Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

odizidiablatochrit.exe [Solved]

malware

  • This topic is locked This topic is locked
62 replies to this topic

#1 Macaroni

Macaroni

    Authentic Member

  • Authentic Member
  • PipPip
  • 45 posts

Posted 16 November 2014 - 06:19 AM

Hi all,

on my other PC (running W7) I have a recurring problem with this thing. AVG popup repeatedly tells me it has been removed but it keeps coming back. There's a folder in "Program files (X86)" contaning the .exe. When I run a deliberate scan on the folder using AVG it tells me there's nothing amiss.

So frustrated that  I can't get rid of the thing - any help out there please?

I have another problem that I'll post here separately, just tokeep the threads manageable.

Cheers

DB


    Advertisements

Register to Remove


#2 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,753 posts
  • Interests:LFC, music, more LFC, more music

Posted 16 November 2014 - 05:13 PM

Hello Macaroni and welcome to the WTT forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested


Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download one of these to your desktop:



for a 32-bt system download this version.
for 64-bit use this one

.

  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

Satchfan
 

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#3 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,753 posts
  • Interests:LFC, music, more LFC, more music

Posted 17 November 2014 - 04:28 AM

My apologies; bad link.

Download from here

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#4 Macaroni

Macaroni

    Authentic Member

  • Authentic Member
  • PipPip
  • 45 posts

Posted 17 November 2014 - 03:40 PM

Thanks for taking this on Satchfan; might be some time between my posts but I've no doubt we'll get there

DB

 

RogueKiller V10.0.6.0 (x64) [Nov 13 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Owner [Administrator]
Mode : Scan -- Date : 11/17/2014  21:23:45

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] RogueKillerX64.exe -- C:\Users\Owner\Desktop\RogueKillerX64.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 26 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> Found
[ZeroAccess] (X64) HKEY_USERS\S-1-5-21-1223099625-640677739-1220686774-1000\Software\Microsoft\Windows\CurrentVersion\Run | Google Update??❤ : "C:\Users\Owner\AppData\Local\Google\Desktop\Install\{321b9ce6-0736-4e9b-cf39-77e1bd0827d0}\❤≸⋙\Ⱒ☠⍨\?ﯹ๛\{321b9ce6-0736-4e9b-cf39-77e1bd0827d0}\GoogleUpdate.exe" >  -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-1223099625-640677739-1220686774-1000\Software\Microsoft\Windows\CurrentVersion\Run | Obrona Block Ads : "C:\Users\Owner\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe" --hidden  -> Found
[ZeroAccess] (X86) HKEY_USERS\S-1-5-21-1223099625-640677739-1220686774-1000\Software\Microsoft\Windows\CurrentVersion\Run | Google Update??❤ : "C:\Users\Owner\AppData\Local\Google\Desktop\Install\{321b9ce6-0736-4e9b-cf39-77e1bd0827d0}\❤≸⋙\Ⱒ☠⍨\?ﯹ๛\{321b9ce6-0736-4e9b-cf39-77e1bd0827d0}\GoogleUpdate.exe" >  -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-1223099625-640677739-1220686774-1000\Software\Microsoft\Windows\CurrentVersion\Run | Obrona Block Ads : "C:\Users\Owner\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe" --hidden  -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BrowserDefendert (C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\servervo (C:\Users\Owner\AppData\Roaming\VOPackage\VOsrv.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BrowserDefendert (C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\servervo (C:\Users\Owner\AppData\Roaming\VOPackage\VOsrv.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BrowserDefendert (C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GlobalUpdater (C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\servervo (C:\Users\Owner\AppData\Roaming\VOPackage\VOsrv.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SProtection (C:\Program Files (x86)\Common Files\Umbrella\Umbrella219.exe) -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1223099625-640677739-1220686774-1000\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1223099625-640677739-1220686774-1000\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] MySearchDial.job -- C:\Users\Owner\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Found
[Suspicious.Path] \\MySearchDial -- C:\Users\Owner\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Found

¤¤¤ Files : 1 ¤¤¤
[ZeroAccess][Folder] Install -- C:\Users\Owner\AppData\Local\Google\Desktop\Install -> Found

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-001CA0 ATA Device +++++
--- User ---
[MBR] eb3b756890eb70b7b6f32b76479de702
[BSP] d696b006648b4c2707b03aaba70d3b53 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 230000 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 471246848 | Size: 246837 MB
User = LL1 ... OK
User = LL2 ... OK
 



#5 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,753 posts
  • Interests:LFC, music, more LFC, more music

Posted 17 November 2014 - 04:05 PM

Hi

There appears to be some bad stuff on there but we’ll need a further look.

Please re-run RogueKiller and when the scan is finished, press Delete.

======================================================

Please run these in the order requested.

Run TDSSKiller

Please download TDSSKiller.zip

  • extract it to your desktop
  • double click TDSSKiller.exe
  • press Start Scan
    • only if Malicious objects are found then ensure Cure is selected. Do not change it to Delete or Quarantine as it may delete infected files that are required for Windows to operate properly.
    • then click Continue > Reboot now
  • copy and paste the log in your next reply.
    • A copy of the log will be saved automatically to the root of the drive (typically C:\) called TDSSKiller_*** (*** denotes version & date)

======================================================

Download and run ComboFix

Download Combofix from the link below, and save it to your desktop.  

Link 1

**Note:  It MUST be saved directly to your desktop. Choose save as and then make sure you choose Desktop

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • when finished, it will produce a report for you.  
  • please post the C:\ComboFix.txt in your next post.

Please also remember to include the TDSSKiller log and the RogueKiller log

Thanks

Satchfan
 

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#6 Macaroni

Macaroni

    Authentic Member

  • Authentic Member
  • PipPip
  • 45 posts

Posted 18 November 2014 - 02:57 PM

Hi again,

the link to TDSSkiller seems not to be working, my browser returns an error, perhaps you have another link?

Thanks

DB



#7 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,753 posts
  • Interests:LFC, music, more LFC, more music

Posted 18 November 2014 - 04:27 PM

The link works OK for me.

 

Try this one.


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#8 Macaroni

Macaroni

    Authentic Member

  • Authentic Member
  • PipPip
  • 45 posts

Posted 18 November 2014 - 04:43 PM

Thanks, working now. Apparently nothing to report with TDSSkiller

 

22:40:03.0284 0x18d8  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
22:40:08.0889 0x18d8  ============================================================
22:40:08.0890 0x18d8  Current date / time: 2014/11/18 22:40:08.0889
22:40:08.0890 0x18d8  SystemInfo:
22:40:08.0890 0x18d8  
22:40:08.0890 0x18d8  OS Version: 6.1.7601 ServicePack: 1.0
22:40:08.0890 0x18d8  Product type: Workstation
22:40:08.0890 0x18d8  ComputerName: OWNER1
22:40:08.0890 0x18d8  UserName: Owner
22:40:08.0890 0x18d8  Windows directory: C:\Windows
22:40:08.0890 0x18d8  System windows directory: C:\Windows
22:40:08.0890 0x18d8  Running under WOW64
22:40:08.0890 0x18d8  Processor architecture: Intel x64
22:40:08.0890 0x18d8  Number of processors: 4
22:40:08.0890 0x18d8  Page size: 0x1000
22:40:08.0890 0x18d8  Boot type: Normal boot
22:40:08.0890 0x18d8  ============================================================
22:40:10.0657 0x18d8  KLMD registered as C:\Windows\system32\drivers\17739658.sys
22:40:10.0867 0x18d8  System UUID: {23257D6D-8ACE-B644-0458-DFB6D084B3F4}
22:40:11.0228 0x18d8  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:40:11.0232 0x18d8  ============================================================
22:40:11.0232 0x18d8  \Device\Harddisk0\DR0:
22:40:11.0232 0x18d8  MBR partitions:
22:40:11.0232 0x18d8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:40:11.0232 0x18d8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1C138000
22:40:11.0232 0x18d8  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1C16A800, BlocksNum 0x1E21A800
22:40:11.0232 0x18d8  ============================================================
22:40:11.0260 0x18d8  C: <-> \Device\Harddisk0\DR0\Partition2
22:40:11.0289 0x18d8  D: <-> \Device\Harddisk0\DR0\Partition3
22:40:11.0289 0x18d8  ============================================================
22:40:11.0289 0x18d8  Initialize success
22:40:11.0289 0x18d8  ============================================================
22:40:16.0254 0x1c0c  ============================================================
22:40:16.0254 0x1c0c  Scan started
22:40:16.0254 0x1c0c  Mode: Manual;
22:40:16.0254 0x1c0c  ============================================================
22:40:16.0254 0x1c0c  KSN ping started
22:40:30.0012 0x1c0c  KSN ping finished: true
22:40:31.0653 0x1c0c  ================ Scan system memory ========================
22:40:31.0653 0x1c0c  System memory - ok
22:40:31.0654 0x1c0c  ================ Scan services =============================
22:40:31.0800 0x1c0c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:40:31.0809 0x1c0c  1394ohci - ok
22:40:31.0855 0x1c0c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:40:31.0862 0x1c0c  ACPI - ok
22:40:31.0874 0x1c0c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:40:31.0875 0x1c0c  AcpiPmi - ok
22:40:31.0953 0x1c0c  [ 62B7936F9036DD6ED36E6A7EFA805DC0, C58EA1B46CB3595386C9217A7785F2A436916FB1E0BDC0E4BE484292C55AA455 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:40:31.0955 0x1c0c  AdobeARMservice - ok
22:40:32.0034 0x1c0c  [ D51145F6B0CE987850F13A61DAD5E531, 67CB6AB8C42781FA717CBEF81F3C658747E3B7814383056A56EDA99583FDBFD5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:40:32.0044 0x1c0c  AdobeFlashPlayerUpdateSvc - ok
22:40:32.0097 0x1c0c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
22:40:32.0122 0x1c0c  adp94xx - ok
22:40:32.0153 0x1c0c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
22:40:32.0170 0x1c0c  adpahci - ok
22:40:32.0193 0x1c0c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
22:40:32.0201 0x1c0c  adpu320 - ok
22:40:32.0228 0x1c0c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:40:32.0241 0x1c0c  AeLookupSvc - ok
22:40:32.0303 0x1c0c  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
22:40:32.0337 0x1c0c  AFD - ok
22:40:32.0353 0x1c0c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
22:40:32.0356 0x1c0c  agp440 - ok
22:40:32.0367 0x1c0c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
22:40:32.0371 0x1c0c  ALG - ok
22:40:32.0406 0x1c0c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:40:32.0407 0x1c0c  aliide - ok
22:40:32.0419 0x1c0c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
22:40:32.0420 0x1c0c  amdide - ok
22:40:32.0449 0x1c0c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
22:40:32.0453 0x1c0c  AmdK8 - ok
22:40:32.0465 0x1c0c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:40:32.0467 0x1c0c  AmdPPM - ok
22:40:32.0498 0x1c0c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:40:32.0502 0x1c0c  amdsata - ok
22:40:32.0530 0x1c0c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
22:40:32.0537 0x1c0c  amdsbs - ok
22:40:32.0555 0x1c0c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:40:32.0557 0x1c0c  amdxata - ok
22:40:32.0598 0x1c0c  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
22:40:32.0614 0x1c0c  AppID - ok
22:40:32.0635 0x1c0c  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:40:32.0637 0x1c0c  AppIDSvc - ok
22:40:32.0676 0x1c0c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
22:40:32.0737 0x1c0c  Appinfo - ok
22:40:32.0955 0x1c0c  [ A5299D04ED225D64CF07A568A3E1BF8C, 6F7E73893127BADC8C9815E9BCC0EB5F6584E254D0D09A0B6A680704C71E0A90 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:40:32.0964 0x1c0c  Apple Mobile Device - ok
22:40:32.0993 0x1c0c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
22:40:32.0995 0x1c0c  arc - ok
22:40:33.0009 0x1c0c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
22:40:33.0012 0x1c0c  arcsas - ok
22:40:33.0051 0x1c0c  [ 6FE3237C1177E66437E7AD0E8AC1A6E5, 3223D4E57150DE8F768BC1BE0E6DCFFC6CA5B09DC7D7ADF283C90929100B0B7B ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
22:40:33.0054 0x1c0c  asmthub3 - ok
22:40:33.0087 0x1c0c  [ C4043E39A2ABBC56581CA25DF161E9F7, 1B53A8BEE4823EA842A00F5304428F0B4D14078045CF84ED20D8DF0FB8826040 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
22:40:33.0097 0x1c0c  asmtxhci - ok
22:40:33.0207 0x1c0c  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:40:33.0230 0x1c0c  aspnet_state - ok
22:40:33.0249 0x1c0c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:40:33.0252 0x1c0c  AsyncMac - ok
22:40:33.0280 0x1c0c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
22:40:33.0282 0x1c0c  atapi - ok
22:40:33.0349 0x1c0c  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:40:33.0397 0x1c0c  AudioEndpointBuilder - ok
22:40:33.0421 0x1c0c  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:40:33.0431 0x1c0c  AudioSrv - ok
22:40:33.0624 0x1c0c  [ AB673BA95E8FA446E9C00AA7A34B96DA, 6CDFAEAD9BB8396D6F4BE2A409470760CBF4391CE1AFB3FF8DFA3277BBA7D957 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
22:40:33.0788 0x1c0c  AVGIDSAgent - ok
22:40:33.0820 0x1c0c  [ 633360E94804E7BAFE642017817C9413, 95408683E311E7B24B16F0F8BC8E96D52844E739A9A8EC0BF97BBB73B9DA3932 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
22:40:33.0843 0x1c0c  AVGIDSDriver - ok
22:40:33.0865 0x1c0c  [ 0F293406F64B48D5D2F0D3A1117F3A83, 5399AF098CA95231797EB1A37594919D1271E37FC363D3641EC07627E4711CA5 ] AVGIDSFilter    C:\Windows\system32\DRIVERS\avgidsfiltera.sys
22:40:33.0867 0x1c0c  AVGIDSFilter - ok
22:40:33.0892 0x1c0c  [ CFFC3A4A638F462E0561CB368B9A7A3A, A9258122D54D6B2DF71E9682A30FA9F74035CE1C60C350FB9012F4AAB2D89C63 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
22:40:33.0894 0x1c0c  AVGIDSHA - ok
22:40:33.0914 0x1c0c  [ BE8BC5D10ABA05D7F6E79D8296906C86, 2A39CD0887F50DF223D36FDD9C202277D84DF998E7D9AEE31A374507C510A687 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
22:40:33.0925 0x1c0c  Avgldx64 - ok
22:40:33.0934 0x1c0c  [ A6AEC362AAE5E2DDA7445E7690CB0F33, 64FCE35E71AC1105720B845D2C87FF8FC94353A69AD43DAF7F81A543DDA6462C ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
22:40:33.0937 0x1c0c  Avgmfx64 - ok
22:40:33.0969 0x1c0c  [ 645C7F0A0E39758A0024A9B1748273C0, 9EDC8D2C40EF49BA2C2A6BEED0D1EDE348D58EF57F27894D6E2021BCA864D940 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
22:40:33.0971 0x1c0c  Avgrkx64 - ok
22:40:34.0007 0x1c0c  [ A441A655D6D9DDDDBA11994530F84981, FFB13E88E90520F53DF19898CBA9617EF7AA76890CB59690B63753938B992453 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
22:40:34.0023 0x1c0c  Avgtdia - ok
22:40:34.0047 0x1c0c  [ EA1145DEBCD508FD25BD1E95C4346929, E6D9C84C61DBD69726E4B5BB081B53330E9F7662374D539CF25D8EE3539B9885 ] avgwd           C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
22:40:34.0053 0x1c0c  avgwd - ok
22:40:34.0100 0x1c0c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:40:34.0104 0x1c0c  AxInstSV - ok
22:40:34.0143 0x1c0c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
22:40:34.0160 0x1c0c  b06bdrv - ok
22:40:34.0201 0x1c0c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:40:34.0209 0x1c0c  b57nd60a - ok
22:40:34.0244 0x1c0c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:40:34.0248 0x1c0c  BDESVC - ok
22:40:34.0260 0x1c0c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:40:34.0262 0x1c0c  Beep - ok
22:40:34.0315 0x1c0c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
22:40:34.0341 0x1c0c  BFE - ok
22:40:34.0386 0x1c0c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
22:40:34.0437 0x1c0c  BITS - ok
22:40:34.0459 0x1c0c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:40:34.0460 0x1c0c  blbdrive - ok
22:40:34.0532 0x1c0c  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:40:34.0554 0x1c0c  Bonjour Service - ok
22:40:34.0575 0x1c0c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:40:34.0579 0x1c0c  bowser - ok
22:40:34.0616 0x1c0c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:40:34.0617 0x1c0c  BrFiltLo - ok
22:40:34.0633 0x1c0c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:40:34.0635 0x1c0c  BrFiltUp - ok
22:40:34.0740 0x1c0c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
22:40:34.0746 0x1c0c  Browser - ok
22:40:34.0793 0x1c0c  BrowserDefendert - ok
22:40:34.0858 0x1c0c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:40:34.0868 0x1c0c  Brserid - ok
22:40:34.0892 0x1c0c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:40:34.0894 0x1c0c  BrSerWdm - ok
22:40:34.0905 0x1c0c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:40:34.0906 0x1c0c  BrUsbMdm - ok
22:40:34.0914 0x1c0c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:40:34.0915 0x1c0c  BrUsbSer - ok
22:40:34.0932 0x1c0c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:40:34.0935 0x1c0c  BTHMODEM - ok
22:40:34.0983 0x1c0c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
22:40:34.0987 0x1c0c  bthserv - ok
22:40:35.0000 0x1c0c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:40:35.0005 0x1c0c  cdfs - ok
22:40:35.0051 0x1c0c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:40:35.0057 0x1c0c  cdrom - ok
22:40:35.0087 0x1c0c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
22:40:35.0091 0x1c0c  CertPropSvc - ok
22:40:35.0114 0x1c0c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:40:35.0117 0x1c0c  circlass - ok
22:40:35.0153 0x1c0c  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
22:40:35.0169 0x1c0c  CLFS - ok
22:40:35.0238 0x1c0c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:40:35.0253 0x1c0c  clr_optimization_v2.0.50727_32 - ok
22:40:35.0295 0x1c0c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:40:35.0299 0x1c0c  clr_optimization_v2.0.50727_64 - ok
22:40:35.0370 0x1c0c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:40:35.0456 0x1c0c  clr_optimization_v4.0.30319_32 - ok
22:40:35.0506 0x1c0c  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:40:35.0543 0x1c0c  clr_optimization_v4.0.30319_64 - ok
22:40:35.0583 0x1c0c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:40:35.0585 0x1c0c  CmBatt - ok
22:40:35.0606 0x1c0c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:40:35.0608 0x1c0c  cmdide - ok
22:40:35.0651 0x1c0c  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
22:40:35.0694 0x1c0c  CNG - ok
22:40:35.0715 0x1c0c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:40:35.0717 0x1c0c  Compbatt - ok
22:40:35.0725 0x25b0  Object required for P2P: [ D51145F6B0CE987850F13A61DAD5E531 ] AdobeFlashPlayerUpdateSvc
22:40:35.0743 0x1c0c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
22:40:35.0746 0x1c0c  CompositeBus - ok
22:40:35.0761 0x1c0c  COMSysApp - ok
22:40:35.0829 0x1c0c  [ 815F3180B5117E42E422188E9CCC89C6, 69E539D33F3B9F3562FE4B21D853EEBB15DBD2106509FEBD476D04562F34AC08 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
22:40:35.0838 0x1c0c  cphs - ok
22:40:35.0867 0x1c0c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
22:40:35.0869 0x1c0c  crcdisk - ok
22:40:35.0903 0x1c0c  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:40:35.0909 0x1c0c  CryptSvc - ok
22:40:35.0952 0x1c0c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:40:35.0975 0x1c0c  DcomLaunch - ok
22:40:36.0003 0x1c0c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
22:40:36.0009 0x1c0c  defragsvc - ok
22:40:36.0044 0x1c0c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:40:36.0046 0x1c0c  DfsC - ok
22:40:36.0071 0x1c0c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:40:36.0078 0x1c0c  Dhcp - ok
22:40:36.0091 0x1c0c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
22:40:36.0092 0x1c0c  discache - ok
22:40:36.0119 0x1c0c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
22:40:36.0121 0x1c0c  Disk - ok
22:40:36.0154 0x1c0c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:40:36.0161 0x1c0c  Dnscache - ok
22:40:36.0194 0x1c0c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:40:36.0203 0x1c0c  dot3svc - ok
22:40:36.0223 0x1c0c  [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] dot4            C:\Windows\system32\DRIVERS\Dot4.sys
22:40:36.0247 0x1c0c  dot4 - ok
22:40:36.0262 0x1c0c  [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
22:40:36.0264 0x1c0c  Dot4Print - ok
22:40:36.0286 0x1c0c  [ 488669CD1CD3BDCFDD9A5FDA72209069, CCB6BCB23A30CFD016E4086ED010A0E9DA647D3FAD9724200A29938D2B79A3C0 ] Dot4Scan        C:\Windows\system32\DRIVERS\Dot4Scan.sys
22:40:36.0301 0x1c0c  Dot4Scan - ok
22:40:36.0318 0x1c0c  [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
22:40:36.0321 0x1c0c  dot4usb - ok
22:40:36.0358 0x1c0c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
22:40:36.0365 0x1c0c  DPS - ok
22:40:36.0400 0x1c0c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:40:36.0413 0x1c0c  drmkaud - ok
22:40:36.0479 0x1c0c  [ 1ED08A6264C5C92099D6D1DAE5E8F530, 4045AE77859B1DBF13972451972EAAF6F3C97BEA423E9E78F1C2F14330CD47CA ] DrvAgent64      C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
22:40:36.0481 0x1c0c  DrvAgent64 - ok
22:40:36.0539 0x1c0c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:40:36.0606 0x1c0c  DXGKrnl - ok
22:40:36.0635 0x1c0c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
22:40:36.0638 0x1c0c  EapHost - ok
22:40:36.0740 0x1c0c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
22:40:36.0850 0x1c0c  ebdrv - ok
22:40:36.0878 0x1c0c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
22:40:36.0881 0x1c0c  EFS - ok
22:40:36.0943 0x1c0c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:40:36.0969 0x1c0c  ehRecvr - ok
22:40:36.0991 0x1c0c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
22:40:37.0008 0x1c0c  ehSched - ok
22:40:37.0052 0x1c0c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
22:40:37.0069 0x1c0c  elxstor - ok
22:40:37.0089 0x1c0c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:40:37.0090 0x1c0c  ErrDev - ok
22:40:37.0144 0x1c0c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
22:40:37.0153 0x1c0c  EventSystem - ok
22:40:37.0170 0x1c0c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
22:40:37.0175 0x1c0c  exfat - ok
22:40:37.0194 0x1c0c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:40:37.0199 0x1c0c  fastfat - ok
22:40:37.0264 0x1c0c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
22:40:37.0295 0x1c0c  Fax - ok
22:40:37.0319 0x1c0c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:40:37.0321 0x1c0c  fdc - ok
22:40:37.0337 0x1c0c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
22:40:37.0339 0x1c0c  fdPHost - ok
22:40:37.0353 0x1c0c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:40:37.0355 0x1c0c  FDResPub - ok
22:40:37.0369 0x1c0c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:40:37.0372 0x1c0c  FileInfo - ok
22:40:37.0383 0x1c0c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:40:37.0385 0x1c0c  Filetrace - ok
22:40:37.0399 0x1c0c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:40:37.0401 0x1c0c  flpydisk - ok
22:40:37.0444 0x1c0c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:40:37.0452 0x1c0c  FltMgr - ok
22:40:37.0518 0x1c0c  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
22:40:37.0567 0x1c0c  FontCache - ok
22:40:37.0613 0x1c0c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:40:37.0615 0x1c0c  FontCache3.0.0.0 - ok
22:40:37.0631 0x1c0c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:40:37.0635 0x1c0c  FsDepends - ok
22:40:37.0665 0x1c0c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:40:37.0701 0x1c0c  Fs_Rec - ok
22:40:37.0755 0x1c0c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:40:37.0783 0x1c0c  fvevol - ok
22:40:37.0810 0x1c0c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
22:40:37.0813 0x1c0c  gagp30kx - ok
22:40:37.0879 0x1c0c  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F, 6D2B301E77839FFF1C74425B37D02C3F3837CE50E856C21AE4CF7ABABB04ADDC ] GoogleDesktopManager-051210-111108 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
22:40:37.0881 0x1c0c  GoogleDesktopManager-051210-111108 - ok
22:40:37.0942 0x1c0c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:40:37.0965 0x1c0c  gpsvc - ok
22:40:38.0015 0x1c0c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:40:38.0019 0x1c0c  gupdate - ok
22:40:38.0032 0x1c0c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:40:38.0035 0x1c0c  gupdatem - ok
22:40:38.0065 0x1c0c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:40:38.0068 0x1c0c  hcw85cir - ok
22:40:38.0110 0x1c0c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:40:38.0127 0x1c0c  HdAudAddService - ok
22:40:38.0142 0x1c0c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
22:40:38.0146 0x1c0c  HDAudBus - ok
22:40:38.0159 0x1c0c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
22:40:38.0161 0x1c0c  HidBatt - ok
22:40:38.0178 0x1c0c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:40:38.0181 0x1c0c  HidBth - ok
22:40:38.0210 0x1c0c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
22:40:38.0212 0x1c0c  HidIr - ok
22:40:38.0236 0x1c0c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
22:40:38.0239 0x1c0c  hidserv - ok
22:40:38.0279 0x1c0c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:40:38.0293 0x1c0c  HidUsb - ok
22:40:38.0337 0x1c0c  [ DD9C88B116408B30F855A76E09DD2962, CF66FAA8281404620FBC7122ADEE65795BAB10B1D9588EA21DF1D83460184512 ] hitmanpro37     C:\Windows\system32\drivers\hitmanpro37.sys
22:40:38.0339 0x1c0c  hitmanpro37 - ok
22:40:38.0387 0x1c0c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:40:38.0392 0x1c0c  hkmsvc - ok
22:40:38.0431 0x1c0c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:40:38.0440 0x1c0c  HomeGroupListener - ok
22:40:38.0469 0x1c0c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:40:38.0477 0x1c0c  HomeGroupProvider - ok
22:40:38.0507 0x1c0c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:40:38.0511 0x1c0c  HpSAMD - ok
22:40:38.0561 0x1c0c  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:40:38.0595 0x1c0c  HTTP - ok
22:40:38.0621 0x1c0c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:40:38.0622 0x1c0c  hwpolicy - ok
22:40:38.0647 0x1c0c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
22:40:38.0651 0x1c0c  i8042prt - ok
22:40:38.0692 0x1c0c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:40:38.0707 0x1c0c  iaStorV - ok
22:40:38.0854 0x1c0c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:40:38.0886 0x1c0c  idsvc - ok
22:40:38.0924 0x1c0c  IEEtwCollectorService - ok
22:40:39.0076 0x1c0c  [ 348214F96642FD4FEF630DE021BA3540, B6A7D2EA41F6866F5AFF5022BB459E5AFF683FF2FF470B84F3E911C8AEC47C30 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
22:40:39.0388 0x1c0c  igfx - ok
22:40:39.0418 0x1c0c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
22:40:39.0420 0x1c0c  iirsp - ok
22:40:39.0481 0x1c0c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
22:40:39.0503 0x1c0c  IKEEXT - ok
22:40:39.0517 0x1c0c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:40:39.0518 0x1c0c  intelide - ok
22:40:39.0538 0x1c0c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:40:39.0540 0x1c0c  intelppm - ok
22:40:39.0565 0x1c0c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:40:39.0569 0x1c0c  IPBusEnum - ok
22:40:39.0591 0x1c0c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:40:39.0593 0x1c0c  IpFilterDriver - ok
22:40:39.0649 0x1c0c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:40:39.0683 0x1c0c  iphlpsvc - ok
22:40:39.0708 0x1c0c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:40:39.0710 0x1c0c  IPMIDRV - ok
22:40:39.0722 0x1c0c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:40:39.0727 0x1c0c  IPNAT - ok
22:40:39.0743 0x1c0c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:40:39.0745 0x1c0c  IRENUM - ok
22:40:39.0766 0x1c0c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:40:39.0768 0x1c0c  isapnp - ok
22:40:39.0796 0x1c0c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:40:39.0805 0x1c0c  iScsiPrt - ok
22:40:39.0820 0x1c0c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:40:39.0822 0x1c0c  kbdclass - ok
22:40:39.0874 0x1c0c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:40:39.0877 0x1c0c  kbdhid - ok
22:40:39.0887 0x1c0c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
22:40:39.0889 0x1c0c  KeyIso - ok
22:40:39.0921 0x1c0c  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:40:39.0925 0x1c0c  KSecDD - ok
22:40:39.0958 0x1c0c  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:40:39.0964 0x1c0c  KSecPkg - ok
22:40:39.0984 0x1c0c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:40:39.0986 0x1c0c  ksthunk - ok
22:40:40.0017 0x1c0c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:40:40.0034 0x1c0c  KtmRm - ok
22:40:40.0065 0x1c0c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:40:40.0074 0x1c0c  LanmanServer - ok
22:40:40.0103 0x1c0c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:40:40.0109 0x1c0c  LanmanWorkstation - ok
22:40:40.0139 0x1c0c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:40:40.0141 0x1c0c  lltdio - ok
22:40:40.0169 0x1c0c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:40:40.0179 0x1c0c  lltdsvc - ok
22:40:40.0193 0x1c0c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:40:40.0195 0x1c0c  lmhosts - ok
22:40:40.0248 0x1c0c  [ 50C7CE53EF461870410355F1F2E7D515, D6E84C63D74E4603D37FD7CC88BF51DE23CD17DB1D1AD4ADBED62F949F3C470C ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:40:40.0263 0x1c0c  LMS - ok
22:40:40.0315 0x1c0c  [ 99468F9F7323DFC85DDFDD37ED4CBF50, 8A10C04EE3E50CAF81C9AC3600B21AAA8F265AE9FB7020AC44AC4C755DFCF572 ] lsdprn          C:\Windows\SysWOW64\lsdprn.exe
22:40:40.0460 0x1c0c  lsdprn - ok
22:40:40.0489 0x1c0c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
22:40:40.0494 0x1c0c  LSI_FC - ok
22:40:40.0506 0x1c0c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
22:40:40.0511 0x1c0c  LSI_SAS - ok
22:40:40.0527 0x1c0c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:40:40.0531 0x1c0c  LSI_SAS2 - ok
22:40:40.0545 0x1c0c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:40:40.0550 0x1c0c  LSI_SCSI - ok
22:40:40.0574 0x1c0c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
22:40:40.0579 0x1c0c  luafv - ok
22:40:40.0659 0x1c0c  [ 1704A8189EE5580AB147CFD25C5C8770, DFA076FD36B5CC844D4BE3B865E9A1F809E14CCB1D78D82A2D8D8EE38210E6EB ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
22:40:40.0670 0x1c0c  McComponentHostService - ok
22:40:40.0723 0x1c0c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:40:40.0728 0x1c0c  Mcx2Svc - ok
22:40:40.0744 0x1c0c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
22:40:40.0746 0x1c0c  megasas - ok
22:40:40.0775 0x1c0c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
22:40:40.0785 0x1c0c  MegaSR - ok
22:40:40.0824 0x1c0c  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
22:40:40.0827 0x1c0c  MEIx64 - ok
22:40:40.0877 0x1c0c  Microsoft SharePoint Workspace Audit Service - ok
22:40:40.0905 0x1c0c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
22:40:40.0909 0x1c0c  MMCSS - ok
22:40:40.0920 0x1c0c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
22:40:40.0922 0x1c0c  Modem - ok
22:40:40.0940 0x1c0c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:40:40.0942 0x1c0c  monitor - ok
22:40:40.0973 0x1c0c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:40:40.0976 0x1c0c  mouclass - ok
22:40:40.0999 0x1c0c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:40:41.0001 0x1c0c  mouhid - ok
22:40:41.0026 0x1c0c  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:40:41.0030 0x1c0c  mountmgr - ok
22:40:41.0102 0x1c0c  [ DFCD29AB147716CA72416FA7D2196D46, ED60BF354347697F69A78C9FBE1ADCBE0C3EB4C2CC8DB97A7FA03A68BD796066 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:40:41.0107 0x1c0c  MozillaMaintenance - ok
22:40:41.0135 0x1c0c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:40:41.0141 0x1c0c  mpio - ok
22:40:41.0163 0x1c0c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:40:41.0167 0x1c0c  mpsdrv - ok
22:40:41.0229 0x1c0c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:40:41.0262 0x1c0c  MpsSvc - ok
22:40:41.0297 0x1c0c  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:40:41.0303 0x1c0c  MRxDAV - ok
22:40:41.0327 0x1c0c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:40:41.0333 0x1c0c  mrxsmb - ok
22:40:41.0340 0x25b0  Object send P2P result: true
22:40:41.0349 0x1c0c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:40:41.0359 0x1c0c  mrxsmb10 - ok
22:40:41.0381 0x1c0c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:40:41.0384 0x1c0c  mrxsmb20 - ok
22:40:41.0406 0x1c0c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:40:41.0428 0x1c0c  msahci - ok
22:40:41.0456 0x1c0c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:40:41.0462 0x1c0c  msdsm - ok
22:40:41.0471 0x1c0c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
22:40:41.0476 0x1c0c  MSDTC - ok
22:40:41.0495 0x1c0c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:40:41.0497 0x1c0c  Msfs - ok
22:40:41.0516 0x1c0c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:40:41.0518 0x1c0c  mshidkmdf - ok
22:40:41.0539 0x1c0c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:40:41.0540 0x1c0c  msisadrv - ok
22:40:41.0566 0x1c0c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:40:41.0573 0x1c0c  MSiSCSI - ok
22:40:41.0577 0x1c0c  msiserver - ok
22:40:41.0597 0x1c0c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:40:41.0599 0x1c0c  MSKSSRV - ok
22:40:41.0611 0x1c0c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:40:41.0613 0x1c0c  MSPCLOCK - ok
22:40:41.0621 0x1c0c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:40:41.0622 0x1c0c  MSPQM - ok
22:40:41.0665 0x1c0c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:40:41.0681 0x1c0c  MsRPC - ok
22:40:41.0705 0x1c0c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
22:40:41.0707 0x1c0c  mssmbios - ok
22:40:41.0717 0x1c0c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:40:41.0718 0x1c0c  MSTEE - ok
22:40:41.0734 0x1c0c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:40:41.0736 0x1c0c  MTConfig - ok
22:40:41.0757 0x1c0c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
22:40:41.0760 0x1c0c  Mup - ok
22:40:41.0795 0x1c0c  [ 2C0556FA4D6B67A98A9BAE025AC67CCF, A9EB97D304EEDC210B4B3AF90E9F15EC578F7A02119881D0CA80144D6B3D3D72 ] NalServ         C:\Windows\SysWOW64\nalserv.exe
22:40:41.0801 0x1c0c  NalServ - ok
22:40:41.0839 0x1c0c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
22:40:41.0864 0x1c0c  napagent - ok
22:40:41.0903 0x1c0c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:40:41.0913 0x1c0c  NativeWifiP - ok
22:40:41.0986 0x1c0c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:40:42.0028 0x1c0c  NDIS - ok
22:40:42.0047 0x1c0c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:40:42.0050 0x1c0c  NdisCap - ok
22:40:42.0075 0x1c0c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:40:42.0077 0x1c0c  NdisTapi - ok
22:40:42.0114 0x1c0c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:40:42.0117 0x1c0c  Ndisuio - ok
22:40:42.0145 0x1c0c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:40:42.0150 0x1c0c  NdisWan - ok
22:40:42.0180 0x1c0c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:40:42.0183 0x1c0c  NDProxy - ok
22:40:42.0194 0x1c0c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:40:42.0196 0x1c0c  NetBIOS - ok
22:40:42.0224 0x1c0c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:40:42.0232 0x1c0c  NetBT - ok
22:40:42.0245 0x1c0c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
22:40:42.0247 0x1c0c  Netlogon - ok
22:40:42.0272 0x1c0c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
22:40:42.0286 0x1c0c  Netman - ok
22:40:42.0355 0x1c0c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:40:42.0372 0x1c0c  NetMsmqActivator - ok
22:40:42.0381 0x1c0c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:40:42.0386 0x1c0c  NetPipeActivator - ok
22:40:42.0417 0x1c0c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
22:40:42.0432 0x1c0c  netprofm - ok
22:40:42.0443 0x1c0c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:40:42.0445 0x1c0c  NetTcpActivator - ok
22:40:42.0450 0x1c0c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:40:42.0453 0x1c0c  NetTcpPortSharing - ok
22:40:42.0485 0x1c0c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
22:40:42.0487 0x1c0c  nfrd960 - ok
22:40:42.0515 0x1c0c  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:40:42.0523 0x1c0c  NlaSvc - ok
22:40:42.0542 0x1c0c  [ 91FC7F4BB192639E8893A9733E1F0E82, 095A807ACE813A8954018293D65294DFAFA2B1A66DCAFBCFDACA8654FF062C31 ] nlsX86cc        C:\Windows\SysWOW64\nlssrv32.exe
22:40:42.0544 0x1c0c  nlsX86cc - ok
22:40:42.0557 0x1c0c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:40:42.0559 0x1c0c  Npfs - ok
22:40:42.0580 0x1c0c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
22:40:42.0581 0x1c0c  nsi - ok
22:40:42.0600 0x1c0c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:40:42.0601 0x1c0c  nsiproxy - ok
22:40:42.0693 0x1c0c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:40:42.0746 0x1c0c  Ntfs - ok
22:40:42.0757 0x1c0c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
22:40:42.0758 0x1c0c  Null - ok
22:40:42.0792 0x1c0c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:40:42.0796 0x1c0c  nvraid - ok
22:40:42.0815 0x1c0c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:40:42.0819 0x1c0c  nvstor - ok
22:40:42.0840 0x1c0c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:40:42.0843 0x1c0c  nv_agp - ok
22:40:43.0011 0x1c0c  [ 454779C05D197488DFCB09BF3B48DA12, 07E4F7B26581662FB014E6158E6325C55AA7430072AB14C30049128D67B62637 ] Odizidiablatochrit C:\Program Files (x86)\Odizidiablatochrit\Odizidiablatochrit.exe
22:40:43.0396 0x1c0c  Odizidiablatochrit - ok
22:40:43.0419 0x1c0c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:40:43.0422 0x1c0c  ohci1394 - ok
22:40:43.0465 0x1c0c  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:40:43.0468 0x1c0c  ose - ok
22:40:43.0645 0x1c0c  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:40:43.0786 0x1c0c  osppsvc - ok
22:40:43.0819 0x1c0c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:40:43.0827 0x1c0c  p2pimsvc - ok
22:40:43.0845 0x1c0c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
22:40:43.0855 0x1c0c  p2psvc - ok
22:40:43.0885 0x1c0c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:40:43.0888 0x1c0c  Parport - ok
22:40:43.0903 0x1c0c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:40:43.0906 0x1c0c  partmgr - ok
22:40:43.0918 0x1c0c  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:40:43.0924 0x1c0c  PcaSvc - ok
22:40:43.0976 0x1c0c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
22:40:43.0981 0x1c0c  pci - ok
22:40:44.0014 0x1c0c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
22:40:44.0016 0x1c0c  pciide - ok
22:40:44.0034 0x1c0c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:40:44.0040 0x1c0c  pcmcia - ok
22:40:44.0070 0x1c0c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:40:44.0072 0x1c0c  pcw - ok
22:40:44.0097 0x1c0c  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:40:44.0123 0x1c0c  PEAUTH - ok
22:40:44.0148 0x1c0c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:40:44.0150 0x1c0c  PerfHost - ok
22:40:44.0212 0x1c0c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
22:40:44.0254 0x1c0c  pla - ok
22:40:44.0294 0x1c0c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:40:44.0304 0x1c0c  PlugPlay - ok
22:40:44.0326 0x1c0c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:40:44.0328 0x1c0c  PNRPAutoReg - ok
22:40:44.0344 0x1c0c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:40:44.0350 0x1c0c  PNRPsvc - ok
22:40:44.0373 0x1c0c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:40:44.0384 0x1c0c  PolicyAgent - ok
22:40:44.0417 0x1c0c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
22:40:44.0423 0x1c0c  Power - ok
22:40:44.0465 0x1c0c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:40:44.0470 0x1c0c  PptpMiniport - ok
22:40:44.0482 0x1c0c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
22:40:44.0485 0x1c0c  Processor - ok
22:40:44.0516 0x1c0c  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:40:44.0525 0x1c0c  ProfSvc - ok
22:40:44.0537 0x1c0c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:40:44.0539 0x1c0c  ProtectedStorage - ok
22:40:44.0569 0x1c0c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:40:44.0573 0x1c0c  Psched - ok
22:40:44.0645 0x1c0c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
22:40:44.0688 0x1c0c  ql2300 - ok
22:40:44.0706 0x1c0c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
22:40:44.0709 0x1c0c  ql40xx - ok
22:40:44.0730 0x1c0c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
22:40:44.0736 0x1c0c  QWAVE - ok
22:40:44.0743 0x1c0c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:40:44.0745 0x1c0c  QWAVEdrv - ok
22:40:44.0748 0x1c0c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:40:44.0750 0x1c0c  RasAcd - ok
22:40:44.0773 0x1c0c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:40:44.0775 0x1c0c  RasAgileVpn - ok
22:40:44.0784 0x1c0c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
22:40:44.0787 0x1c0c  RasAuto - ok
22:40:44.0810 0x1c0c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:40:44.0813 0x1c0c  Rasl2tp - ok
22:40:44.0847 0x1c0c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
22:40:44.0855 0x1c0c  RasMan - ok
22:40:44.0869 0x1c0c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:40:44.0872 0x1c0c  RasPppoe - ok
22:40:44.0885 0x1c0c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:40:44.0888 0x1c0c  RasSstp - ok
22:40:44.0911 0x1c0c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:40:44.0918 0x1c0c  rdbss - ok
22:40:44.0931 0x1c0c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:40:44.0933 0x1c0c  rdpbus - ok
22:40:44.0953 0x1c0c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:40:44.0954 0x1c0c  RDPCDD - ok
22:40:44.0963 0x1c0c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:40:44.0964 0x1c0c  RDPENCDD - ok
22:40:44.0968 0x1c0c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:40:44.0969 0x1c0c  RDPREFMP - ok
22:40:45.0001 0x1c0c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:40:45.0009 0x1c0c  RDPWD - ok
22:40:45.0046 0x1c0c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:40:45.0054 0x1c0c  rdyboost - ok
22:40:45.0079 0x1c0c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:40:45.0084 0x1c0c  RemoteAccess - ok
22:40:45.0101 0x1c0c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:40:45.0106 0x1c0c  RemoteRegistry - ok
22:40:45.0138 0x1c0c  [ 7B04C9843921AB1F695FB395422C5360, C9B02BE0384357FD242613C2A12029B45322AF9A795CD69F33500CA7530899A7 ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
22:40:45.0148 0x1c0c  RimUsb - ok
22:40:45.0160 0x1c0c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:40:45.0162 0x1c0c  RpcEptMapper - ok
22:40:45.0181 0x1c0c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
22:40:45.0183 0x1c0c  RpcLocator - ok
22:40:45.0213 0x1c0c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
22:40:45.0222 0x1c0c  RpcSs - ok
22:40:45.0251 0x1c0c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:40:45.0254 0x1c0c  rspndr - ok
22:40:45.0290 0x1c0c  [ 16D4E350420BAA7E63E16E3FC033E1F5, ED972E45A286161F02A2F3924B5A0EF86466F2FBC28B24AD4287CCDD68E76A80 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
22:40:45.0300 0x1c0c  RTL8167 - ok
22:40:45.0312 0x1c0c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
22:40:45.0313 0x1c0c  SamSs - ok
22:40:45.0335 0x1c0c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:40:45.0338 0x1c0c  sbp2port - ok
22:40:45.0366 0x1c0c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:40:45.0371 0x1c0c  SCardSvr - ok
22:40:45.0395 0x1c0c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:40:45.0396 0x1c0c  scfilter - ok
22:40:45.0458 0x1c0c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
22:40:45.0502 0x1c0c  Schedule - ok
22:40:45.0545 0x1c0c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:40:45.0548 0x1c0c  SCPolicySvc - ok
22:40:45.0586 0x1c0c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:40:45.0594 0x1c0c  SDRSVC - ok
22:40:45.0627 0x1c0c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:40:45.0629 0x1c0c  secdrv - ok
22:40:45.0658 0x1c0c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
22:40:45.0661 0x1c0c  seclogon - ok
22:40:45.0680 0x1c0c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
22:40:45.0684 0x1c0c  SENS - ok
22:40:45.0695 0x1c0c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:40:45.0698 0x1c0c  SensrSvc - ok
22:40:45.0713 0x1c0c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:40:45.0715 0x1c0c  Serenum - ok
22:40:45.0737 0x1c0c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:40:45.0741 0x1c0c  Serial - ok
22:40:45.0769 0x1c0c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
22:40:45.0771 0x1c0c  sermouse - ok
22:40:45.0869 0x1c0c  [ 473A3A9F5CD04D7E8FBEEE89A663DF71, 3B01F7DE7747E58734D454BBECDB234DAA8A2C86BFB3B23AC31CC2C104117732 ] servervo        C:\Users\Owner\AppData\Roaming\VOPackage\VOsrv.exe
22:40:46.0362 0x1c0c  servervo - ok
22:40:46.0399 0x1c0c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
22:40:46.0404 0x1c0c  SessionEnv - ok
22:40:46.0425 0x1c0c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:40:46.0426 0x1c0c  sffdisk - ok
22:40:46.0434 0x1c0c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:40:46.0435 0x1c0c  sffp_mmc - ok
22:40:46.0440 0x1c0c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:40:46.0441 0x1c0c  sffp_sd - ok
22:40:46.0468 0x1c0c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:40:46.0470 0x1c0c  sfloppy - ok
22:40:46.0503 0x1c0c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:40:46.0521 0x1c0c  SharedAccess - ok
22:40:46.0548 0x1c0c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:40:46.0565 0x1c0c  ShellHWDetection - ok
22:40:46.0581 0x1c0c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:40:46.0584 0x1c0c  SiSRaid2 - ok
22:40:46.0600 0x1c0c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
22:40:46.0604 0x1c0c  SiSRaid4 - ok
22:40:46.0672 0x1c0c  [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:40:46.0687 0x1c0c  SkypeUpdate - ok
22:40:46.0720 0x1c0c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:40:46.0732 0x1c0c  Smb - ok
22:40:46.0763 0x1c0c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:40:46.0766 0x1c0c  SNMPTRAP - ok
22:40:46.0781 0x1c0c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:40:46.0783 0x1c0c  spldr - ok
22:40:46.0826 0x1c0c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
22:40:46.0862 0x1c0c  Spooler - ok
22:40:46.0962 0x1c0c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
22:40:47.0056 0x1c0c  sppsvc - ok
22:40:47.0066 0x1c0c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:40:47.0069 0x1c0c  sppuinotify - ok
22:40:47.0099 0x1c0c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:40:47.0108 0x1c0c  srv - ok
22:40:47.0123 0x1c0c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:40:47.0132 0x1c0c  srv2 - ok
22:40:47.0148 0x1c0c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:40:47.0152 0x1c0c  srvnet - ok
22:40:47.0166 0x1c0c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:40:47.0171 0x1c0c  SSDPSRV - ok
22:40:47.0178 0x1c0c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:40:47.0181 0x1c0c  SstpSvc - ok
22:40:47.0223 0x1c0c  [ 076AE0D6FE79026DF27787A7681B921D, FE914D1322A8669522BEC0FEC018879BABAAA1F8A12EB8F4A7FD6A90F12E7214 ] STacSV          c:\program files\idt\wdm\STacSV64.exe
22:40:47.0233 0x1c0c  STacSV - ok
22:40:47.0258 0x1c0c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
22:40:47.0260 0x1c0c  stexstor - ok
22:40:47.0290 0x1c0c  [ E7DDD5B4C055C58C2753973FB3762B92, DBA20A9E5514EBF0C3848CBBED36DC6CA30EE9A2C6B705E528F53B608EFD18A6 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
22:40:47.0314 0x1c0c  STHDA - ok
22:40:47.0369 0x1c0c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
22:40:47.0387 0x1c0c  stisvc - ok
22:40:47.0401 0x1c0c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
22:40:47.0402 0x1c0c  swenum - ok
22:40:47.0436 0x1c0c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
22:40:47.0452 0x1c0c  swprv - ok
22:40:47.0532 0x1c0c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
22:40:47.0577 0x1c0c  SysMain - ok
22:40:47.0601 0x1c0c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:40:47.0604 0x1c0c  TabletInputService - ok
22:40:47.0638 0x1c0c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:40:47.0645 0x1c0c  TapiSrv - ok
22:40:47.0656 0x1c0c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
22:40:47.0658 0x1c0c  TBS - ok
22:40:47.0749 0x1c0c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:40:47.0807 0x1c0c  Tcpip - ok
22:40:47.0853 0x1c0c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:40:47.0881 0x1c0c  TCPIP6 - ok
22:40:47.0908 0x1c0c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:40:47.0910 0x1c0c  tcpipreg - ok
22:40:47.0932 0x1c0c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:40:47.0938 0x1c0c  TDPIPE - ok
22:40:47.0949 0x1c0c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:40:47.0951 0x1c0c  TDTCP - ok
22:40:47.0983 0x1c0c  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:40:47.0988 0x1c0c  tdx - ok
22:40:48.0011 0x1c0c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
22:40:48.0015 0x1c0c  TermDD - ok
22:40:48.0067 0x1c0c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
22:40:48.0085 0x1c0c  TermService - ok
22:40:48.0108 0x1c0c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
22:40:48.0111 0x1c0c  Themes - ok
22:40:48.0129 0x1c0c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
22:40:48.0132 0x1c0c  THREADORDER - ok
22:40:48.0144 0x1c0c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
22:40:48.0148 0x1c0c  TrkWks - ok
22:40:48.0186 0x1c0c  [ A1965DFC0CD91E7CFC42925F8F597274, 7478D7DACD94F0C3D4F0CDAC9CD71CB03CB45C503DE6B1207A51F989844CB1F3 ] TrueSight       C:\Windows\System32\drivers\TrueSight.sys
22:40:48.0188 0x1c0c  TrueSight - ok
22:40:48.0239 0x1c0c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:40:48.0245 0x1c0c  TrustedInstaller - ok
22:40:48.0276 0x1c0c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:40:48.0278 0x1c0c  tssecsrv - ok
22:40:48.0319 0x1c0c  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:40:48.0322 0x1c0c  TsUsbFlt - ok
22:40:48.0365 0x1c0c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:40:48.0371 0x1c0c  tunnel - ok
22:40:48.0394 0x1c0c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:40:48.0397 0x1c0c  uagp35 - ok
22:40:48.0423 0x1c0c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:40:48.0439 0x1c0c  udfs - ok
22:40:48.0467 0x1c0c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:40:48.0471 0x1c0c  UI0Detect - ok
22:40:48.0484 0x1c0c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:40:48.0487 0x1c0c  uliagpkx - ok
22:40:48.0515 0x1c0c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
22:40:48.0518 0x1c0c  umbus - ok
22:40:48.0542 0x1c0c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
22:40:48.0543 0x1c0c  UmPass - ok
22:40:48.0677 0x1c0c  [ 374EBDA379A8F38E0CFC2211611E7167, 0D6C3002B28E27C052227488CEE69FA99399421FF777EB48031E6080A759F532 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
22:40:48.0747 0x1c0c  UNS - ok
22:40:48.0783 0x1c0c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
22:40:48.0791 0x1c0c  upnphost - ok
22:40:48.0819 0x1c0c  [ 43228F8EDD1B0BCDD3145AD246E63D39, 108D8793E9F94C0A0E895398599B359121751F2E7BAA8B7BD24838AEF646726D ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
22:40:48.0821 0x1c0c  USBAAPL64 - ok
22:40:48.0876 0x1c0c  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
22:40:48.0881 0x1c0c  usbaudio - ok
22:40:48.0915 0x1c0c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:40:48.0920 0x1c0c  usbccgp - ok
22:40:48.0957 0x1c0c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:40:48.0972 0x1c0c  usbcir - ok
22:40:49.0041 0x1c0c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
22:40:49.0062 0x1c0c  usbehci - ok
22:40:49.0103 0x1c0c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:40:49.0116 0x1c0c  usbhub - ok
22:40:49.0131 0x1c0c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:40:49.0133 0x1c0c  usbohci - ok
22:40:49.0158 0x1c0c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:40:49.0160 0x1c0c  usbprint - ok
22:40:49.0184 0x1c0c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:40:49.0189 0x1c0c  USBSTOR - ok
22:40:49.0200 0x1c0c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:40:49.0202 0x1c0c  usbuhci - ok
22:40:49.0222 0x1c0c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
22:40:49.0226 0x1c0c  UxSms - ok
22:40:49.0237 0x1c0c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
22:40:49.0239 0x1c0c  VaultSvc - ok
22:40:49.0257 0x1c0c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:40:49.0261 0x1c0c  vdrvroot - ok
22:40:49.0303 0x1c0c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
22:40:49.0329 0x1c0c  vds - ok
22:40:49.0354 0x1c0c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:40:49.0356 0x1c0c  vga - ok
22:40:49.0367 0x1c0c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:40:49.0369 0x1c0c  VgaSave - ok
22:40:49.0405 0x1c0c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:40:49.0415 0x1c0c  vhdmp - ok
22:40:49.0449 0x1c0c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:40:49.0451 0x1c0c  viaide - ok
22:40:49.0494 0x1c0c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:40:49.0499 0x1c0c  volmgr - ok
22:40:49.0538 0x1c0c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:40:49.0546 0x1c0c  volmgrx - ok
22:40:49.0589 0x1c0c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:40:49.0596 0x1c0c  volsnap - ok
22:40:49.0627 0x1c0c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
22:40:49.0631 0x1c0c  vsmraid - ok
22:40:49.0690 0x1c0c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
22:40:49.0734 0x1c0c  VSS - ok
22:40:49.0778 0x1c0c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
22:40:49.0779 0x1c0c  vwifibus - ok
22:40:49.0846 0x1c0c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
22:40:49.0856 0x1c0c  W32Time - ok
22:40:49.0881 0x1c0c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
22:40:49.0882 0x1c0c  WacomPen - ok
22:40:49.0926 0x1c0c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:40:49.0929 0x1c0c  WANARP - ok
22:40:49.0933 0x1c0c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:40:49.0935 0x1c0c  Wanarpv6 - ok
22:40:49.0988 0x1c0c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
22:40:50.0021 0x1c0c  WatAdminSvc - ok
22:40:50.0083 0x1c0c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
22:40:50.0141 0x1c0c  wbengine - ok
22:40:50.0171 0x1c0c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:40:50.0176 0x1c0c  WbioSrvc - ok
22:40:50.0206 0x1c0c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:40:50.0216 0x1c0c  wcncsvc - ok
22:40:50.0229 0x1c0c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:40:50.0232 0x1c0c  WcsPlugInService - ok
22:40:50.0251 0x1c0c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
22:40:50.0253 0x1c0c  Wd - ok
22:40:50.0302 0x1c0c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:40:50.0327 0x1c0c  Wdf01000 - ok
22:40:50.0346 0x1c0c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:40:50.0349 0x1c0c  WdiServiceHost - ok
22:40:50.0354 0x1c0c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:40:50.0357 0x1c0c  WdiSystemHost - ok
22:40:50.0384 0x1c0c  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
22:40:50.0392 0x1c0c  WebClient - ok
22:40:50.0420 0x1c0c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:40:50.0427 0x1c0c  Wecsvc - ok
22:40:50.0440 0x1c0c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:40:50.0443 0x1c0c  wercplsupport - ok
22:40:50.0462 0x1c0c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:40:50.0465 0x1c0c  WerSvc - ok
22:40:50.0493 0x1c0c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:40:50.0495 0x1c0c  WfpLwf - ok
22:40:50.0502 0x1c0c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:40:50.0504 0x1c0c  WIMMount - ok
22:40:50.0524 0x1c0c  WinDefend - ok
22:40:50.0537 0x1c0c  WinHttpAutoProxySvc - ok
22:40:50.0586 0x1c0c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:40:50.0602 0x1c0c  Winmgmt - ok
22:40:50.0810 0x1c0c  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
22:40:50.0915 0x1c0c  WinRM - ok
22:40:51.0086 0x1c0c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:40:51.0088 0x1c0c  WinUsb - ok
22:40:51.0130 0x1c0c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:40:51.0172 0x1c0c  Wlansvc - ok
22:40:51.0319 0x1c0c  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:40:51.0399 0x1c0c  wlidsvc - ok
22:40:51.0421 0x1c0c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:40:51.0423 0x1c0c  WmiAcpi - ok
22:40:51.0446 0x1c0c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:40:51.0450 0x1c0c  wmiApSrv - ok
22:40:51.0464 0x1c0c  WMPNetworkSvc - ok
22:40:51.0491 0x1c0c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:40:51.0516 0x1c0c  WPCSvc - ok
22:40:51.0543 0x1c0c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:40:51.0547 0x1c0c  WPDBusEnum - ok
22:40:51.0566 0x1c0c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:40:51.0567 0x1c0c  ws2ifsl - ok
22:40:51.0582 0x1c0c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
22:40:51.0586 0x1c0c  wscsvc - ok
22:40:51.0588 0x1c0c  WSearch - ok
22:40:51.0704 0x1c0c  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:40:51.0765 0x1c0c  wuauserv - ok
22:40:51.0792 0x1c0c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:40:51.0794 0x1c0c  WudfPf - ok
22:40:51.0812 0x1c0c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:40:51.0817 0x1c0c  WUDFRd - ok
22:40:51.0835 0x1c0c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:40:51.0838 0x1c0c  wudfsvc - ok
22:40:51.0867 0x1c0c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:40:51.0874 0x1c0c  WwanSvc - ok
22:40:51.0885 0x1c0c  ================ Scan global ===============================
22:40:51.0899 0x1c0c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
22:40:51.0938 0x1c0c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
22:40:51.0963 0x1c0c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
22:40:51.0986 0x1c0c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
22:40:52.0016 0x1c0c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
22:40:52.0032 0x1c0c  [ Global ] - ok
22:40:52.0032 0x1c0c  ================ Scan MBR ==================================
22:40:52.0041 0x1c0c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:40:52.0282 0x1c0c  \Device\Harddisk0\DR0 - ok
22:40:52.0283 0x1c0c  ================ Scan VBR ==================================
22:40:52.0286 0x1c0c  [ 8DCEAC71D45A20D67F0004B924B1D2E8 ] \Device\Harddisk0\DR0\Partition1
22:40:52.0287 0x1c0c  \Device\Harddisk0\DR0\Partition1 - ok
22:40:52.0291 0x1c0c  [ D011855F7CD353BE315B2DADEA809323 ] \Device\Harddisk0\DR0\Partition2
22:40:52.0292 0x1c0c  \Device\Harddisk0\DR0\Partition2 - ok
22:40:52.0294 0x1c0c  [ BF8F8EB356BCF13B1B0D9241C23343BA ] \Device\Harddisk0\DR0\Partition3
22:40:52.0296 0x1c0c  \Device\Harddisk0\DR0\Partition3 - ok
22:40:52.0296 0x1c0c  ================ Scan generic autorun ======================
22:40:52.0296 0x1c0c  SysTrayApp - ok
22:40:52.0327 0x1c0c  [ BE49AF92F13030E188DBE8E2841D173A, AFC312A888F63D34E4F4E27A3FF50D5569BCAF0DD061671CC661E778FEC02EEB ] C:\Windows\system32\igfxtray.exe
22:40:52.0368 0x1c0c  IgfxTray - ok
22:40:52.0397 0x1c0c  [ 664FF61BE83FCACBF67A8D307011ADF5, B5270D13A355002336D25C092C042CA8E36795D23EB81134418BB2A8ABFBDF66 ] C:\Windows\system32\hkcmd.exe
22:40:52.0419 0x1c0c  HotKeysCmds - ok
22:40:52.0442 0x1c0c  [ 899D435E1C190C204E349CE0E483098B, FC6E84D7A382FBCBF3B2DAA4B75BD78F447359F314C1CD4424759E2EC97FD2DE ] C:\Windows\system32\igfxpers.exe
22:40:52.0458 0x1c0c  Persistence - ok
22:40:52.0570 0x1c0c  [ 371BA71B566260932DCCCF843BF6C7E7, 3F34769DD1EA9C6CBAA3DC099B2512E4D5B888A6B76A568BB79ED08452C7EA17 ] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
22:40:52.0636 0x1c0c  AVG_TRAY - ok
22:40:52.0688 0x1c0c  [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
22:40:52.0714 0x1c0c  Adobe ARM - ok
22:40:52.0744 0x1c0c  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F, 6D2B301E77839FFF1C74425B37D02C3F3837CE50E856C21AE4CF7ABABB04ADDC ] C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
22:40:52.0746 0x1c0c  Google Desktop Search - ok
22:40:52.0787 0x1c0c  [ C26B09276755E0698B31CF0BAE0BF182, A95B567626C0573DF0F136818AA7E487BC4995552E9B7A041437539E49B99473 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
22:40:52.0790 0x1c0c  APSDaemon - ok
22:40:52.0852 0x1c0c  [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
22:40:52.0856 0x1c0c  BCSSync - ok
22:40:52.0930 0x1c0c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:40:52.0963 0x1c0c  Sidebar - ok
22:40:52.0985 0x1c0c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:40:52.0988 0x1c0c  mctadmin - ok
22:40:53.0017 0x1c0c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:40:53.0038 0x1c0c  Sidebar - ok
22:40:53.0043 0x1c0c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:40:53.0045 0x1c0c  mctadmin - ok
22:40:53.0099 0x1c0c  [ 2C8F184415DDFE6A57E785245E207BD9, 8E0A32A3D670C66AF6A9A2587E162AFE0A646D6218B5B8A8067239DD7C4B2485 ] C:\Users\Owner\AppData\Local\ATT Connect\Participant\pull.exe
22:40:53.0123 0x1c0c  Push Client - ok
22:40:53.0136 0x1c0c  Obrona Block Ads - ok
22:40:53.0137 0x1c0c  Waiting for KSN requests completion. In queue: 312
22:40:54.0137 0x1c0c  Waiting for KSN requests completion. In queue: 312
22:40:55.0137 0x1c0c  Waiting for KSN requests completion. In queue: 312
22:40:56.0294 0x1c0c  AV detected via SS2: AVG Anti-Virus Free Edition 2012, C:\Program Files (x86)\AVG\AVG2012\avgwsc.exe ( 12.0.0.2222 ), 0x41000 ( enabled : updated )
22:40:56.0331 0x1c0c  Win FW state via NFP2: enabled
22:40:58.0743 0x1c0c  ============================================================
22:40:58.0743 0x1c0c  Scan finished
22:40:58.0743 0x1c0c  ============================================================
22:40:58.0750 0x29d4  Detected object count: 0
22:40:58.0750 0x29d4  Actual detected object count: 0
 

 

Will try Combofix next



#9 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,753 posts
  • Interests:LFC, music, more LFC, more music

Posted 18 November 2014 - 04:50 PM

:thumbup:


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#10 Macaroni

Macaroni

    Authentic Member

  • Authentic Member
  • PipPip
  • 45 posts

Posted 18 November 2014 - 05:32 PM

ComboFix 14-11-17.01 - Owner 18/11/2014  23:04:04.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.2984.538 [GMT 0:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 192 bytes in 2 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
c:\users\Owner\AppData\Local\Google\Desktop\Install
c:\users\Owner\AppData\Local\Google\Desktop\Install\{321b9ce6-0736-4e9b-cf39-77e1bd0827d0}\2E2F~1\28F0~1\E628~1\{321b9ce6-0736-4e9b-cf39-77e1bd0827d0}\@
c:\users\Owner\AppData\Local\Google\Desktop\Install\{321b9ce6-0736-4e9b-cf39-77e1bd0827d0}\2E2F~1\28F0~1\E628~1\{321b9ce6-0736-4e9b-cf39-77e1bd0827d0}\U\00000001.@
c:\users\Owner\AppData\Local\Google\Desktop\Install\{321b9ce6-0736-4e9b-cf39-77e1bd0827d0}\2E2F~1\28F0~1\E628~1\{321b9ce6-0736-4e9b-cf39-77e1bd0827d0}\U\00000002.@
c:\users\Owner\AppData\Local\Google\Desktop\Install\{321b9ce6-0736-4e9b-cf39-77e1bd0827d0}\2E2F~1\28F0~1\E628~1\{321b9ce6-0736-4e9b-cf39-77e1bd0827d0}\U\80000000.@
c:\users\Owner\AppData\Local\Google\Desktop\Install\{321b9ce6-0736-4e9b-cf39-77e1bd0827d0}\2E2F~1\28F0~1\E628~1\{321b9ce6-0736-4e9b-cf39-77e1bd0827d0}\U\80000001.@
c:\users\Owner\AppData\Local\Google\Desktop\Install\{321b9ce6-0736-4e9b-cf39-77e1bd0827d0}\2E2F~1\28F0~1\E628~1\{321b9ce6-0736-4e9b-cf39-77e1bd0827d0}\U\800000cb.@
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender\Uninstall BrowserDefender.lnk
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BrowserDefendert
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-18 to 2014-11-18  )))))))))))))))))))))))))))))))
.
.
2014-11-17 22:25 . 2014-11-17 22:28    --------    d-----w-    C:\FRST
2014-11-17 21:15 . 2014-11-18 22:44    34808    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-11-17 21:15 . 2014-11-17 21:15    --------    d-----w-    c:\programdata\RogueKiller
2014-11-16 11:12 . 2014-11-16 12:29    2226    ----a-w-    c:\windows\patsearch.bin
2014-11-16 11:12 . 2014-11-18 23:01    --------    d-sh--w-    c:\program files (x86)\Odizidiablatochrit
2014-11-16 11:12 . 2014-11-16 11:19    --------    d-----w-    c:\users\Owner\AppData\Roaming\VOPackage
2014-11-16 11:12 . 2014-11-16 11:21    --------    d-----w-    c:\program files (x86)\PC Speed Up
2014-11-16 11:12 . 2014-11-02 10:35    268600    ----a-w-    c:\windows\SysWow64\lsdprn.exe
2014-11-16 11:12 . 2014-11-16 12:46    --------    d-----w-    c:\program files\shopperz
2014-11-16 08:44 . 2014-11-16 08:44    --------    d-sh--w-    c:\users\Owner\AppData\Local\EmieBrowserModeList
2014-11-13 07:40 . 2014-11-17 22:22    --------    d-----w-    c:\users\Owner\AppData\Local\Obrona Block Ads
2014-11-12 16:42 . 2014-11-12 16:42    17926832    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-11-12 10:03 . 2014-11-07 19:23    235192    ----a-w-    c:\program files (x86)\Internet Explorer\sqmapi.dll
2014-10-29 20:27 . 2014-07-09 02:03    7168    ----a-w-    c:\windows\system32\KBDYAK.DLL
2014-10-29 20:27 . 2014-07-09 02:03    7168    ----a-w-    c:\windows\system32\KBDTAT.DLL
2014-10-29 20:27 . 2014-07-09 02:03    7168    ----a-w-    c:\windows\system32\KBDRU1.DLL
2014-10-29 20:27 . 2014-07-09 02:03    6656    ----a-w-    c:\windows\system32\KBDRU.DLL
2014-10-29 20:27 . 2014-07-09 02:03    7168    ----a-w-    c:\windows\system32\KBDBASH.DLL
2014-10-29 20:27 . 2014-07-09 01:31    7168    ----a-w-    c:\windows\SysWow64\KBDYAK.DLL
2014-10-29 20:27 . 2014-07-09 01:31    6656    ----a-w-    c:\windows\SysWow64\KBDBASH.DLL
2014-10-23 22:29 . 2014-06-27 02:08    2777088    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2014-10-23 22:29 . 2014-06-27 01:45    2285056    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2014-10-23 22:27 . 2014-03-09 21:48    171160    ----a-w-    c:\windows\system32\infocardapi.dll
2014-10-23 22:27 . 2014-03-09 21:47    99480    ----a-w-    c:\windows\SysWow64\infocardapi.dll
2014-10-23 22:27 . 2014-06-30 22:24    8856    ----a-w-    c:\windows\system32\icardres.dll
2014-10-23 22:27 . 2014-06-30 22:14    8856    ----a-w-    c:\windows\SysWow64\icardres.dll
2014-10-23 22:27 . 2014-03-09 21:48    1389208    ----a-w-    c:\windows\system32\icardagt.exe
2014-10-23 22:27 . 2014-03-09 21:47    619672    ----a-w-    c:\windows\SysWow64\icardagt.exe
2014-10-23 22:27 . 2014-06-06 06:16    35480    ----a-w-    c:\windows\SysWow64\TsWpfWrp.exe
2014-10-23 22:27 . 2014-06-06 06:12    35480    ----a-w-    c:\windows\system32\TsWpfWrp.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-16 12:42 . 2012-12-01 17:54    333834    ----a-w-    C:\MGlogs.zip
2014-11-12 16:42 . 2012-04-19 12:37    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 16:42 . 2012-04-19 12:37    701104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-25 02:08 . 2014-09-30 19:51    371712    ----a-w-    c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-09-30 19:51    519680    ----a-w-    c:\windows\SysWow64\qdvd.dll
2014-09-24 20:36 . 2012-07-17 13:37    23256    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-09 22:11 . 2014-09-24 07:59    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 07:59    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2014-09-04 05:23 . 2014-10-16 17:59    424448    ----a-w-    c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-16 17:59    372736    ----a-w-    c:\windows\SysWow64\rastls.dll
2014-08-23 02:07 . 2014-08-28 21:14    404480    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 21:14    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Push Client"="c:\users\Owner\AppData\Local\ATT Connect\Participant\pull.exe" [2011-04-27 966944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2012-04-23 30192]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Scratch\
Scratch.lnk - c:\data\CALLI\Scratch\Scratch.exe "c:\data\CALLI\Scratch\Scratch.image" [2009-7-2 1045504]
Uninstall Scratch.lnk - c:\data\CALLI\Scratch\uninstall.exe [2014-11-13 66163]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0bootdelete\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]
S2 lsdprn;lsdprn;c:\windows\SysWOW64\lsdprn.exe;c:\windows\SysWOW64\lsdprn.exe [x]
S2 NalServ;Nalpeiron Control Service;c:\windows\SysWOW64\nalserv.exe;c:\windows\SysWOW64\nalserv.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 Odizidiablatochrit;Odizidiablatochrit;c:\program files (x86)\Odizidiablatochrit\Odizidiablatochrit.exe;c:\program files (x86)\Odizidiablatochrit\Odizidiablatochrit.exe [x]
S2 servervo;VO Service component;c:\users\Owner\AppData\Roaming\VOPackage\VOsrv.exe;c:\users\Owner\AppData\Roaming\VOPackage\VOsrv.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsfiltera.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-29 20:06    1089352    ----a-w-    c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 16:42]
.
2014-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-07 19:42]
.
2014-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-07 19:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://bt.com/
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzuzztD0E0EyBtAtByEtDtDyD0D0D0C0D0FtN0D0Tzu0CyDyCtDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=177226884&ir=
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:9880;https=127.0.0.1:9880
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9qvvo13y.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
Wow6432Node-HKCU-Run-Obrona Block Ads - c:\users\Owner\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Scratch\Scratch Website.lnk - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} - c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-11-18  23:22:57 - machine was rebooted
ComboFix-quarantined-files.txt  2014-11-18 23:22
.
Pre-Run: 152,054,333,440 bytes free
Post-Run: 151,491,424,256 bytes free
.
- - End Of File - - 13B277ED22948E202BF5D26EE382D2F7
A36C5E4F47E84449FF07ED3517B43A31
 

=============================================================================================================

=============================================================================================================

=======================                          =========================================                          =====================

============                                       ============================================                               ====================

================                             ===========================================                                        ================

==================        ========================================================                    =======================

===============================================================================================================

 

 

 

 

RogueKiller V10.0.6.0 [Nov 13 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Owner [Administrator]
Mode : Scan -- Date : 11/18/2014  23:28:52

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] VOsrv.exe -- C:\Users\Owner\AppData\Roaming\VOPackage\VOsrv.exe[-] -> Killed [TermProc]

¤¤¤ Registry : 31 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\servervo (C:\Users\Owner\AppData\Roaming\VOPackage\VOsrv.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\servervo (C:\Users\Owner\AppData\Roaming\VOPackage\VOsrv.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\servervo (C:\Users\Owner\AppData\Roaming\VOPackage\VOsrv.exe) -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1223099625-640677739-1220686774-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1223099625-640677739-1220686774-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1223099625-640677739-1220686774-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:9880;https=127.0.0.1:9880  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1223099625-640677739-1220686774-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:9880;https=127.0.0.1:9880  -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1223099625-640677739-1220686774-1000\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1223099625-640677739-1220686774-1000\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1223099625-640677739-1220686774-1000\Software\Microsoft\Internet Explorer\Main | Search Page : -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1223099625-640677739-1220686774-1000\Software\Microsoft\Internet Explorer\Main | Search Page : -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-001CA0 ATA Device +++++
--- User ---
[MBR] eb3b756890eb70b7b6f32b76479de702
[BSP] d696b006648b4c2707b03aaba70d3b53 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 230000 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 471246848 | Size: 246837 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_11172014_225126.log - RKreport_SCN_11172014_212345.log - RKreport_SCN_11172014_225054.log - RKreport_SCN_11182014_225312.log


    Advertisements

Register to Remove


#11 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,753 posts
  • Interests:LFC, music, more LFC, more music

Posted 19 November 2014 - 05:38 AM

There is quite a lot to be done here but first I’d like a different ComboFix report to see what is currently installed on your computer before we start blindly removing things.

  • push the Windows key, (between the "Ctrl" button and "Alt" Button) + "R"
  • copy/paste the following bolded text into the run box and then click OK:

C:\Qoobox\Add-Remove Programs.txt

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#12 Macaroni

Macaroni

    Authentic Member

  • Authentic Member
  • PipPip
  • 45 posts

Posted 19 November 2014 - 04:27 PM

Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader X (10.1.3)
AnimatorDV Simple+
Apple Application Support
Apple Software Update
ApSIC Xbench 2.9
Asmedia ASM104x USB 3.0 Host Controller Driver
AT&T Connect Participant Application v9.0.82
Audacity 2.0.3
bProtector for Windows
D3DX10
Definition Update for Microsoft Office 2010 (KB2899521) 32-Bit Edition
Google Chrome
Google Desktop
Google Update Helper
IDT Audio
Intel® Management Engine Components
Intel® Processor Graphics
Java 7 Update 67
Java Auto Updater
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft WSE 2.0 SP3 Runtime
Movie Maker
Mozilla Firefox 33.1.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.6.0 (x86 en-GB)
MSVCRT
MSVCRT110
Open XML SDK 2.0 for Microsoft Office
Photo Common
Photo Gallery
Realtek Ethernet Controller Driver
Remote Desktop Access (VuuPC)
Scratch
SDL MultiTerm 2011 SP2 - Remove suite of products
SDL MultiTerm 2011 SP2 Convert
SDL MultiTerm 2011 SP2 Core
SDL MultiTerm 2011 SP2 Desktop
SDL MultiTerm 2011 SP2 Word Integration
SDL Passolo Essential 2011 SP6
SDL Trados 2011 SP2R - Remove suite of products
SDL Trados Compatibility module
SDL Trados Studio 2011 SP2R
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2883013) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype™ 6.21
Tux Paint 0.9.21c
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2889935) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2878251) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Visual Studio 2008 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.20 (32-bit)
 

 

NB: SDL might not be very familiar but is legit

 

Cheers!

D



#13 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,753 posts
  • Interests:LFC, music, more LFC, more music

Posted 19 November 2014 - 04:53 PM

You missed out following the beginning of my instructions in the TDSSK & ComboFix post where I asked you to run RogueKiller again and press the Delete key when the scan was finished. Please do that now BEFORE running the other scans.

Please post the resulting log.

===================================================

Uninstall program

Uninstall these programs:

bProtector for Windows
Java 7 Update 67

  • click Start, Control Panel, Programs and Features
  • click on bProtector for Windows and then on Uninstall. Repeat this for Java 7 Update 67, (and any other Java entry)

If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

Logs to include in the next post:

RogueKiller log
AdwCleaner log
JRT.txt


Thanks

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#14 Macaroni

Macaroni

    Authentic Member

  • Authentic Member
  • PipPip
  • 45 posts

Posted 19 November 2014 - 05:19 PM

OK the RogueKiller

 

RogueKiller V10.0.6.0 [Nov 13 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Owner [Administrator]
Mode : Delete -- Date : 11/19/2014  23:18:08

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 31 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Not selected
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Not selected
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\servervo (C:\Users\Owner\AppData\Roaming\VOPackage\VOsrv.exe) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\servervo (C:\Users\Owner\AppData\Roaming\VOPackage\VOsrv.exe) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\servervo (C:\Users\Owner\AppData\Roaming\VOPackage\VOsrv.exe) -> Not selected
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1223099625-640677739-1220686774-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1223099625-640677739-1220686774-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Not selected
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1223099625-640677739-1220686774-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:9880;https=127.0.0.1:9880  -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1223099625-640677739-1220686774-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:9880;https=127.0.0.1:9880  -> Not selected
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : -> Not selected
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1223099625-640677739-1220686774-1000\Software\Microsoft\Internet Explorer\Main | Start Page : -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1223099625-640677739-1220686774-1000\Software\Microsoft\Internet Explorer\Main | Start Page : -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1223099625-640677739-1220686774-1000\Software\Microsoft\Internet Explorer\Main | Search Page : -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1223099625-640677739-1220686774-1000\Software\Microsoft\Internet Explorer\Main | Search Page : -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-001CA0 ATA Device +++++
--- User ---
[MBR] eb3b756890eb70b7b6f32b76479de702
[BSP] d696b006648b4c2707b03aaba70d3b53 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 230000 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 471246848 | Size: 246837 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_11172014_225126.log - RKreport_SCN_11172014_212345.log - RKreport_SCN_11172014_225054.log - RKreport_SCN_11182014_225312.log
RKreport_SCN_11182014_232852.log - RKreport_SCN_11192014_231635.log



#15 Macaroni

Macaroni

    Authentic Member

  • Authentic Member
  • PipPip
  • 45 posts

Posted 19 November 2014 - 05:25 PM

Also see attached: it's telling me bProtector is no longer installed, however I've left it in the list for now as it seems I could "apparently" delete it, lose all trace and yet it still be at large in my machine.

See attached snippet/jpg

 

Thanks

D

 


Related Topics




Also tagged with one or more of these keywords: malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users