt - ok
10:24:09.0691 0x1194 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:24:09.0706 0x1194 CompositeBus - ok
10:24:09.0722 0x1194 COMSysApp - ok
10:24:09.0753 0x1194 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:24:09.0769 0x1194 crcdisk - ok
10:24:09.0847 0x1194 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:24:09.0878 0x1194 CryptSvc - ok
10:24:09.0956 0x1194 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:24:09.0987 0x1194 DcomLaunch - ok
10:24:10.0018 0x1194 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
10:24:10.0049 0x1194 defragsvc - ok
10:24:10.0096 0x1194 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:24:10.0127 0x1194 DfsC - ok
10:24:10.0174 0x1194 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
10:24:10.0205 0x1194 Dhcp - ok
10:24:10.0237 0x1194 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
10:24:10.0252 0x1194 discache - ok
10:24:10.0283 0x1194 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:24:10.0299 0x1194 Disk - ok
10:24:10.0346 0x1194 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:24:10.0377 0x1194 Dnscache - ok
10:24:10.0424 0x1194 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
10:24:10.0439 0x1194 dot3svc - ok
10:24:10.0486 0x1194 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
10:24:10.0486 0x1194 DPS - ok
10:24:10.0549 0x1194 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:24:10.0564 0x1194 drmkaud - ok
10:24:10.0627 0x1194 [ 6A0E850DDCB136AA3D2FB7234382DF12, C01863E95F45E1B74AC65C9CD12C8DC769299218255B3C94E3EBF58C4D79FEF3 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:24:10.0673 0x1194 dtsoftbus01 - ok
10:24:10.0720 0x1194 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:24:10.0783 0x1194 DXGKrnl - ok
10:24:10.0829 0x1194 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
10:24:10.0861 0x1194 EapHost - ok
10:24:11.0032 0x1194 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:24:11.0204 0x1194 ebdrv - ok
10:24:11.0235 0x1194 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\Windows\System32\lsass.exe
10:24:11.0251 0x1194 EFS - ok
10:24:11.0344 0x1194 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:24:11.0438 0x1194 ehRecvr - ok
10:24:11.0469 0x1194 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
10:24:11.0485 0x1194 ehSched - ok
10:24:11.0531 0x1194 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:24:11.0563 0x1194 elxstor - ok
10:24:11.0672 0x1194 [ FB67AA8AC61B9365ADD546139A21BED6, DDE2053071ED1F7E634FF1A74DB0ACC7D0D19B0AD0CF37DE989FA91B93C76452 ] ePowerSvc C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
10:24:11.0719 0x1194 ePowerSvc - ok
10:24:11.0765 0x1194 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:24:11.0765 0x1194 ErrDev - ok
10:24:11.0843 0x1194 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
10:24:11.0937 0x1194 EventSystem - ok
10:24:11.0953 0x1194 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
10:24:11.0968 0x1194 exfat - ok
10:24:11.0999 0x1194 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:24:12.0015 0x1194 fastfat - ok
10:24:12.0093 0x1194 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
10:24:12.0140 0x1194 Fax - ok
10:24:12.0171 0x1194 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:24:12.0187 0x1194 fdc - ok
10:24:12.0218 0x1194 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
10:24:12.0233 0x1194 fdPHost - ok
10:24:12.0265 0x1194 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
10:24:12.0280 0x1194 FDResPub - ok
10:24:12.0311 0x1194 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:24:12.0311 0x1194 FileInfo - ok
10:24:12.0343 0x1194 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:24:12.0343 0x1194 Filetrace - ok
10:24:12.0358 0x1194 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:24:12.0374 0x1194 flpydisk - ok
10:24:12.0436 0x1194 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:24:12.0467 0x1194 FltMgr - ok
10:24:12.0577 0x1194 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
10:24:12.0655 0x1194 FontCache - ok
10:24:12.0701 0x1194 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:24:12.0733 0x1194 FontCache3.0.0.0 - ok
10:24:12.0764 0x1194 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:24:12.0779 0x1194 FsDepends - ok
10:24:12.0826 0x1194 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:24:12.0842 0x1194 Fs_Rec - ok
10:24:12.0904 0x1194 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:24:12.0920 0x1194 fvevol - ok
10:24:12.0951 0x1194 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:24:12.0967 0x1194 gagp30kx - ok
10:24:13.0045 0x1194 [ C44D560E441F091EA3B72F778EC60DE2, 1F90BA0E98C436B98BF6B0BC93146B52C081DF374424E2DCA270316D508A59B2 ] GameConsoleService C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
10:24:13.0123 0x1194 GameConsoleService - ok
10:24:13.0185 0x1194 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
10:24:13.0279 0x1194 gpsvc - ok
10:24:13.0403 0x1194 [ 816FD5A6F3C2F3D600900096632FC60E, D92401C4B56663F8A12B6390562608A125713408B00266C53844129679E48E9C ] Greg_Service C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
10:24:13.0762 0x1194 Greg_Service - ok
10:24:13.0981 0x1194 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:24:13.0981 0x1194 gupdate - ok
10:24:14.0012 0x1194 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:24:14.0012 0x1194 gupdatem - ok
10:24:14.0027 0x1194 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:24:14.0074 0x1194 gusvc - ok
10:24:14.0090 0x1194 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:24:14.0090 0x1194 hcw85cir - ok
10:24:14.0168 0x1194 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:24:14.0199 0x1194 HdAudAddService - ok
10:24:14.0230 0x1194 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:24:14.0246 0x1194 HDAudBus - ok
10:24:14.0277 0x1194 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:24:14.0293 0x1194 HidBatt - ok
10:24:14.0308 0x1194 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:24:14.0324 0x1194 HidBth - ok
10:24:14.0355 0x1194 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:24:14.0371 0x1194 HidIr - ok
10:24:14.0386 0x1194 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
10:24:14.0402 0x1194 hidserv - ok
10:24:14.0464 0x1194 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:24:14.0480 0x1194 HidUsb - ok
10:24:14.0511 0x1194 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:24:14.0527 0x1194 hkmsvc - ok
10:24:14.0573 0x1194 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:24:14.0620 0x1194 HomeGroupListener - ok
10:24:14.0667 0x1194 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:24:14.0714 0x1194 HomeGroupProvider - ok
10:24:14.0761 0x1194 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:24:14.0776 0x1194 HpSAMD - ok
10:24:14.0901 0x1194 [ 447256D1C026654C5CD3CC17E7B20631, F89589AC17BC50483E6687963370937E6CD19D6030F30D70577A7DA266116919 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
10:24:14.0963 0x1194 HsfXAudioService - ok
10:24:15.0088 0x1194 [ 26C5D00321937E49B6BC91029947D094, 610BBA49EAB5926FBC4B7990A64A8C3E5B7634CB25A39FC4D9104DD60FA3451A ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
10:24:15.0213 0x1194 HSF_DPV - ok
10:24:15.0291 0x1194 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:24:15.0322 0x1194 HTTP - ok
10:24:15.0353 0x1194 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:24:15.0369 0x1194 hwpolicy - ok
10:24:15.0416 0x1194 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:24:15.0447 0x1194 i8042prt - ok
10:24:15.0494 0x1194 [ 7548066DF68A8A1A56B043359F915F37, 6225DDE554E45858374CBD284A85A00F773089A667C08492187A637232B8BD9A ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
10:24:15.0556 0x1194 IAANTMON - ok
10:24:15.0634 0x1194 [ 1D004CB1DA6323B1F55CAEF7F94B61D9, 8FFFB429BA46938724BBB87AB9B3EC77EA17C4B893BABDBDD38309F02963D405 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
10:24:15.0634 0x1194 iaStor - ok
10:24:15.0697 0x1194 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:24:15.0728 0x1194 iaStorV - ok
10:24:16.0055 0x1194 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:24:16.0133 0x1194 idsvc - ok
10:24:16.0399 0x1194 [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
10:24:16.0695 0x1194 igfx - ok
10:24:16.0773 0x1194 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:24:16.0804 0x1194 iirsp - ok
10:24:16.0882 0x1194 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
10:24:16.0929 0x1194 IKEEXT - ok
10:24:16.0960 0x1194 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
10:24:16.0960 0x1194 intelide - ok
10:24:17.0007 0x1194 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:24:17.0007 0x1194 intelppm - ok
10:24:17.0038 0x1194 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:24:17.0054 0x1194 IPBusEnum - ok
10:24:17.0085 0x1194 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:24:17.0116 0x1194 IpFilterDriver - ok
10:24:17.0163 0x1194 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:24:17.0210 0x1194 iphlpsvc - ok
10:24:17.0241 0x1194 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:24:17.0257 0x1194 IPMIDRV - ok
10:24:17.0288 0x1194 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:24:17.0319 0x1194 IPNAT - ok
10:24:17.0413 0x1194 [ 33B286326BD2B1A7748C43391058FB19, C6240C9ED5B7C227595E953E3D1AB5F2D45CCD86FDBDF985836A970B4B6467FE ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:24:17.0459 0x1194 iPod Service - ok
10:24:17.0506 0x1194 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:24:17.0522 0x1194 IRENUM - ok
10:24:17.0569 0x1194 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:24:17.0584 0x1194 isapnp - ok
10:24:17.0631 0x1194 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:24:17.0662 0x1194 iScsiPrt - ok
10:24:17.0678 0x1194 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:24:17.0693 0x1194 kbdclass - ok
10:24:17.0725 0x1194 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:24:17.0740 0x1194 kbdhid - ok
10:24:17.0756 0x1194 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\Windows\system32\lsass.exe
10:24:17.0771 0x1194 KeyIso - ok
10:24:18.0130 0x1194 [ 1C6256096A341051509D36AD724830BE, 025F7E1E979DC8C4794FC7D3581D6BCF6E0F6DC327C6FCB925B6A8EDBE999A68 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
10:24:18.0442 0x1194 KL1 - ok
10:24:18.0536 0x1194 [ 7189020B8079F90A4930A8DB94002132, E1323898883DD83C1F209460BB9781A4AE023DB2CA4B44A0C19B1E6F4ABDCD87 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
10:24:18.0598 0x1194 KLIF - ok
10:24:18.0629 0x1194 [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:24:18.0645 0x1194 KSecDD - ok
10:24:18.0676 0x1194 [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:24:18.0692 0x1194 KSecPkg - ok
10:24:18.0723 0x1194 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:24:18.0739 0x1194 ksthunk - ok
10:24:18.0785 0x1194 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
10:24:18.0817 0x1194 KtmRm - ok
10:24:18.0879 0x1194 [ 2AC603C3188C704CFCE353659AA7AD71, 0DAC2E8858221145FA35883BAE0D6484E60EB624158DE9F063FF209951CD1CDF ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
10:24:18.0879 0x1194 L1E - ok
10:24:18.0957 0x1194 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:24:19.0004 0x1194 LanmanServer - ok
10:24:19.0051 0x1194 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:24:19.0097 0x1194 LanmanWorkstation - ok
10:24:19.0160 0x1194 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:24:19.0175 0x1194 lltdio - ok
10:24:19.0222 0x1194 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:24:19.0253 0x1194 lltdsvc - ok
10:24:19.0285 0x1194 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:24:19.0300 0x1194 lmhosts - ok
10:24:19.0331 0x1194 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:24:19.0347 0x1194 LSI_FC - ok
10:24:19.0347 0x1194 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:24:19.0363 0x1194 LSI_SAS - ok
10:24:19.0409 0x1194 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:24:19.0409 0x1194 LSI_SAS2 - ok
10:24:19.0425 0x1194 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:24:19.0441 0x1194 LSI_SCSI - ok
10:24:19.0487 0x1194 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
10:24:19.0503 0x1194 luafv - ok
10:24:19.0550 0x1194 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:24:19.0565 0x1194 Mcx2Svc - ok
10:24:19.0581 0x1194 [ E4F44EC214B3E381E1FC844A02926666, 6EE8C87EFCEFFBEA08B9B9DA036B37564542EE4D31942115CDBF895295DD5FE2 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
10:24:19.0597 0x1194 mdmxsdk - ok
10:24:19.0612 0x1194 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:24:19.0628 0x1194 megasas - ok
10:24:19.0659 0x1194 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:24:19.0690 0x1194 MegaSR - ok
10:24:19.0721 0x1194 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
10:24:19.0737 0x1194 MMCSS - ok
10:24:19.0753 0x1194 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
10:24:19.0768 0x1194 Modem - ok
10:24:19.0846 0x1194 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:24:19.0862 0x1194 monitor - ok
10:24:19.0909 0x1194 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:24:19.0940 0x1194 mouclass - ok
10:24:19.0955 0x1194 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:24:19.0971 0x1194 mouhid - ok
10:24:20.0018 0x1194 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:24:20.0049 0x1194 mountmgr - ok
10:24:20.0080 0x1194 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
10:24:20.0096 0x1194 mpio - ok
10:24:20.0158 0x1194 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:24:20.0189 0x1194 mpsdrv - ok
10:24:20.0330 0x1194 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:24:20.0486 0x1194 MpsSvc - ok
10:24:20.0533 0x1194 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:24:20.0564 0x1194 MRxDAV - ok
10:24:20.0657 0x1194 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:24:20.0689 0x1194 mrxsmb - ok
10:24:20.0720 0x1194 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:24:20.0751 0x1194 mrxsmb10 - ok
10:24:20.0767 0x1194 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:24:20.0782 0x1194 mrxsmb20 - ok
10:24:20.0813 0x1194 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
10:24:20.0829 0x1194 msahci - ok
10:24:20.0860 0x1194 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:24:20.0876 0x1194 msdsm - ok
10:24:20.0891 0x1194 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
10:24:20.0907 0x1194 MSDTC - ok
10:24:20.0969 0x1194 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:24:21.0001 0x1194 Msfs - ok
10:24:21.0032 0x1194 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:24:21.0047 0x1194 mshidkmdf - ok
10:24:21.0063 0x1194 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:24:21.0063 0x1194 msisadrv - ok
10:24:21.0125 0x1194 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:24:21.0125 0x1194 MSiSCSI - ok
10:24:21.0141 0x1194 msiserver - ok
10:24:21.0172 0x1194 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:24:21.0188 0x1194 MSKSSRV - ok
10:24:21.0203 0x1194 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:24:21.0219 0x1194 MSPCLOCK - ok
10:24:21.0235 0x1194 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:24:21.0250 0x1194 MSPQM - ok
10:24:21.0297 0x1194 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:24:21.0313 0x1194 MsRPC - ok
10:24:21.0359 0x1194 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:24:21.0375 0x1194 mssmbios - ok
10:24:21.0391 0x1194 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:24:21.0406 0x1194 MSTEE - ok
10:24:21.0422 0x1194 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:24:21.0437 0x1194 MTConfig - ok
10:24:21.0484 0x1194 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
10:24:21.0484 0x1194 Mup - ok
10:24:21.0547 0x1194 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
10:24:21.0562 0x1194 napagent - ok
10:24:21.0593 0x1194 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:24:21.0625 0x1194 NativeWifiP - ok
10:24:21.0718 0x1194 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
10:24:21.0765 0x1194 NDIS - ok
10:24:21.0812 0x1194 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:24:21.0827 0x1194 NdisCap - ok
10:24:21.0859 0x1194 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:24:21.0874 0x1194 NdisTapi - ok
10:24:21.0921 0x1194 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:24:21.0952 0x1194 Ndisuio - ok
10:24:21.0999 0x1194 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:24:22.0030 0x1194 NdisWan - ok
10:24:22.0061 0x1194 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:24:22.0077 0x1194 NDProxy - ok
10:24:22.0108 0x1194 [ EE00C544C025958AF50C7B199F3C8595, D774DB020D9C46D1AA0B2DB9FA2C36C4A9C38D904CC6929695321D32ACA0D4D1 ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
10:24:22.0124 0x1194 Netaapl - ok
10:24:22.0155 0x1194 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:24:22.0155 0x1194 NetBIOS - ok
10:24:22.0202 0x1194 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:24:22.0217 0x1194 NetBT - ok
10:24:22.0233 0x1194 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\Windows\system32\lsass.exe
10:24:22.0249 0x1194 Netlogon - ok
10:24:22.0280 0x1194 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
10:24:22.0311 0x1194 Netman - ok
10:24:22.0358 0x1194 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
10:24:22.0405 0x1194 netprofm - ok
10:24:22.0436 0x1194 [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:24:22.0451 0x1194 NetTcpPortSharing - ok
10:24:22.0779 0x1194 [ 39EDE676D17F37AF4573C2B33EC28ACA, 6C897C8B72D7AC1385302E58509688790CC5F428E967485F92C3CD646907EF59 ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
10:24:23.0153 0x1194 NETw5s64 - ok
10:24:23.0403 0x1194 [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
10:24:23.0668 0x1194 netw5v64 - ok
10:24:23.0684 0x1194 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:24:23.0699 0x1194 nfrd960 - ok
10:24:23.0762 0x1194 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:24:23.0793 0x1194 NlaSvc - ok
10:24:23.0824 0x1194 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:24:23.0840 0x1194 Npfs - ok
10:24:23.0871 0x1194 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
10:24:23.0871 0x1194 nsi - ok
10:24:23.0887 0x1194 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:24:23.0902 0x1194 nsiproxy - ok
10:24:24.0011 0x1194 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:24:24.0136 0x1194 Ntfs - ok
10:24:24.0167 0x1194 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
10:24:24.0183 0x1194 Null - ok
10:24:24.0230 0x1194 [ AD37248BD442D41C9A896E53EB8A85EE, 9CC50602480544DBD0B873B3444D355CC13CB97EC1BCA97F85668C45DEFE78C1 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
10:24:24.0245 0x1194 NVHDA - ok
10:24:24.0698 0x1194 [ FD39B98FF1BB8ED3848781497E9D02E0, EF078BC65FAF214860C177206793FFA47EB216FCC2F711DB1D63FE584FF18706 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:24:25.0181 0x1194 nvlddmkm - ok
10:24:25.0400 0x1194 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:24:25.0431 0x1194 nvraid - ok
10:24:25.0478 0x1194 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:24:25.0493 0x1194 nvstor - ok
10:24:25.0525 0x1194 [ C1668D58547DD0C4A0FBD6AFA20D5890, CF003E17B4DB83B88E3CE3010BE9A970756BB45C4D3500D3F02EBDC92BBC2AF8 ] nvsvc C:\Windows\system32\nvvsvc.exe
10:24:25.0556 0x1194 nvsvc - ok
10:24:25.0603 0x1194 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:24:25.0618 0x1194 nv_agp - ok
10:24:25.0681 0x1194 [ D955D5DE998DB2476BF0892BE3A96C26, 3828FC1D4A4F9CD685E6D938B92370A602B84A3ACE2C9A674B3B59E633B0AE07 ] O2FLASH C:\Windows\system32\DRIVERS\o2flash.exe
10:24:25.0712 0x1194 O2FLASH - ok
10:24:25.0728 0x1194 [ 26DA4B40670AD436F7DAEC053A2A9ECA, E43C1DE8EB9156AF2B083C868C71A1282E72FC38C4AF23459A0826CF1C632AC8 ] O2MDRDR C:\Windows\system32\DRIVERS\o2mdx64.sys
10:24:25.0743 0x1194 O2MDRDR - ok
10:24:25.0759 0x1194 [ 2E69A2ADC12DAA7AC7B4FFD8601E88B0, D153A31389411629A89A14C2631FED8656168C96DB0BD1A53D1017BE9E11853B ] O2SDRDR C:\Windows\system32\DRIVERS\o2sdx64.sys
10:24:25.0774 0x1194 O2SDRDR - ok
10:24:25.0884 0x1194 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:24:26.0024 0x1194 odserv - ok
10:24:26.0055 0x1194 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:24:26.0071 0x1194 ohci1394 - ok
10:24:26.0118 0x1194 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:24:26.0149 0x1194 ose - ok
10:24:26.0196 0x1194 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:24:26.0227 0x1194 p2pimsvc - ok
10:24:26.0274 0x1194 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
10:24:26.0336 0x1194 p2psvc - ok
10:24:26.0383 0x1194 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:24:26.0383 0x1194 Parport - ok
10:24:26.0430 0x1194 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:24:26.0445 0x1194 partmgr - ok
10:24:26.0492 0x1194 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
10:24:26.0508 0x1194 PcaSvc - ok
10:24:26.0554 0x1194 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
10:24:26.0570 0x1194 pci - ok
10:24:26.0601 0x1194 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
10:24:26.0617 0x1194 pciide - ok
10:24:26.0664 0x1194 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:24:26.0710 0x1194 pcmcia - ok
10:24:26.0757 0x1194 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
10:24:26.0773 0x1194 pcw - ok
10:24:26.0835 0x1194 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:24:26.0882 0x1194 PEAUTH - ok
10:24:26.0913 0x1194 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:24:26.0929 0x1194 PerfHost - ok
10:24:27.0054 0x1194 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
10:24:27.0163 0x1194 pla - ok
10:24:27.0210 0x1194 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:24:27.0256 0x1194 PlugPlay - ok
10:24:27.0288 0x1194 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:24:27.0288 0x1194 PNRPAutoReg - ok
10:24:27.0319 0x1194 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:24:27.0334 0x1194 PNRPsvc - ok
10:24:27.0397 0x1194 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:24:27.0428 0x1194 PolicyAgent - ok
10:24:27.0475 0x1194 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
10:24:27.0490 0x1194 Power - ok
10:24:27.0553 0x1194 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:24:27.0584 0x1194 PptpMiniport - ok
10:24:27.0631 0x1194 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:24:27.0646 0x1194 Processor - ok
10:24:27.0693 0x1194 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
10:24:27.0709 0x1194 ProfSvc - ok
10:24:27.0740 0x1194 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
10:24:27.0740 0x1194 ProtectedStorage - ok
10:24:27.0787 0x1194 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:24:27.0818 0x1194 Psched - ok
10:24:27.0927 0x1194 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:24:28.0052 0x1194 ql2300 - ok
10:24:28.0083 0x1194 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:24:28.0099 0x1194 ql40xx - ok
10:24:28.0146 0x1194 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
10:24:28.0161 0x1194 QWAVE - ok
10:24:28.0192 0x1194 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:24:28.0208 0x1194 QWAVEdrv - ok
10:24:28.0239 0x1194 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:24:28.0239 0x1194 RasAcd - ok
10:24:28.0286 0x1194 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:24:28.0302 0x1194 RasAgileVpn - ok
10:24:28.0317 0x1194 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
10:24:28.0333 0x1194 RasAuto - ok
10:24:28.0380 0x1194 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:24:28.0411 0x1194 Rasl2tp - ok
10:24:28.0442 0x1194 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
10:24:28.0489 0x1194 RasMan - ok
10:24:28.0520 0x1194 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:24:28.0536 0x1194 RasPppoe - ok
10:24:28.0582 0x1194 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:24:28.0598 0x1194 RasSstp - ok
10:24:28.0660 0x1194 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:24:28.0707 0x1194 rdbss - ok
10:24:28.0738 0x1194 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:24:28.0738 0x1194 rdpbus - ok
10:24:28.0770 0x1194 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:24:28.0785 0x1194 RDPCDD - ok
10:24:28.0832 0x1194 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:24:28.0848 0x1194 RDPENCDD - ok
10:24:28.0879 0x1194 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:24:28.0894 0x1194 RDPREFMP - ok
10:24:28.0926 0x1194 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:24:28.0957 0x1194 RDPWD - ok
10:24:29.0019 0x1194 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:24:29.0066 0x1194 rdyboost - ok
10:24:29.0097 0x1194 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:24:29.0113 0x1194 RemoteAccess - ok
10:24:29.0144 0x1194 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:24:29.0160 0x1194 RemoteRegistry - ok
10:24:29.0206 0x1194 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:24:29.0238 0x1194 RpcEptMapper - ok
10:24:29.0269 0x1194 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
10:24:29.0284 0x1194 RpcLocator - ok
10:24:29.0347 0x1194 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\System32\rpcss.dll
10:24:29.0362 0x1194 RpcSs - ok
10:24:29.0409 0x1194 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:24:29.0425 0x1194 rspndr - ok
10:24:29.0440 0x1194 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\Windows\system32\lsass.exe
10:24:29.0440 0x1194 SamSs - ok
10:24:29.0487 0x1194 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:24:29.0503 0x1194 sbp2port - ok
10:24:29.0550 0x1194 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:24:29.0596 0x1194 SCardSvr - ok
10:24:29.0628 0x1194 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:24:29.0628 0x1194 scfilter - ok
10:24:29.0721 0x1194 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
10:24:29.0784 0x1194 Schedule - ok
10:24:29.0830 0x1194 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
10:24:29.0830 0x1194 SCPolicySvc - ok
10:24:29.0877 0x1194 [ 3777C449916F72C807CC056624F40C7E, 18D24FD2E4B5F9860624E0D99F5145473559DD078E5D69C4F2689C59655E9897 ] scssifilter C:\Windows\system32\Drivers\scssifilter64.sys
10:24:29.0893 0x1194 scssifilter - ok
10:24:29.0940 0x1194 [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\Windows\system32\drivers\sdbus.sys
10:24:29.0971 0x1194 sdbus - ok
10:24:30.0018 0x1194 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:24:30.0064 0x1194 SDRSVC - ok
10:24:30.0111 0x1194 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:24:30.0127 0x1194 secdrv - ok
10:24:30.0174 0x1194 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
10:24:30.0189 0x1194 seclogon - ok
10:24:30.0220 0x1194 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
10:24:30.0220 0x1194 SENS - ok
10:24:30.0283 0x1194 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:24:30.0298 0x1194 SensrSvc - ok
10:24:30.0314 0x1194 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:24:30.0330 0x1194 Serenum - ok
10:24:30.0408 0x1194 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:24:30.0439 0x1194 Serial - ok
10:24:30.0470 0x1194 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:24:30.0486 0x1194 sermouse - ok
10:24:30.0564 0x1194 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
10:24:30.0595 0x1194 SessionEnv - ok
10:24:30.0657 0x1194 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:24:30.0673 0x1194 sffdisk - ok
10:24:30.0704 0x1194 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:24:30.0704 0x1194 sffp_mmc - ok
10:24:30.0720 0x1194 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:24:30.0735 0x1194 sffp_sd - ok
10:24:30.0751 0x1194 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:24:30.0766 0x1194 sfloppy - ok
10:24:30.0813 0x1194 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:24:30.0844 0x1194 SharedAccess - ok
10:24:30.0891 0x1194 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:24:30.0922 0x1194 ShellHWDetection - ok
10:24:30.0954 0x1194 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:24:30.0954 0x1194 SiSRaid2 - ok
10:24:30.0985 0x1194 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:24:31.0000 0x1194 SiSRaid4 - ok
10:24:31.0063 0x1194 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:24:31.0063 0x1194 Smb - ok
10:24:31.0141 0x1194 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:24:31.0156 0x1194 SNMPTRAP - ok
10:24:31.0203 0x1194 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
10:24:31.0203 0x1194 spldr - ok
10:24:31.0266 0x1194 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
10:24:31.0312 0x1194 Spooler - ok
10:24:31.0500 0x1194 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
10:24:31.0718 0x1194 sppsvc - ok
10:24:31.0765 0x1194 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:24:31.0780 0x1194 sppuinotify - ok
10:24:31.0827 0x1194 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:24:31.0858 0x1194 srv - ok
10:24:31.0921 0x1194 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:24:31.0968 0x1194 srv2 - ok
10:24:32.0030 0x1194 [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
10:24:32.0061 0x1194 SrvHsfHDA - ok
10:24:32.0217 0x1194 [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:24:32.0295 0x1194 SrvHsfV92 - ok
10:24:32.0389 0x1194 [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:24:32.0467 0x1194 SrvHsfWinac - ok
10:24:32.0514 0x1194 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:24:32.0545 0x1194 srvnet - ok
10:24:32.0607 0x1194 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:24:32.0654 0x1194 SSDPSRV - ok
10:24:32.0701 0x1194 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:24:32.0701 0x1194 SstpSvc - ok
10:24:32.0763 0x1194 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:24:32.0779 0x1194 stexstor - ok
10:24:32.0872 0x1194 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
10:24:32.0919 0x1194 stisvc - ok
10:24:32.0997 0x1194 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
10:24:33.0013 0x1194 swenum - ok
10:24:33.0060 0x1194 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
10:24:33.0106 0x1194 swprv - ok
10:24:33.0138 0x1194 [ ED6D1424E5B0C21A57B28DD8508D6843, EF3BBBBD376F22520060BC6D637CDF79E2D8B43A95E746FC1463E7CDC407C2D9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
10:24:33.0153 0x1194 SynTP - ok
10:24:33.0278 0x1194 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
10:24:33.0434 0x1194 SysMain - ok
10:24:33.0481 0x1194 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:24:33.0496 0x1194 TabletInputService - ok
10:24:33.0528 0x1194 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
10:24:33.0559 0x1194 TapiSrv - ok
10:24:33.0590 0x1194 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
10:24:33.0590 0x1194 TBS - ok
10:24:33.0730 0x1194 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:24:33.0871 0x1194 Tcpip - ok
10:24:33.0964 0x1194 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:24:33.0996 0x1194 TCPIP6 - ok
10:24:34.0058 0x1194 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:24:34.0089 0x1194 tcpipreg - ok
10:24:34.0152 0x1194 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:24:34.0152 0x1194 TDPIPE - ok
10:24:34.0198 0x1194 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:24:34.0198 0x1194 TDTCP - ok
10:24:34.0245 0x1194 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:24:34.0261 0x1194 tdx - ok
10:24:34.0308 0x1194 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
10:24:34.0323 0x1194 TermDD - ok
10:24:34.0370 0x1194 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
10:24:34.0417 0x1194 TermService - ok
10:24:34.0464 0x1194 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
10:24:34.0464 0x1194 Themes - ok
10:24:34.0495 0x1194 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
10:24:34.0495 0x1194 THREADORDER - ok
10:24:34.0542 0x1194 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
10:24:34.0557 0x1194 TrkWks - ok
10:24:34.0635 0x1194 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:24:34.0682 0x1194 TrustedInstaller - ok
10:24:34.0744 0x1194 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:24:34.0760 0x1194 tssecsrv - ok
10:24:34.0822 0x1194 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:24:34.0838 0x1194 TsUsbFlt - ok
10:24:34.0916 0x1194 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:24:34.0932 0x1194 tunnel - ok
10:24:34.0963 0x1194 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:24:34.0994 0x1194 uagp35 - ok
10:24:35.0041 0x1194 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:24:35.0072 0x1194 udfs - ok
10:24:35.0134 0x1194 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:24:35.0150 0x1194 UI0Detect - ok
10:24:35.0197 0x1194 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:24:35.0212 0x1194 uliagpkx - ok
10:24:35.0259 0x1194 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
10:24:35.0290 0x1194 umbus - ok
10:24:35.0337 0x1194 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:24:35.0353 0x1194 UmPass - ok
10:24:35.0431 0x1194 [ 70DDE3A86DBEB1D6C3C30AD687B1877A, 2DAE797240DB8F521F1C9D1171524790052E186B060D58A1B102FBFFC80CE48E ] Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
10:24:35.0509 0x1194 Updater Service - ok
10:24:35.0571 0x1194 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
10:24:35.0602 0x1194 upnphost - ok
10:24:35.0649 0x1194 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:24:35.0680 0x1194 USBAAPL64 - ok
10:24:35.0727 0x1194 [ 6F1A3157A1C89435352CEB543CDB359C, 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:24:35.0743 0x1194 usbccgp - ok
10:24:35.0805 0x1194 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:24:35.0836 0x1194 usbcir - ok
10:24:35.0883 0x1194 [ C025055FE7B87701EB042095DF1A2D7B, D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:24:35.0883 0x1194 usbehci - ok
10:24:35.0930 0x1194 [ 287C6C9410B111B68B52CA298F7B8C24, 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:24:35.0977 0x1194 usbhub - ok
10:24:36.0008 0x1194 [ 4DF4D5FA8F79269848B15B84D437B0DC, 97AAC0F3E1B6B28C864C2E1DADC40B44DAF7098206A7E4E6BC4F1FAF388EA28C ] usbmp3 C:\Windows\system32\Drivers\usbmp364.sys
10:24:36.0008 0x1194 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\usbmp364.sys. md5: 4DF4D5FA8F79269848B15B84D437B0DC, sha256: 97AAC0F3E1B6B28C864C2E1DADC40B44DAF7098206A7E4E6BC4F1FAF388EA28C
10:24:36.0008 0x1194 usbmp3 - detected LockedFile.Multi.Generic ( 1 )
10:24:39.0081 0x1194 Detect skipped due to KSN trusted
10:24:39.0081 0x1194 usbmp3 - ok
10:24:39.0190 0x1194 [ 9840FC418B4CBD632D3D0A667A725C31, 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:24:39.0237 0x1194 usbohci - ok
10:24:39.0284 0x1194 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:24:39.0315 0x1194 usbprint - ok
10:24:39.0346 0x1194 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:24:39.0362 0x1194 USBSTOR - ok
10:24:39.0393 0x1194 [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:24:39.0409 0x1194 usbuhci - ok
10:24:39.0471 0x1194 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
10:24:39.0487 0x1194 usbvideo - ok
10:24:39.0534 0x1194 [ F64DE82B9EC47F79B32F55B303D00FE4, C22918BC121FC9473E061FCA3149C18DCFB7ED8F90CF72648D85258FC4090A21 ] usbvox C:\Windows\system32\Drivers\usbvox64.sys
10:24:39.0534 0x1194 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\usbvox64.sys. md5: F64DE82B9EC47F79B32F55B303D00FE4, sha256: C22918BC121FC9473E061FCA3149C18DCFB7ED8F90CF72648D85258FC4090A21
10:24:39.0534 0x1194 usbvox - detected LockedFile.Multi.Generic ( 1 )
10:24:42.0778 0x1194 Detect skipped due to KSN trusted
10:24:42.0778 0x1194 usbvox - ok
10:24:42.0888 0x1194 [ DA6B19F1AD2544A1E1EB351C539173AE, C30AF87F4C680481B79099032F363BD444F57593663FDAB3610B532685B98687 ] usbwav C:\Windows\system32\Drivers\usbwav64.sys
10:24:42.0888 0x1194 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\usbwav64.sys. md5: DA6B19F1AD2544A1E1EB351C539173AE, sha256: C30AF87F4C680481B79099032F363BD444F57593663FDAB3610B532685B98687
10:24:42.0888 0x1194 usbwav - detected LockedFile.Multi.Generic ( 1 )
10:24:46.0054 0x1194 Detect skipped due to KSN trusted
10:24:46.0054 0x1194 usbwav - ok
10:24:46.0164 0x1194 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
10:24:46.0195 0x1194 UxSms - ok
10:24:46.0226 0x1194 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\Windows\system32\lsass.exe
10:24:46.0242 0x1194 VaultSvc - ok
10:24:46.0273 0x1194 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:24:46.0304 0x1194 vdrvroot - ok
10:24:46.0382 0x1194 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
10:24:46.0429 0x1194 vds - ok
10:24:46.0460 0x1194 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:24:46.0476 0x1194 vga - ok
10:24:46.0522 0x1194 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
10:24:46.0538 0x1194 VgaSave - ok
10:24:46.0585 0x1194 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:24:46.0600 0x1194 vhdmp - ok
10:24:46.0647 0x1194 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
10:24:46.0647 0x1194 viaide - ok
10:24:46.0678 0x1194 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:24:46.0694 0x1194 volmgr - ok
10:24:46.0756 0x1194 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:24:46.0788 0x1194 volmgrx - ok
10:24:46.0819 0x1194 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:24:46.0834 0x1194 volsnap - ok
10:24:46.0928 0x1194 [ F8C69EB4CC46FD2681B65212CA20DD97, 290CC81B0F1C6EC26AD445442E1705710CFCCCB68D305205AE03A2DE49A6BEB3 ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
10:24:46.0975 0x1194 Vsdatant - ok
10:24:47.0037 0x1194 vsmon - ok
10:24:47.0084 0x1194 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:24:47.0100 0x1194 vsmraid - ok
10:24:47.0224 0x1194 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
10:24:47.0318 0x1194 VSS - ok
10:24:47.0365 0x1194 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:24:47.0380 0x1194 vwifibus - ok
10:24:47.0412 0x1194 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:24:47.0412 0x1194 vwififlt - ok
10:24:47.0458 0x1194 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
10:24:47.0490 0x1194 W32Time - ok
10:24:47.0552 0x1194 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:24:47.0568 0x1194 WacomPen - ok
10:24:47.0646 0x1194 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:24:47.0661 0x1194 WANARP - ok
10:24:47.0692 0x1194 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:24:47.0692 0x1194 Wanarpv6 - ok
10:24:47.0802 0x1194 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:24:47.0895 0x1194 WatAdminSvc - ok
10:24:48.0020 0x1194 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
10:24:48.0114 0x1194 wbengine - ok
10:24:48.0145 0x1194 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:24:48.0176 0x1194 WbioSrvc - ok
10:24:48.0238 0x1194 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:24:48.0270 0x1194 wcncsvc - ok
10:24:48.0316 0x1194 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:24:48.0348 0x1194 WcsPlugInService - ok
10:24:48.0379 0x1194 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:24:48.0394 0x1194 Wd - ok
10:24:48.0457 0x1194 [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
10:24:48.0457 0x1194 WDC_SAM - ok
10:24:48.0566 0x1194 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:24:48.0628 0x1194 Wdf01000 - ok
10:24:48.0660 0x1194 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:24:48.0675 0x1194 WdiServiceHost - ok
10:24:48.0706 0x1194 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:24:48.0706 0x1194 WdiSystemHost - ok
10:24:48.0784 0x1194 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
10:24:48.0831 0x1194 WebClient - ok
10:24:48.0894 0x1194 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:24:48.0909 0x1194 Wecsvc - ok
10:24:48.0972 0x1194 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:24:49.0003 0x1194 wercplsupport - ok
10:24:49.0050 0x1194 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
10:24:49.0065 0x1194 WerSvc - ok
10:24:49.0128 0x1194 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:24:49.0128 0x1194 WfpLwf - ok
10:24:49.0206 0x1194 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:24:49.0237 0x1194 WIMMount - ok
10:24:49.0315 0x1194 [ A6EA7A3FC4B00F48535B506DB1E86EFD, B2A28C0438BA679D760FB8B68289D625CF6204DFF8000A285B5CA68417314F65 ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
10:24:49.0346 0x1194 winachsf - ok
10:24:49.0393 0x1194 WinDefend - ok
10:24:49.0471 0x1194 WinHttpAutoProxySvc - ok
10:24:49.0564 0x1194 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:24:49.0627 0x1194 Winmgmt - ok
10:24:49.0752 0x1194 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
10:24:49.0892 0x1194 WinRM - ok
10:24:49.0970 0x1194 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:24:49.0986 0x1194 WinUsb - ok
10:24:50.0064 0x1194 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:24:50.0110 0x1194 Wlansvc - ok
10:24:50.0173 0x1194 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:24:50.0173 0x1194 WmiAcpi - ok
10:24:50.0235 0x1194 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:24:50.0251 0x1194 wmiApSrv - ok
10:24:50.0298 0x1194 WMPNetworkSvc - ok
10:24:50.0329 0x1194 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:24:50.0329 0x1194 WPCSvc - ok
10:24:50.0391 0x1194 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:24:50.0422 0x1194 WPDBusEnum - ok
10:24:50.0469 0x1194 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:24:50.0469 0x1194 ws2ifsl - ok
10:24:50.0516 0x1194 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
10:24:50.0532 0x1194 wscsvc - ok
10:24:50.0547 0x1194 WSearch - ok
10:24:50.0719 0x1194 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
10:24:50.0844 0x1194 wuauserv - ok
10:24:50.0890 0x1194 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:24:50.0922 0x1194 WudfPf - ok
10:24:50.0984 0x1194 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:24:51.0000 0x1194 WUDFRd - ok
10:24:51.0031 0x1194 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:24:51.0046 0x1194 wudfsvc - ok
10:24:51.0109 0x1194 [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc C:\Windows\System32\wwansvc.dll
10:24:51.0187 0x1194 WwanSvc - ok
10:24:51.0218 0x1194 [ E8F3FA126A06F8E7088F63757112A186, FC742ECA6DD823C5B17A514EC4473F65EE290FA6501370675B3628FD881A1C4B ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys
10:24:51.0234 0x1194 XAudio - ok
10:24:51.0280 0x1194 [ 79D9CE9614C955DD31AA2556B4014662, 2692681268A5DEE2E07B0F848D76B330CD3AB065451EC9E35653066015EEF135 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
10:24:51.0312 0x1194 yukonw7 - ok
10:24:51.0374 0x1194 [ F0814A5318A534E4742F5358DF59F3AD, 4A8877987D9DFAD57AF409D9C35EAF480D5260730E392EF3CFA9725F46640086 ] ZAPrivacyService C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
10:24:51.0405 0x1194 ZAPrivacyService - ok
10:24:51.0452 0x1194 ================ Scan global ===============================
10:24:51.0468 0x1194 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
10:24:51.0514 0x1194 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
10:24:51.0546 0x1194 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
10:24:51.0561 0x1194 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
10:24:51.0608 0x1194 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
10:24:51.0608 0x1194 [ Global ] - ok
10:24:51.0608 0x1194 ================ Scan MBR ==================================
10:24:51.0624 0x1194 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:24:51.0920 0x1194 \Device\Harddisk0\DR0 - ok
10:24:51.0936 0x1194 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
10:24:51.0951 0x1194 \Device\Harddisk1\DR1 - ok
10:24:51.0951 0x1194 ================ Scan VBR ==================================
10:24:51.0967 0x1194 [ 53F71214507A7B052DB9238ACE10B1D1 ] \Device\Harddisk0\DR0\Partition1
10:24:51.0967 0x1194 \Device\Harddisk0\DR0\Partition1 - ok
10:24:51.0998 0x1194 [ DADF4039FE0288C55C5CA5BBC725574C ] \Device\Harddisk0\DR0\Partition2
10:24:51.0998 0x1194 \Device\Harddisk0\DR0\Partition2 - ok
10:24:51.0998 0x1194 [ 0BABCB918F5B424B7EB187052A408E88 ] \Device\Harddisk1\DR1\Partition1
10:24:51.0998 0x1194 \Device\Harddisk1\DR1\Partition1 - ok
10:24:51.0998 0x1194 Waiting for KSN requests completion. In queue: 54
10:24:53.0012 0x1194 Waiting for KSN requests completion. In queue: 54
10:24:54.0026 0x1194 Waiting for KSN requests completion. In queue: 54
10:24:55.0040 0x1194 Waiting for KSN requests completion. In queue: 14
10:24:56.0319 0x1194 AV detected via SS2: ZoneAlarm Antivirus, C:\Program Files (x86)\CheckPoint\ZoneAlarm\\MultiFix.exe ( 12.0.104.0 ), 0x41000 ( enabled : updated )
10:24:56.0335 0x1194 FW detected via SS2: ZoneAlarm Firewall, C:\Program Files (x86)\CheckPoint\ZoneAlarm\\MultiFix.exe ( 12.0.104.0 ), 0x41010 ( enabled )
10:24:59.0236 0x1194 ============================================================
10:24:59.0236 0x1194 Scan finished
10:24:59.0236 0x1194 ============================================================
10:24:59.0252 0x0c3c Detected object count: 0
10:24:59.0252 0x0c3c Actual detected object count: 0
Register to Remove
#11
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 03 February 2014 - 10:01 AM
Hi leafaninottawa,
Show Hidden Files & Folders in Windows 7
VirusTotal
Please go to: VirusTotal
=========================
Re-hide Hidden files & Folders
In your next post please provide the following:
Show Hidden Files & Folders in Windows 7- To show hidden files, just click on the Organize button in any folder, and then select Folder and Search Options from the menu.
- Click the View tab, and then you should select Show hidden files and folders in the list.
- Then click OK.
VirusTotal Please go to: VirusTotal
- Click the Browse button and search for the following files: (one at a time)
c:\windows\system32\mutex-Threads.exe
c:\windows\system32\latch-Threads.exe
c:\windows\system32\idle-Threads.exe - Click Open
- Then click Send File
- Please be patient while the file is scanned.
- Once the scan results appear, please provide them in your next reply.
=========================
Re-hide Hidden files & Folders
In your next post please provide the following:
- Virus Total results
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#12
leafaninottawa
-
- Authentic Member
-
- 18 posts
New Member
Posted 03 February 2014 - 10:23 AM
these files are not in the system32 folder
#13
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 03 February 2014 - 11:09 AM
Hi leafaninottawa,
these files are not in the system32 folder
=========================
Delete the copy of ComboFix you have on your computer.
Reboot, then download a new copy and save it to your Desktop. (location is important)
Your previous copy was not run from the desktop.
Running from: c:\users\Easyhome\Downloads\ComboFix.exe
========================= ComboFix
Refer to the ComboFix User's Guide
- Download ComboFix from the following location:
Link
* IMPORTANT !!! Place ComboFix.exe on your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here - Double click on ComboFix.exe & follow the prompts.
- Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
- When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
--------------------------------------------------------------------------------------------- - Ensure your AntiVirus and AntiSpyware applications are re-enabled.
---------------------------------------------------------------------------------------------NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
=========================
In your next post please provide the following:- ComboFix.txt
- Any update on symptoms?
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#14
leafaninottawa
-
- Authentic Member
-
- 18 posts
New Member
Posted 03 February 2014 - 05:24 PM
here is the ComboFix log
ComboFix 13-12-24.02 - Easyhome 03/02/2014 18:03:38.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4091.1995 [GMT -5:00]
Running from: c:\users\Easyhome\Desktop\ComboFix.exe
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft Corporation\Microsoft® Windows® Operating System
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.Net Semaphore
.
.
((((((((((((((((((((((((( Files Created from 2014-01-03 to 2014-02-03 )))))))))))))))))))))))))))))))
.
.
2014-02-03 23:12 . 2014-02-03 23:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-02-03 23:12 . 2014-02-03 23:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-03 05:37 . 2014-02-03 05:55 -------- d-----w- c:\users\Easyhome\AppData\Local\Microsoft Games
2014-02-02 05:20 . 2014-02-02 05:20 8007680 ------r- c:\windows\system32\Microsoft.mshtml.dll
2014-02-02 05:10 . 2014-02-03 23:12 -------- d-----w- c:\programdata\Microsoft Corporation
2014-01-16 12:54 . 2014-01-16 12:54 -------- d-----w- c:\users\Easyhome\AppData\Local\ElevatedDiagnostics
2014-01-16 10:40 . 2014-01-16 10:40 -------- d-----w- c:\users\Easyhome\AppData\Local\Diagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-23 20:15 . 2013-12-23 20:15 640957 ----a-w- c:\windows\unins000.exe
2013-12-22 04:05 . 2013-12-22 04:05 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-12-17 23:36 . 2013-12-17 23:36 597104 ---h--r- c:\windows\system32\ProgramlicenseRequired.exe
2013-12-17 17:14 . 2012-02-22 03:35 126976 ------w- c:\windows\system32\Interop.SHDocVw.dll
2013-12-17 17:13 . 2012-02-22 03:35 18928 ------r- c:\windows\system32\drivers\scssifilter64.sys
2013-12-17 14:22 . 2013-12-17 14:22 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-17 14:22 . 2013-12-17 14:22 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-17 14:22 . 2013-12-17 14:22 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-17 14:22 . 2013-12-17 14:22 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-17 14:22 . 2013-12-17 14:22 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-17 14:22 . 2013-12-17 14:22 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-17 14:22 . 2013-12-17 14:22 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-17 14:22 . 2013-12-17 14:22 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-17 14:22 . 2013-12-17 14:22 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-12-17 14:22 . 2013-12-17 14:22 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-12-17 14:22 . 2013-12-17 14:22 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-12-17 14:22 . 2013-12-17 14:22 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-17 14:22 . 2013-12-17 14:22 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-12-17 14:22 . 2013-12-17 14:22 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-17 14:22 . 2013-12-17 14:22 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-12-17 14:22 . 2013-12-17 14:22 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-17 14:22 . 2013-12-17 14:22 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-17 14:22 . 2013-12-17 14:22 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-12-17 14:22 . 2013-12-17 14:22 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-17 14:22 . 2013-12-17 14:22 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-17 14:22 . 2013-12-17 14:22 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-17 14:22 . 2013-12-17 14:22 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-17 14:22 . 2013-12-17 14:22 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-17 14:22 . 2013-12-17 14:22 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-17 14:22 . 2013-12-17 14:22 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-17 14:22 . 2013-12-17 14:22 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-17 14:22 . 2013-12-17 14:22 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-17 14:22 . 2013-12-17 14:22 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-17 14:22 . 2013-12-17 14:22 855552 ----a-w- c:\windows\system32\jscript.dll
2013-12-17 14:22 . 2013-12-17 14:22 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-17 14:22 . 2013-12-17 14:22 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-17 14:22 . 2013-12-17 14:22 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-12-17 14:22 . 2013-12-17 14:22 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-12-17 14:22 . 2013-12-17 14:22 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-17 14:22 . 2013-12-17 14:22 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-17 14:22 . 2013-12-17 14:22 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-12-17 14:22 . 2013-12-17 14:22 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-12-17 14:22 . 2013-12-17 14:22 526336 ----a-w- c:\windows\system32\ieui.dll
2013-12-17 14:22 . 2013-12-17 14:22 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-17 14:22 . 2013-12-17 14:22 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-12-17 14:22 . 2013-12-17 14:22 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-12-17 14:22 . 2013-12-17 14:22 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-17 14:22 . 2013-12-17 14:22 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-17 14:22 . 2013-12-17 14:22 441856 ----a-w- c:\windows\system32\html.iec
2013-12-17 14:22 . 2013-12-17 14:22 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-12-17 14:22 . 2013-12-17 14:22 3959808 ----a-w- c:\windows\system32\jscript9.dll
2013-12-17 14:22 . 2013-12-17 14:22 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-17 14:22 . 2013-12-17 14:22 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-17 14:22 . 2013-12-17 14:22 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-17 14:22 . 2013-12-17 14:22 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-12-17 14:22 . 2013-12-17 14:22 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-12-17 14:22 . 2013-12-17 14:22 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-12-17 14:22 . 2013-12-17 14:22 235008 ----a-w- c:\windows\system32\url.dll
2013-12-17 14:22 . 2013-12-17 14:22 2241536 ----a-w- c:\windows\system32\wininet.dll
2013-12-17 14:22 . 2013-12-17 14:22 216064 ----a-w- c:\windows\system32\msls31.dll
2013-12-17 14:22 . 2013-12-17 14:22 197120 ----a-w- c:\windows\system32\msrating.dll
2013-12-17 14:22 . 2013-12-17 14:22 19271168 ----a-w- c:\windows\system32\mshtml.dll
2013-12-17 14:22 . 2013-12-17 14:22 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-12-17 14:22 . 2013-12-17 14:22 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-17 14:22 . 2013-12-17 14:22 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-12-17 14:22 . 2013-12-17 14:22 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-12-17 14:22 . 2013-12-17 14:22 149504 ----a-w- c:\windows\system32\occache.dll
2013-12-17 14:22 . 2013-12-17 14:22 144896 ----a-w- c:\windows\system32\wextract.exe
2013-12-17 14:22 . 2013-12-17 14:22 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-17 14:22 . 2013-12-17 14:22 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-17 14:22 . 2013-12-17 14:22 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-17 14:22 . 2013-12-17 14:22 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-12-17 14:22 . 2013-12-17 14:22 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-12-17 14:22 . 2013-12-17 14:22 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-17 14:22 . 2013-12-17 14:22 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-17 14:22 . 2013-12-17 14:22 102912 ----a-w- c:\windows\system32\inseng.dll
2013-12-17 14:20 . 2013-12-17 14:20 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-12-17 14:20 . 2013-12-17 14:20 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-12-17 14:20 . 2013-12-17 14:20 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-12-17 14:20 . 2013-12-17 14:20 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-17 14:20 . 2013-12-17 14:20 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-17 14:20 . 2013-12-17 14:20 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-12-17 14:20 . 2013-12-17 14:20 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-12-17 14:20 . 2013-12-17 14:20 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-12-17 14:20 . 2013-12-17 14:20 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-12-17 14:20 . 2013-12-17 14:20 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-12-17 14:20 . 2013-12-17 14:20 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-17 14:20 . 2013-12-17 14:20 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2012-02-22 03:59 405504 --sha-r- c:\windows\System32\vshadow.exe
2012-02-22 03:59 364032 --sha-r- c:\windows\System32\vshadowamd64.exe
2012-02-22 03:59 352256 --sha-r- c:\windows\System32\vshadowXP.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"CloudSystemBooster"="c:\program files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe" [2013-12-24 527544]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2012-02-22 600688]
"CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-10-26 73832]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"Anvi Smart Defender"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2013-10-21 1636536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 .Net Crypt;Microsoft.NET Framework SecurityCrypt x2.0c;c:\windows\system32\mutex-Threads.exe;c:\windows\SYSNATIVE\mutex-Threads.exe [x]
R2 .Net Security;Microsoft.NET Framework KernelSecurity x2.0c;c:\windows\system32\latch-Threads.exe;c:\windows\SYSNATIVE\latch-Threads.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 scssifilter;scssifilter;c:\windows\system32\Drivers\scssifilter64.sys;c:\windows\SYSNATIVE\Drivers\scssifilter64.sys [x]
S0 usbmp3;usbmp3;c:\windows\system32\Drivers\usbmp364.sys;c:\windows\SYSNATIVE\Drivers\usbmp364.sys [x]
S0 usbvox;usbvox;c:\windows\system32\Drivers\usbvox64.sys;c:\windows\SYSNATIVE\Drivers\usbvox64.sys [x]
S0 usbwav;usbwav;c:\windows\system32\Drivers\usbwav64.sys;c:\windows\SYSNATIVE\Drivers\usbwav64.sys [x]
S1 asdrm;asdrm;c:\windows\system32\DRIVERS\asdrm.sys;c:\windows\SYSNATIVE\DRIVERS\asdrm.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 .Net Main;Microsoft.NET Framework Kernel x2.0c;c:\windows\system32\idle-Threads.exe;c:\windows\SYSNATIVE\idle-Threads.exe [x]
S2 AnviCsbSvc;Anvi Cloud System Booster Speed Service;c:\program files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe;c:\program files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe [x]
S2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys;c:\windows\SYSNATIVE\DRIVERS\asdrs.sys [x]
S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [x]
S2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\DRIVERS\asdws.sys;c:\windows\SYSNATIVE\DRIVERS\asdws.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2mdx64.sys [x]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdx64.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-29 13:38 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2559462982-4009010215-310766029-1000Core.job
- c:\users\Easyhome\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-16 01:06]
.
2014-02-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2559462982-4009010215-310766029-1000UA.job
- c:\users\Easyhome\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-16 01:06]
.
2014-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-13 21:59]
.
2014-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-13 21:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-29 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2012-02-22 206208]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2012-02-22 823840]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.entru.com/?s=21983
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.entru.com/?s=21983
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}"=hex:51,66,7a,6c,4c,1d,38,12,50,ad,9c,
47,dd,f3,bd,01,d4,9d,4f,3c,86,0e,9b,4d
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}"=hex:51,66,7a,6c,4c,1d,38,12,14,1c,97,
2e,26,ee,cb,08,c9,cf,c8,d1,38,a5,3e,98
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b5,f4,bc,f4,a5,12,cf,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,39,38,90,d3,91,e4,41,86,8c,2a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,39,38,90,d3,91,e4,41,86,8c,2a,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2014-02-03 18:21:45 - machine was rebooted
ComboFix-quarantined-files.txt 2014-02-03 23:21
ComboFix2.txt 2014-02-02 05:27
ComboFix3.txt 2013-12-25 14:43
ComboFix4.txt 2013-12-13 22:45
.
Pre-Run: 182,074,732,544 bytes free
Post-Run: 182,017,921,024 bytes free
.
- - End Of File - - 98DCD50DEB48FBE83E453EEB6D936CB2
A36C5E4F47E84449FF07ED3517B43A31
#15
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 03 February 2014 - 07:28 PM
Hi leafaninottawa,
AdwCleaner v3: Scan & Clean
Junkware Removal Tool
Download Junkware Removal Tool to your desktop.
Re-run OTL (it should be located on your desktop).
In your next post please provide the following:
AdwCleaner v3: Scan & Clean- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
- Click on the Scan button.
- AdwCleaner will begin to scan your computer like it did before.
- After the scan has finished...
- Click on the Clean button.
- Press OK when asked to close all programs and follow the onscreen prompts.
- Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
- After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
- Copy and paste the contents of that log file in your next reply.
- A copy of that log file will also be saved in the C:\AdwCleaner folder.
Junkware Removal ToolDownload Junkware Removal Tool to your desktop.
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
- Shut down your protection software now to avoid potential conflicts.
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
Re-run OTL (it should be located on your desktop).- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
- Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Uncheck the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically. - Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
In your next post please provide the following:
- AdwCleaner[S0].txt
- JRT.txt
- OTL.txt
- Describe what symptoms you are experiencing.
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
