TechSpot

DOS/Rovnix.gg virus removal help

Inactive-A
By McGixxer
Apr 15, 2014
Topic Status:
Not open for further replies.
  1. I really hope I followed all the instruction correctly. However, I was unable to get DDS to create a log no matter how many times I re-read how to shut everything down that should prevent it from running. So I ran a scan with ZHPDiag instead.

    This Virus pops up in Microsoft Security Essentials and can not be removed by it, even when it tells you that it can by rebooting the computer and running it in offline mode.

    Malwarebytes log:

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org
    Database version: v2014.04.14.09
    Windows 7 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Owner :: OWNER-PC [administrator]
    4/14/2014 9:35:56 PM
    mbam-log-2014-04-14 (21-35-56).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 306785
    Time elapsed: 12 minute(s), 26 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
    Last edited: Apr 15, 2014
  2. McGixxer

    McGixxer TS Rookie Topic Starter

    DDS log (attach.txt)

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/8/2009 5:38:49 PM
    System Uptime: 4/14/2014 9:07:09 PM (1 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | CPU | 2000/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 288 GiB total, 148.634 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: hp LaserJet 4200
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: Hewlett-Packard
    Name: hp LaserJet 4200
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: HP LaserJet 600 M602
    Device ID: ROOT\MULTIFUNCTION\0001
    Manufacturer: Hewlett-Packard
    Name: HP LaserJet 600 M602
    PNP Device ID: ROOT\MULTIFUNCTION\0001
    Service:
    .
    ==== System Restore Points ===================
    .
    RP1341: 3/10/2014 10:08:36 AM - Configured Microsoft Office Home and Student 2007
    RP1342: 3/10/2014 4:55:41 PM - Windows Update
    RP1343: 3/11/2014 10:43:43 AM - Configured Microsoft Office Home and Student 2007
    RP1344: 3/11/2014 4:04:06 PM - Configured Microsoft Office Home and Student 2007
    RP1345: 3/11/2014 4:22:09 PM - Configured Microsoft Office Home and Student 2007
    RP1346: 3/11/2014 5:02:14 PM - Windows Update
    RP1347: 3/13/2014 8:40:56 AM - Windows Update
    RP1348: 3/13/2014 4:51:08 PM - Windows Update
    RP1349: 3/14/2014 11:23:17 AM - Windows Update
    RP1350: 3/17/2014 8:06:59 AM - Windows Update
    RP1351: 3/17/2014 5:03:50 PM - Windows Update
    RP1352: 3/18/2014 8:10:33 AM - Windows Update
    RP1353: 3/18/2014 5:07:12 PM - Windows Update
    RP1354: 3/19/2014 2:09:10 PM - Restore Operation
    RP1355: 3/19/2014 3:34:08 PM - Windows Update
    RP1356: 3/19/2014 4:38:24 PM - Windows Update
    RP1357: 3/20/2014 4:32:50 PM - Configured Microsoft Office Home and Student 2007
    RP1358: 3/20/2014 4:47:38 PM - Windows Update
    RP1359: 3/21/2014 5:05:26 PM - Windows Update
    RP1360: 3/24/2014 5:01:33 PM - Windows Update
    RP1361: 3/25/2014 5:12:03 PM - Windows Update
    RP1362: 3/26/2014 4:49:05 PM - Windows Update
    RP1363: 3/27/2014 4:44:42 PM - Windows Update
    RP1364: 3/28/2014 4:46:30 PM - Windows Update
    RP1365: 3/31/2014 5:03:01 PM - Windows Update
    RP1366: 4/1/2014 9:16:02 AM - Configured Microsoft Office Home and Student 2007
    RP1367: 4/1/2014 5:12:02 PM - Windows Update
    RP1368: 4/2/2014 4:59:24 PM - Windows Update
    RP1369: 4/3/2014 8:37:05 AM - Windows Update
    RP1370: 4/3/2014 5:01:09 PM - Windows Update
    RP1371: 4/4/2014 2:12:01 PM - Windows Update
    RP1372: 4/8/2014 8:16:14 AM - Windows Update
    RP1373: 4/8/2014 3:26:09 PM - Configured Microsoft Office Home and Student 2007
    RP1374: 4/8/2014 3:32:46 PM - Configured Microsoft Office Home and Student 2007
    RP1375: 4/8/2014 5:01:39 PM - Windows Update
    RP1377: 4/9/2014 8:50:01 AM - Installed Rapport
    RP1378: 4/10/2014 8:20:39 AM - Windows Update
    RP1379: 4/11/2014 3:00:21 AM - Windows Update
    RP1380: 4/11/2014 8:14:30 AM - Windows Update
    RP1381: 4/11/2014 9:47:16 AM - Restore Operation
    RP1382: 4/11/2014 11:23:14 AM - Windows Update
    RP1384: 4/11/2014 3:06:25 PM - Installed Rapport
    RP1386: 4/12/2014 11:49:29 PM - Windows Update
    RP1387: 4/13/2014 12:07:46 AM - Windows Update
    RP1385: 4/13/2014 12:08:28 AM - Windows Update
    RP1388: 4/13/2014 2:05:28 AM - Removed Rapport
    RP1389: 4/13/2014 2:21:19 AM - Removed Rapport
    RP1390: 4/13/2014 2:31:18 AM - Removed Rapport
    RP1391: 4/13/2014 2:40:33 AM - Removed Rapport
    .
    ==== Image File Execution Options =============
    .
    .
    ==== Installed Programs ======================
    .
    .
    ==== End Of File ===========================
  3. McGixxer

    McGixxer TS Rookie Topic Starter

    ~ Report of ZHPDiag v2014.4.13.25 - Nicolas Coolman (4/13/2014)
    ~ Launched by Owner (4/14/2014 10:47:00 PM)
    ~ Web site address : http://nicolascoolman.webs.com
    ~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
    ~ Translated by
    ~ Version State :
    ~ White List : Activate by program
    ~ Elevation of privilege : OK
    ~ User Account Control : Deactivate by user

    ---\\ Internet browsers
    MSIE: Internet Explorer v9.0.8112.16421
    GCIE: Google Chrome v34.0.1847.116
    OBIE: Safari v5.34.57.2
    ---\\ Windows product information
    ~ Langage: Anglais
    Windows 7 Home Premium, 32-bit (Build 7600)
    Windows Server License Manager Script : OK
    ~ Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK
    ---\\ System protection software
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft Security Client v4.5.0216.0
    Windows Defender W7
    ---\\ System optimization software
    ---\\ Sharing software PeerToPeer
    ---\\ Surveillance software
    Adobe Flash Player 12 ActiveX
    Adobe Reader X
    ---\\ Information on the system
    ~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 2940.0 MB (74% free)
    System Restore: Activé (Enable)
    System drive C: has 149 GB (51%) free of 288 GB
    ---\\ Connection to the system mode
    ~ Computer Name: OWNER-PC
    ~ User Name: Owner
    ~ All Users Names: Owner, HomeGroupUser$, Guest, Administrator,
    ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
    Logged in as Administrator
    ---\\ Environment variables
    ~ System Unit : C:\
    ~ %AppZHP% : C:\Users\Owner\AppData\Roaming\ZHP\
    ~ %AppData% : C:\Users\Owner\AppData\Roaming\
    ~ %Desktop% : C:\Users\Owner\Desktop\
    ~ %Favorites% : C:\Users\Owner\Favorites\
    ~ %LocalAppData% : C:\Users\Owner\AppData\Local\
    ~ %StartMenu% : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\
    ~ %Windir% : C:\Windows\
    ~ %System% : C:\Windows\System32\
    ---\\ Enumeration of the disk units
    C: Hard drive, Flash drive, Thumb drive (Free 149 Go of 288 Go)
    D: CD-ROM drive (Not Inserted)
    ---\\ State of the Windows Security Center
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
    ~ Security Center: 50 Legitimates Filtered in 00mn AMs
    ---\\ Search Generic System Files
    [MD5.2AF58D15EDC06EC6FDACCE1F19482BBF] - (.Microsoft Corporation - Windows Explorer.) (.2/25/2011 - 11:33:07 PM.) -- C:\Windows\Explorer.exe [2614784]
    [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Start-Up Application.) (.7/13/2009 - 7:14:45 PM.) -- C:\Windows\System32\Wininit.exe [96256]
    [MD5.C5B6468422DB1C8AA36C32CBB0197E5E] - (.Microsoft Corporation - Internet Extensions for Win32.) (.2/21/2013 - 9:38:00 PM.) -- C:\Windows\System32\wininet.dll [1129472]
    [MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Windows Logon Application.) (.10/28/2009 - 12:17:59 AM.) -- C:\Windows\System32\Winlogon.exe [285696]
    [MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Software Licensing Library.) (.7/13/2009 - 7:16:15 PM.) -- C:\Windows\System32\sppcomapi.dll [193024]
    [MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.4/24/2011 - 8:35:40 PM.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
    [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/13/2009 - 7:26:15 PM.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
    [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.7/13/2009 - 5:11:15 PM.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
    [MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.7/13/2009 - 5:11:26 PM.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
    [MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.4/26/2011 - 8:33:46 PM.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
    [MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.7/13/2009 - 5:50:56 PM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
    [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042 Port Driver.) (.7/13/2009 - 5:11:24 PM.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
    [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.7/13/2009 - 5:54:29 PM.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
    [MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.5/3/2011 - 8:43:41 PM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
    [MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.7/13/2009 - 5:12:21 PM.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
    [MD5.A8F59428E9F361C7AC42A94AC1560BC9] - (.Microsoft Corporation - NT File System Driver.) (.4/12/2013 - 7:58:11 AM.) -- C:\Windows\system32\Drivers\ntfs.sys [1210728]
    [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Parallel Port Driver.) (.7/13/2009 - 5:45:35 PM.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
    [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.7/13/2009 - 5:54:34 PM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
    [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.7/13/2009 - 5:53:41 PM.) -- C:\Windows\system32\Drivers\smb.sys [71168]
    [MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.7/13/2009 - 5:12:11 PM.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
    [MD5.59F06B4968E58BC83DFC56CA4517960E] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.9/6/2012 - 10:48:29 AM.) -- C:\Windows\system32\Drivers\volsnap.sys [245616]
    ~ Generic Processes: Scanned in 00mn AMs
    ---\\ Hidden files state (Hidden/Total)
    ~ Mes images (My Pictures) : 2/285
    ~ Mes musiques (My Musics) : 1/24
    ~ Mes Videos (My Videos) : 2/3
    ~ Mes Favoris (My Favorites) : 1/409
    ~ Mes Documents (My Documents) : 3/202
    ~ Mon Bureau (My Desktop) : 3/41
    ~ Menu demarrer (Programs) : 1/24
    ~ Hidden Files: Scanned in 01mn AMs
    ---\\ Process running
    [MD5.1AAD47F9113C168837E73C9E19256F28] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1451304] [PID.3204]
    [MD5.C08EEB50B0CA00F7D272AE94B1531F7D] - (.TOSHIBA - No Comment.) -- C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2513472] [PID.3160]
    [MD5.64BD7D1730E938E571B4375208B7C0BD] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.2840]
    [MD5.967DCD9F36AAEA34FE859C9B82E6A4B9] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248] [PID.536]
    [MD5.886C16114E2C2F8F91710B334692803C] - (.TOSHIBA CORPORATION - ConfigFree Task Tray Menu.) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [304496] [PID.3716]
    [MD5.8A07221789D46B2EA7DFCA2BC807572A] - (.TOSHIBA CORPORATION - ConfigFree Switch Manager Process.) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe [62848] [PID.4344]
    [MD5.37CC821DE64DEB7513D65BCA5AE297FD] - (.TOSHIBA Corporation - TosSENotify.exe.) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1021272] [PID.5056]
    [MD5.08FECDE82830FA31E186E071D87CE86A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8212992] [PID.8044]
    ~ Processes Running: Scanned in 01mn AMs
    ---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences
    G1 - GCS: Preference [User Data\Default] http://www.bing.com
    G0 - GCSP: Preference [User Data\Default][HomePage] http://www.msn.com
    G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
    G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
    ---\\ Google Chrome Extension Folder
    ~ Google Lines Browser: 11 Legitimates Filtered in 00mn AMs
    ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
    P2 - FPN: [HKLM] [@ei.TotalRecipeSearch_14.com/Plugin] - (...) -- C:\Program Files\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISB.dll (.not file.)
    P2 - FPN: [HKLM] [@google.com/npPicasa2,version=2.0.0] - (...) -- C:\Program Files\Picasa2\npPicasa2.dll (.not file.)
    P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.1] - (.No owner - Provides additional functionality on Facebook. See <a href="http://www.) -- C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll =>.Facebook
    ~ Firefox Browser: 20 Legitimates Filtered in 00mn AMs
    ---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
    R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com
    R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} . (.No owner - Provides additional functionality on Facebook. See <a href="http://www.) (No version) -- (.not file.) =>.Facebook
    R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.No owner - Provides additional functionality on Facebook. See <a href="http://www.) (No version) -- (.not file.) =>.Facebook
    R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0
    ~ IE Browser: 15 Legitimates Filtered in 00mn AMs
    ---\\ Internet Explorer, Proxy Management (R5)
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>;*.local
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn AMs
    ---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
    F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
    F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
    F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn AMs
    ---\\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn AMs
    ~ Nombre de lignes (Lines number): 1
    ---\\ Browser Helper Objects (O2)
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask
    ~ BHO: 8 Legitimates Filtered in 00mn AMs
    ---\\ Internet Explorer toolbars (O3)
    O3 - Toolbar: Ask Toolbar - [HKLM]{D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask
    O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
    O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan key
    ~ Toolbar: Scanned in 00mn AMs
    ---\\ Other User Links (O4)
    O4 - GS\Desktop [Public]: DYMO Label.lnk . (.DYMO Corporation - DYMO Label Software.) -- C:\Program Files\DYMO Label\Dymolbl.exe
    O4 - GS\Desktop [Public]: DYMO Stamps.lnk . (.Endicia Internet Postage - DYMO Printable Postage.) -- C:\Program Files\DYMO Stamps\DYMO Stamps.exe
    O4 - GS\Desktop [Public]: QuickBooks Pro 2012.lnk . (.Intuit Inc. - QuickBooks Application.) -- C:\Program Files\Intuit\QuickBooks 2009\QBW32Pro.exe
    O4 - GS\Desktop [Public]: QuickFile Florida.lnk . (...) -- C:\Program Files\QuickQuoteA2k2 Runtime\Office10\runaccess.exe
    O4 - GS\Desktop [Public]: Recovery Disc Creator.lnk . (.Toshiba Information Equipment(Hangzhou)Co., - TRDC Launcher for Vista.) -- C:\Program Files\Toshiba\Toshiba Recovery Disc Creator\TRDCLcher.exe
    O4 - GS\Program [Public]: I.R.I.S. OCR Registration.lnk . (.I.R.I.S. Image Recognition Integarted Syste - Registration Wizard.) -- C:\Program Files\HP\Digital Imaging\DocProc\regipe.exe
    O4 - GS\Program [Public]: QuickBooks Financial Center.lnk . (...) -- C:\Program Files\Intuit\QuickBooksFinancialCenter\intro.html
    O4 - GS\Program [Public]: Safari.lnk . (...) -- C:\Windows\Installer\{FA4C2D53-205F-4245-9717-F3761154824D}\SafariIco.exe
    O4 - GS\Program [Public]: Streamline Bridge.lnk . (...) -- C:\Program Files\Streamline Bridge\Streamline Bridge.exe
    O4 - GS\Program [Public]: Transfer Manager.NET.lnk . (.IVANS - IVANS Transfer Manager User Interface..) -- C:\IVANS\TM.NET\TransMan.exe
    O4 - GS\Program [Public]: Windows 7 Upgrade Advisor.lnk . (.Microsoft Corporation - Windows 7 Upgrade Advisor.) -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor\WindowsUpgradeAdvisor.exe
    O4 - GS\QuickLaunch [Owner]: Apple Safari.lnk . (...) -- C:\Windows\Installer\{FA4C2D53-205F-4245-9717-F3761154824D}\SafariIco.exe
    O4 - GS\QuickLaunch [Owner]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
    O4 - GS\QuickLaunch [Owner]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
    O4 - GS\TaskBar [Owner]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
    O4 - GS\TaskBar [Owner]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
    O4 - GS\Program [Owner]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
    O4 - GS\SystemTools [Owner]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
    O4 - GS\Desktop [Owner]: Auto - Shortcut.lnk . (...) -- C:\Users\Owner\Favorites\Auto
    O4 - GS\Desktop [Owner]: Flood Ins sites - Shortcut.lnk . (...) -- C:\Users\Owner\Favorites\Flood Ins sites
    O4 - GS\Desktop [Owner]: Homeowner Quote file - Shortcut.lnk . (...) -- C:\Users\Owner\Favorites\Homeowner Quote file
    O4 - GS\Desktop [Owner]: triathlondominator - Shortcut.lnk . (...) -- C:\Users\Owner\Downloads\triathlondominator.zip
    O4 - GS\Desktop [Owner]: Windows Update.lnk . (.Microsoft Corporation - Windows Update Application Launcher.) -- C:\Windows\system32\wuapp.exe
    ~ Global Startup: 82 Legitimates Filtered in 02mn AMs
    ---\\ Auto loading programs from Registry and folders (O4)
    O4 - GS\Startup [Public]: Intuit Data Protect.lnk . (.Intuit Inc. - Intuit Data Protect.) -- C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
    O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TosSENotify] . (.TOSHIBA Corporation - No Comment.) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    O4 - HKLM\..\Run: [TWebCamera] . (.TOSHIBA - No Comment.) -- C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
    O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe =>.Realtek Semiconductor Corp
    O4 - HKLM\..\Run: [Intuit SyncManager] . (.Intuit Inc. All rights reserved. - IntuitSyncManager.) -- C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe
    O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
    ~ Application: Scanned in 00mn AMs
    ---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
    ~ IE Extra Buttons: Scanned in 00mn AMs
    ---\\ Site in Trusted Zone (O15)
    O15 - Trusted Zone: [HKCU\...\Domains\www] http.qqsolutions.com
    ~ IE Zone Confiance: Scanned in 02mn AMs
    ---\\ Lop.com/Domain Hijackers (O17)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6B5000AA-FF92-48A3-A5FD-27C3B6EDA01C}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DC29B1CE-4902-4E90-8D00-37F4E4249330}: DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DC29B1CE-4902-4E90-8D00-37F4E4249330}: DhcpDomain = McGixxer.net
    O17 - HKLM\System\CS1\Services\Tcpip\..\{6B5000AA-FF92-48A3-A5FD-27C3B6EDA01C}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CS1\Services\Tcpip\..\{DC29B1CE-4902-4E90-8D00-37F4E4249330}: DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{DC29B1CE-4902-4E90-8D00-37F4E4249330}: DhcpDomain = McGixxer.net
    O17 - HKLM\System\CS2\Services\Tcpip\..\{6B5000AA-FF92-48A3-A5FD-27C3B6EDA01C}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CS2\Services\Tcpip\..\{DC29B1CE-4902-4E90-8D00-37F4E4249330}: DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{DC29B1CE-4902-4E90-8D00-37F4E4249330}: DhcpDomain = McGixxer.net
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
    ~ Domain: Scanned in 00mn AMs
    ---\\ Extra protocols (O18)
    O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn AMs
    ---\\ AppInit_DLLs Registry value Autorun (O20)
    O20 - Winlogon Notify: !SASWinLogon . (...) -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (.not file.)
    O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
    ~ Winlogon: Scanned in 00mn AMs
    ---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
    O23 - Service: QBCFMonitorService (QBCFMonitorService) . (.Intuit - QuickBooks Company File Monitoring Service.) - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    O23 - Service: QBIDPService (QBVSS) . (.Intuit Inc. - QBIDPService.) - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
    ~ Services: 18 Legitimates Filtered in 05mn AMs
    ---\\ Windows Active Desktop & MHTML Editor (O24)
    O24 - Desktop General: BackupWallPaper - .(...) - C:\Windows\web\wallpaper\TOSHIBA-3.jpg
    O24 - Desktop General: WallPaper - .(...) - C:\Windows\web\wallpaper\TOSHIBA-3.jpg
    ~ Desktop Component: 4 Legitimates Filtered in 00mn AMs
    ---\\ Task Planned Automatically (039)
    [MD5.B0EC253506BEE5CC1B004CD0E7A698E9] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe [135368] =>Toolbar.Ask
    [MD5.1CA0892FF3307DB86486D8FDB1E0698B] [APT] [{CFD08AE2-57B0-43E9-AE71-5E7B12D19BB9}] (...) -- C:\QuickFL\Install.exe [135168]
    ~ Scheduled Task: 13 Legitimates Filtered in 04mn AMs
  4. McGixxer

    McGixxer TS Rookie Topic Starter

    ---\\ Software installed (O42)
    O42 - Logiciel: AL3 Download Client - (...) [HKLM] -- {D84DF348-966B-4DDD-BE3A-128BC9129505}
    O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE} =>Toolbar.Ask
    O42 - Logiciel: Ask Toolbar Updater - (.Ask.com.) [HKCU] -- {79A765E1-C399-405B-85AF-466F52E918B0} =>Toolbar.Ask
    O42 - Logiciel: Cycling-Secrets v1.0 - (.Catad83.) [HKLM] -- Cycling-Secrets_is1
    O42 - Logiciel: DYMO Stamps - (.Endicia Internet Postage.) [HKLM] -- DYMO Stamps
    O42 - Logiciel: DYMO Stamps - (.Endicia Internet Postage.) [HKLM] -- DYMO Stamps.exe
    O42 - Logiciel: MeadCo ScriptX (v7.1.0.60 (x86)) - (.Mead & Co Ltd..) [HKLM] -- {BC15EFA7-97B7-43A3-A293-5117EC3C1A86}
    O42 - Logiciel: Mr Smooth v1.0 - (.Swim Smooth.) [HKLM] -- Mr Smooth_is1
    O42 - Logiciel: MrSmooth - (.Swim Smooth (Swim Smooth UK).) [HKLM] -- {AF81A6CC-F27F-2E0C-8B9A-5F6DA8687E0E}
    O42 - Logiciel: Progressive Downloader Plus - (.Progressive Insurance.) [HKCU] -- cf8ca50d45e159d3
    O42 - Logiciel: QuickBooks - (.Intuit Inc..) [HKLM] -- {25E202D1-D8E7-46AF-B4B0-157D9993A93E}
    O42 - Logiciel: QuickBooks Financial Center - (.Intuit Inc..) [HKLM] -- {890EF3F8-742F-46BD-9E8E-084B3A1F4364}
    O42 - Logiciel: QuickBooks Pro 2012 - (.Intuit Inc..) [HKLM] -- {22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}
    O42 - Logiciel: QuickFile Florida - (.QuickQuote.) [HKLM] -- QuickFile Florida
    O42 - Logiciel: Shop to Win 4 - (...) [HKLM] -- Shop to Win 4 =>Adware.ShopToWin
    O42 - Logiciel: TEAM-UP Download - (.Connective Technologies, Inc..) [HKCU] -- TEAM-UP Download
    O42 - Logiciel: Total Access Memo 2003 Runtime - (...) [HKLM] -- Total Access Memo 2003 Runtime
    O42 - Logiciel: Transfer Manager.NET - (...) [HKLM] -- {287CDCFB-36A4-44A4-9B49-26A95C85B4AD}
    ~ Logic: 35 Legitimates Filtered in 01mn AMs
    ---\\ HKCU & HKLM Software Keys
    [HKCU\Software\APN]
    [HKCU\Software\Ask.com]
    [HKCU\Software\Endicia]
    [HKCU\Software\GNworks]
    [HKCU\Software\KZF6cA]
    [HKCU\Software\MeadCo]
    [HKCU\Software\QuickBooks PDF Converter 3.0]
    [HKCU\Software\QuickBooks PDF Converter]
    [HKCU\Software\QuickQuote DO NOT DELETE]
    [HKCU\Software\Wal-Mart]
    [HKLM\Software\APN]
    [HKLM\Software\AskToolbar]
    [HKLM\Software\Cyclist]
    [HKLM\Software\Endicia]
    [HKLM\Software\IVANS]
    [HKLM\Software\KZF6cA]
    [HKLM\Software\MeadCo]
    [HKLM\Software\QuickQuote]
    [HKLM\Software\Symbience]
    [HKLM\Software\TotalRecipeSearch_14EI]
    ~ Key Software: 381 Legitimates Filtered in 01mn AMs
    ---\\ Contents of the Common Files folders (O43)
    O43 - CFD: 10/22/2012 - 3:54:46 PM - [3.489] ----D C:\Program Files\Ask.com
    O43 - CFD: 3/4/2011 - 4:42:08 PM - [7.027] ----D C:\Program Files\Cycling Secrets
    O43 - CFD: 2/25/2014 - 5:31:24 PM - [15.299] ----D C:\Program Files\DYMO Label
    O43 - CFD: 4/26/2012 - 4:03:04 PM - [9.240] ----D C:\Program Files\DYMO Stamps
    O43 - CFD: 3/28/2013 - 4:43:26 PM - [0.285] ----D C:\Program Files\MeadCo ScriptX
    O43 - CFD: 4/15/2011 - 3:03:16 PM - [163.417] ----D C:\Program Files\Midland LifeSolutions
    O43 - CFD: 1/17/2012 - 4:38:22 PM - [44.415] ----D C:\Program Files\Mr Smooth
    O43 - CFD: 1/17/2012 - 4:38:54 PM - [28.933] ----D C:\Program Files\MrSmooth
    O43 - CFD: 11/8/2009 - 6:02:25 PM - [34.633] ----D C:\Program Files\QuickQuote
    O43 - CFD: 11/8/2009 - 6:02:27 PM - [18.856] ----D C:\Program Files\QuickQuoteA2k2 Runtime
    O43 - CFD: 10/22/2012 - 3:54:36 PM - [0.100] ----D C:\Program Files\Smart PC Cleaner =>Rogue.SmartPCCleaner
    O43 - CFD: 5/11/2011 - 9:15:11 AM - [0.615] ----D C:\Program Files\Symbience
    O43 - CFD: 3/28/2013 - 4:43:27 PM - [6.820] ----D C:\Program Files\Common Files\MeadCo ScriptX
    O43 - CFD: 12/20/2011 - 4:55:58 PM - [0] ----D C:\ProgramData\Bomgar-SCC-4EF10069
    O43 - CFD: 11/8/2009 - 6:04:09 PM - [0.255] ----D C:\ProgramData\Partner
    O43 - CFD: 2/7/2013 - 9:46:36 AM - [0.034] ----D C:\ProgramData\ProgressiveInsurance
    O43 - CFD: 10/19/2012 - 11:50:29 AM - [0] ----D C:\Users\Owner\AppData\Roaming\DefaultTab =>Adware.Bandoo
    O43 - CFD: 3/16/2010 - 11:14:23 AM - [0.015] ----D C:\Users\Owner\AppData\Roaming\DYMO Stamps
    O43 - CFD: 12/19/2011 - 11:28:56 AM - [0] ----D C:\Users\Owner\AppData\Roaming\Idelni
    O43 - CFD: 1/17/2012 - 4:41:11 PM - [0.000] ----D C:\Users\Owner\AppData\Roaming\MrSmooth.1F1C2CE6230412E7752D206B573506D8446D8E6A.1
    O43 - CFD: 10/18/2012 - 2:44:09 PM - [0] ----D C:\Users\Owner\AppData\Roaming\Smart PC Cleaner =>Rogue.SmartPCCleaner
    O43 - CFD: 6/22/2012 - 8:32:44 AM - [0] ----D C:\Users\Owner\AppData\Roaming\Tutysy
    O43 - CFD: 1/6/2014 - 4:32:51 PM - [0.222] ----D C:\Users\Owner\AppData\Local\GNworks
    O43 - CFD: 3/20/2014 - 1:02:45 PM - [0] ----D C:\Users\Owner\AppData\Local\IAC
    O43 - CFD: 3/4/2011 - 4:42:05 PM - [5.369] ----D C:\Users\Owner\AppData\Local\lptmp1284 =>Adware.Incredibar
    O43 - CFD: 2/7/2013 - 9:45:38 AM - [0.000] ----D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Progressive Insurance
    O43 - CFD: 11/24/2009 - 1:18:23 PM - [0.002] ----D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TEAM-UP Download
    ~ 1181 Dossier CLSID vide (CLSID Empty Folder)
    ~ Program Folder: 1475 Legitimates Filtered in 50mn AMs
    ---\\ Last modified or created files under Windows and System32 (O44)
    O44 - LFC:[MD5.316DF50A505C84138DA4551BB65BA937] - 4/11/2014 - 10:22:45 AM ---A- . (...) -- C:\Windows\System32\GDIPFONTCACHEV1.DAT [129296]
    O44 - LFC:[MD5.8EC7C02DF8508F9336F9837E33681440] - 4/14/2014 - 4:48:31 PM ---A- . (...) -- C:\Windows\System32\rpcnetp.dll [17408]
    O44 - LFC:[MD5.F9B8748B14F1FDCFEC0E78254ED849D7] - 4/14/2014 - 8:08:12 PM ---A- . (...) -- C:\Windows\System32\rpcnetp.exe [17408]
    O44 - LFC:[MD5.697681D23913D175B4DA2849C4F97DE0] - 4/14/2014 - 9:47:19 PM ---A- . (...) -- C:\Windows\win.ini [275]
    ~ Files: 19 Legitimates Filtered in 02mn AMs
    ---\\ Operations and functions at Windows Explorer startup (O46)
    O46 - SEH:ShellExecuteHooks - SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
    ~ ShellExecuteHooks: Scanned in 00mn AMs
    ---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
    O53 - SMSR:HKLM\...\startupreg\GNworks Update [Key] . (...) -- :\Users\Owner\AppData\Local\GNworks\ep0lvraa.dll (.not file.)
    O53 - SMSR:HKLM\...\startupreg\QUICKDOWNLOAD [Key] . (.QuickQuote - QuickDownload for QuickFile.) -- C:\QuickFL\QuickDownload\QuickDownload.exe
    ~ SMSR Keys: 15 Legitimates Filtered in 00mn AMs
    ---\\ Microsoft Windows Policies System (MWPS) (O55)
    O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
    O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
    O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
    O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
    O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
    ~ MWPS: 18 Legitimates Filtered in 00mn AMs
    ---\\ System Drivers List (SDL) (O58)
    O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 7/13/2009 - 7:20:28 PM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
    O58 - SDL:[MD5.40725D93E5B7806F824715C3211CEDB1] - 7/3/2009 - 11:45:03 AM RSHA- . (...) -- C:\Windows\System32\Drivers\fbd.sys [13]
    O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 7/13/2009 - 4:54:14 PM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
    O58 - SDL:[MD5.CB5D13966F74D7F000724A907F614193] - 5/17/2011 - 3:44:44 PM ---A- . (.http://libusb-win32.sourceforge.net - LibUSB-Win32 - Kernel Driver.) -- C:\Windows\System32\Drivers\libusb0.sys [35776]
    O58 - SDL:[MD5.35045BC673E74FE0E8AA89BC16D50FBB] - 12/17/2008 - 8:48:36 PM ---A- . (.01 Communique Laboratory Inc. - RDesktop video mirror driver.) -- C:\Windows\System32\Drivers\rdsdrvdm.sys [27648]
    O58 - SDL:[MD5.0D60B8C10A2C5E8DD620B3FDEB1CDA64] - 4/23/2007 - 11:50:50 AM ---A- . (.Windows (R) Codename Longhorn DDK provider - Realtek Utility I/O Driver.) -- C:\Windows\System32\Drivers\RtlProt.sys [25896]
    O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 7/13/2009 - 7:19:04 PM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
    O58 - SDL:[MD5.483EBB6E4E5883180F3555BD70F9CFA2] - 7/3/2009 - 11:44:37 AM RSHA- . (...) -- C:\Windows\System32\Drivers\taishop.sys [4]
    O58 - SDL:[MD5.6E421CCC57059B0186C6259CA3B6DFC9] - 12/13/2012 - 1:50:38 PM ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [45056]
    O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 7/13/2009 - 3:40:41 PM ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
    O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 7/13/2009 - 3:40:44 PM ---A- . (...) -- C:\Windows\System32\country.sys [27097]
    O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 7/13/2009 - 3:40:40 PM ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
    O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 7/13/2009 - 3:40:43 PM ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
    O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 7/13/2009 - 3:40:43 PM ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
    O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 7/13/2009 - 3:40:23 PM ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
    O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 7/13/2009 - 3:40:31 PM ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
    O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 7/13/2009 - 3:40:35 PM ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
    O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 7/13/2009 - 3:40:39 PM ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
    O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 7/13/2009 - 3:40:27 PM ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
    O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 7/13/2009 - 3:40:11 PM ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
    O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 7/13/2009 - 3:40:15 PM ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
    O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 7/13/2009 - 3:40:17 PM ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
    O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 7/13/2009 - 3:40:19 PM ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
    O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 7/13/2009 - 3:40:13 PM ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
    ~ Drivers: 18 Legitimates Filtered in 04mn AMs
    ---\\ List all tools cleaner (LATC) (O63)
    O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn AMs
    ---\\ File Associations Shell Spawning (O67)
    O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
    ~ FASS Keys: 11 Legitimates Filtered in 00mn AMs
    ---\\ Start Menu Internet (SMI) (O68)
    O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
    O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
    O68 - StartMenuInternet: <Safari.exe> <Safari>[HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files\Safari\Safari.exe
    ~ Keys: Scanned in 00mn AMs
    ---\\ Search Browser Infection (SBI) (O69)
    O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
    O69 - SBI: SearchScopes [HKCU] {2EF7CAFC-C3FD-4487-882E-879E5DE88ED1} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask
    O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} - (Google) - http://www.google.com
    O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
    O69 - SBI: SearchScopes [HKCU] {75C98131-54C0-4002-B3A9-391BC15BA6E3} - (Google) - http://www.google.com
    O69 - SBI: SearchScopes [HKCU] {AD161361-68EB-41ED-8FC6-02F123AB7811} - (Bing) - http://www.bing.com
    O69 - SBI: SearchScopes [HKCU] {EE82F532-66A2-4785-A208-6C8060CD3F56} - (Yahoo! Search) - http://search.yahoo.com
    O69 - SBI: SearchScopes [HKUS\.DEFAULT] {E7301C61-00BC-4E42-B058-93A08E3B5BC6} [DefaultScope] - (Bing) - http://www.bing.com
    O69 - SBI: SearchScopes [HKUS\S-1-5-18] {E7301C61-00BC-4E42-B058-93A08E3B5BC6} [DefaultScope] - (Bing) - http://www.bing.com
    ~ Keys: Scanned in 00mn AMs
    ---\\ Search Particular Root Folder (SPRF) (O84)
    [MD5.59CA06DE9201457DBA4401016440A88B] [SPRF][8/18/2010] (...) -- C:\ProgramData\ezsidmv.dat [56]
    [MD5.EDE73F719C7DB22B8EB1E535963C6134] [SPRF][9/18/2013] (...) -- C:\Users\Owner\AppData\Roaming\wklnhst.dat [4424]
    ~ Files: 4 Legitimates Filtered in 00mn AMs
    ---\\ Firewall Active Exception List (FirewallRules) (O87)
    O87 - FAEL: "UDP Query User{AC99B712-7A19-4F3B-B35A-4E776F83CA76}C:\users\owner\documents\ctmweb24863-44902[1]\ctmweb.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\owner\documents\ctmweb24863-44902[1]\ctmweb.exe (.not file.)
    O87 - FAEL: "TCP Query User{5DDE23C5-21A1-40D7-A200-F719DE233DF0}C:\users\owner\documents\ctmweb24863-44902[1]\ctmweb.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\owner\documents\ctmweb24863-44902[1]\ctmweb.exe (.not file.)
    O87 - FAEL: "UDP Query User{5A14633B-6825-4487-B1B7-A519B94A466B}C:\users\owner\appdata\local\temp\temp1_ctmweb24863-44902[1].zip\ctmweb.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\owner\appdata\local\temp\temp1_ctmweb24863-44902[1].zip\ctmweb.exe (.not file.)
    O87 - FAEL: "TCP Query User{4AD48A11-6358-4361-95EB-CBB39C9FAB15}C:\users\owner\appdata\local\temp\temp1_ctmweb24863-44902[1].zip\ctmweb.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\owner\appdata\local\temp\temp1_ctmweb24863-44902[1].zip\ctmweb.exe (.not file.)
    O87 - FAEL: "{5BD8D2DA-FF44-496B-AB8D-D22002810D1F}" |In - None - P17 - TRUE | .(...) -- D:\setup\hpznui01.exe (.not file.)
    O87 - FAEL: "{0535378D-A0FA-4F09-86B1-0FE1CC9E51BA}" |In - Private - P6 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\7zS7906.tmp\SymNRT.exe (.not file.)
    O87 - FAEL: "{F41BA4B3-8952-4CEA-B33B-7D5441726757}" |In - Private - P17 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\7zS7906.tmp\SymNRT.exe (.not file.)
    O87 - FAEL: "{0C0920E4-DE45-47D7-BD44-D0964944AF46}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\migD2CD.tmp\migwiz.exe (.not file.)
    O87 - FAEL: "{64AEA52C-817A-4006-B592-4371566D83DD}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\migD2CD.tmp\migwiz.exe (.not file.)
    O87 - FAEL: "{F2A66A9B-E2B9-462F-BA78-E5916A2FBAB0}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\mig1539.tmp\migwiz.exe (.not file.)
    O87 - FAEL: "{36A7B2D9-8963-4740-97FF-A91DE2D730EC}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\mig1539.tmp\migwiz.exe (.not file.)
    O87 - FAEL: "{71B4641F-DB20-4FE9-8D10-1C5F57814726}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\mig26CA.tmp\migwiz.exe (.not file.)
    O87 - FAEL: "{1439BC5B-48DE-493C-9E6B-0F225540F66D}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\mig26CA.tmp\migwiz.exe (.not file.)
    O87 - FAEL: "{0E7D93F9-993C-4D2A-864E-E7420F9FB744}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\mig6AE8.tmp\migwiz.exe (.not file.)
    O87 - FAEL: "{6259A0DE-CC78-4FCB-8CA3-C1A3E9776F41}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\mig6AE8.tmp\migwiz.exe (.not file.)
    ~ Firewall: 240 Legitimates Filtered in 01mn AMs
    ---\\ Product Upgrade Codes (PUC) (O90)
    O90 - PUC: "07A917B4A41Fc5f4095B43B6427BFF1F" . (.Windows 7 Upgrade Advisor.) -- C:\Windows\Installer\{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}\WuaIcon
    O90 - PUC: "15CEC5CCF6CBA6841BAABE8254159ABE" . (.Bing Bar.) -- C:\Windows\Installer\{CC5CEC51-BC6F-486A-B1AA-EB284551A9EB}\icon_installer_ico =>Toolbar.Bing
    O90 - PUC: "7AFE51CB7B793A342A391571CEC3A168" . (.MeadCo ScriptX (v7.1.0.60 (x86)).) -- C:\Windows\Installer\{BC15EFA7-97B7-43A3-A293-5117EC3C1A86}\scriptx.ico
    O90 - PUC: "8F3FE098F247DB64E9E880B4A3F13446" . (.QuickBooks Financial Center.) -- C:\Windows\Installer\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}\ARPPRODUCTICON.exe
    O90 - PUC: "A28B4D68DEBAA244EB686953B7074FEF" . (.Ask Toolbar.) -- c:\program files\ask.com\fv_4fd8.ico =>Toolbar.Ask
    ~ Update Products: 186 Legitimates Filtered in 00mn AMs
    ---\\ Windows Installer Scan (WIS) (O93) (NTFS)
    [MD5.0698B8D780313EC9D0193A830EFEFA45] [WIS][9/23/2010] (.Midland National - Blank Project Template.) -- C:\Windows\Installer\16e169d.msi [413696]
    [MD5.4F27D023E0866265CC6F94D5AC1CC915] [WIS][1/17/2012] (.Swim Smooth (Swim Smooth UK) - MrSmooth.) -- C:\Windows\Installer\19ad4ec.msi [20992]
    [MD5.CDA6735D856716E986CC696C529500A3] [WIS][8/11/2009] (.Xobni, Inc. - Xobni Core DLL Installer.) -- C:\Windows\Installer\1b78765.msi [110080]
    [MD5.86AB4434F55A5CF91518A6A409686C5C] [WIS][1/17/2013] (.Mead & Co Ltd. - MeadCo ScriptX (v7.1.0.60 (x86)).) -- C:\Windows\Installer\1c7220d.msi [3289088]
    [MD5.0952E366FA5A3F55C764671E26751C1B] [WIS][6/28/2013] (.FINIS Inc. - Streamline Bridge.) -- C:\Windows\Installer\1ea99b.msi [30208]
    [MD5.A37F36438EEB1CB7C1B99F1D33A5F6A5] [WIS][8/21/2013] (.Trusteer - Rapport.) -- C:\Windows\Installer\22c4d.msi [27512832]
    [MD5.EA0A7CBE9AC324AB6C3AE3A534A87F1F] [WIS][5/3/2009] (.Corel Corporation - Blank Project Template.) -- C:\Windows\Installer\3468c.msi [7713792]
    [MD5.31CD01FA948F6FBE9037F795E0636D34] [WIS][5/3/2009] (.Intuit Inc. - QuickBooks Financial Center.) -- C:\Windows\Installer\39549.msi [1591808]
    [MD5.C53594D201D7D297B404E2DEB2C461BA] [WIS][6/16/2009] (.Realtek - Blank Project Template.) -- C:\Windows\Installer\3afe2.msi [5738496]
    [MD5.25C4A5F7A8708BAD15A64E5B8DF333CD] [WIS][8/13/2012] (.Ask.com - Blank Project Template.) -- C:\Windows\Installer\dc1fb9.msi [3809280]
    [MD5.5084B956DCCD3E1E0289B6809D79EC64] [WIS][9/10/2009] (.MPM - MPM.) -- C:\Windows\Installer\e35644.msi [144384]
    [MD5.559583F3F0F090A5A192DE092222E7C4] [WIS][3/14/2012] (.Intuit Inc. - QuickBooks.) -- C:\Windows\Installer\e4372a.msi [49439284]
    ~ WIS: 194 Legitimates Filtered in 25mn AMs
    ---\\ Search Tracing Registry Key (O100)
    HKLM\SOFTWARE\Microsoft\Tracing\dealioToolbarInstall_RASAPI32 =>PUP.Dealio
    HKLM\SOFTWARE\Microsoft\Tracing\dealioToolbarInstall_RASMANCS =>PUP.Dealio
    HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en_signed_RASAPI32 =>Toolbar.Google
    HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en_signed_RASMANCS =>Toolbar.Google
    HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_D370CDE96771667E_RASAPI32 =>Toolbar.Google
    HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_D370CDE96771667E_RASMANCS =>Toolbar.Google
    HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
    HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
    HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32 =>Adware.SearchSettings
    HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS =>Adware.SearchSettings
    ~ BTK: 367 Legitimates Filtered in 00mn AMs
    ---\\ Search CLSID Registry Key (O101)
    [HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google
    [HKCR\CLSID\{4C82B29E-294C-394A-B6F4-8BD92BEEF1BA}] (Intuit.SBD.ERDownloader.ExchangeRateDownloaderException) =>PUP.SoftwareEngine
    [HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing
    [HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
    [HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] (Ask Toolbar) =>Toolbar.Ask
    ~ BCK: 7524 Legitimates Filtered in 12mn AMs
    ---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
    SS - | Demand 4/11/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    SS - | Demand 2/15/2011 183560 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\BBSvc.exe =>Toolbar.Bing
    SS - | Demand 4/16/2010 246520 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
    SS - | Auto 2/4/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
    SS - | Demand 2/4/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
    SS - | Demand 10/23/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    SS - | Demand 11/14/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    SS - | Demand 10/19/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
    SS - | Demand 3/14/2012 61440 | (QBFCService) . (.Intuit Inc..) - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    SS - | Demand 7/13/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
    SS - | Disabled 8/11/2009 39424 | (XobniService) . (.Xobni Corporation.) - C:\Program Files\Xobni\XobniService.exe
    SR - | Auto 3/18/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    SR - | Auto 12/18/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    SR - | Auto 3/27/2009 14336 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agrsmsvc.exe
    SR - | Auto 9/7/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    SR - | Auto 8/30/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
    SR - | Auto 4/16/2009 20544 | (camsvc) . (.TOSHIBA.) - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
    SR - | Auto 8/10/2009 185712 | (cfWiMAXService) . (.TOSHIBA CORPORATION.) - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
    SR - | Auto 3/10/2009 46448 | (ConfigFree Service) . (.TOSHIBA CORPORATION.) - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    SR - | Demand 7/13/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
    SR - | Auto 7/13/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
    SR - | Auto 7/13/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
    SR - | Auto 10/19/2006 61440 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    SR - | Auto 3/11/2014 22216 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
    SR - | Auto 7/13/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
    SR - | Auto 7/13/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
    SR - | Auto 6/5/2012 45056 | (QBCFMonitorService) . (.Intuit.) - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    SR - | Auto 3/14/2012 1248256 | (QBVSS) . (.Intuit Inc..) - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
    SR - | Auto 1/5/2014 69792 | (rpcnet) . (.Absolute Software Corp..) - C:\Windows\system32\rpcnet.exe
    SR - | Auto 2/19/2009 57344 | (RSELSVC) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
    SR - | Auto 2/14/2011 249648 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\BingBar\SeaPort.exe =>Toolbar.Bing
    SR - | Auto 4/1/2009 62776 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =>.Toshiba Corporation
    SR - | Auto 7/28/2009 128344 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe
    SR - | Auto 4/14/2009 176128 | (TOSHIBA eco Utility Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TECO\TecoService.exe =>.Toshiba Corporation
    SR - | Demand 8/3/2009 111960 | (TOSHIBA HDD SSD Alert Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    SR - | Auto 4/9/2009 656752 | (TPCHSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    SR - | Auto 7/13/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
    ~ Services: Scanned in 13mn AMs
    ---\\ Scan Additionnel (O88)
    Database Version : 13044 - (4/13/2014)
    Clés trouvées (Keys found) : 51
    Valeurs trouvées (Values found) : 2
    Dossiers trouvés (Folders found) : 9
    Fichiers trouvés (Files found) : 6
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Ask^
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] =>Toolbar.Ask^
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}] =>Toolbar.Ask^
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Shop to Win 4] =>Adware.ShopToWin^
    [HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar
    [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}] =>Toolbar.Ask
    [HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] =>Toolbar.Ask
    [HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask
    [HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask
    [HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Toolbar.Ask
    [HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
    [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
    [HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
    [HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
    [HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Toolbar.Ask
    [HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd] =>Toolbar.Ask
    [HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1] =>Toolbar.Ask
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
    [HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
    [HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
    [HKCU\Software\APN] =>Toolbar.Ask
    [HKLM\Software\APN] =>Toolbar.Ask
    [HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater] =>Toolbar.Ask
    [HKCU\Software\Ask.com] =>Toolbar.AskBar
    [HKCU\Software\AppDataLow\Software\AskToolbar] =>Toolbar.AskTBar
    [HKLM\Software\AskToolbar] =>Toolbar.AskTBar
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9] =>PUP.Dealio
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24] =>PUP.Dealio
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607] =>PUP.Dealio
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F] =>PUP.Dealio
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21] =>PUP.Dealio
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF] =>PUP.Dealio
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
    [HKLM\Software\Microsoft\Tracing\apnstub_RASAPI32] =>Toolbar.Ask
    [HKLM\Software\Microsoft\Tracing\apnstub_RASMANCS] =>Toolbar.Ask
    [HKLM\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32] =>Toolbar.Ask
    [HKLM\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs] =>Toolbar.Ask
    [HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector
    [HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector
    [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.Ask^
    [HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{00000000-6E41-4FD3-8538-502F5495E5FC} =>Adware.ShopperReports
    C:\Program Files\Smart PC Cleaner =>Rogue.SmartPCCleaner^
    C:\Users\Owner\AppData\Roaming\DefaultTab =>Adware.Bandoo^
    C:\Users\Owner\AppData\Roaming\Smart PC Cleaner =>Rogue.SmartPCCleaner^
    C:\Users\Owner\AppData\Local\lptmp1284 =>Adware.Incredibar^
    C:\Program Files\Ask.com =>Toolbar.AskBar
    C:\ProgramData\Partner =>Spyware.Partner
    C:\Users\Owner\AppData\LocalLow\AskToolbar =>Toolbar.AskTBar
    C:\Users\Owner\AppData\LocalLow\FunWebProducts =>Adware.MyWebSearch
    C:\Users\Owner\AppData\LocalLow\MyWebSearch =>Adware.MyWebSearch
    C:\Program Files\Ask.com\UpdateTask.exe =>Toolbar.Ask^
    [HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google^
    [HKCR\CLSID\{4C82B29E-294C-394A-B6F4-8BD92BEEF1BA}] (Intuit.SBD.ERDownloader.ExchangeRateDownloaderException) =>PUP.SoftwareEngine^
    [HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing^
    [HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
    [HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] (Ask Toolbar) =>Toolbar.Ask^
    ~ Additionnel Scan: 479529 Items scanned in 34mn AMs
    ---\\ Summary of the detections found on your workstation
    http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
    http://nicolascoolman.webs.com/apps/blog/show/32151568-adware-shoptowin =>Adware.ShopToWin
    http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
    http://nicolascoolman.webs.com/apps/blog/show/26898222-adware-incredibar =>Adware.Incredibar
    http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio
    http://nicolascoolman.webs.com/apps/blog/show/27529295-adware-searchsettings =>Adware.SearchSettings
    http://nicolascoolman.webs.com/apps/blog/show/29758660-pup-softwareengine =>PUP.SoftwareEngine
    http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
    http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector =>PUP.BProtector
    http://nicolascoolman.webs.com/apps/blog/show/28193283-spyware-partner =>Spyware.Partner
    ~ MSI: 10 link(s) detected in 00mn AMs
    ~ 2666 Legitimates filtered by white list
    End of the scan (697 lines in 49mn AMs)(0)
  5. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  6. McGixxer

    McGixxer TS Rookie Topic Starter

    I hope that's everything, because I sure don't want to waste time or make things harder for anyone kind enough to help complete strangers with a problem. But If I have done something wrong, please let me know and I will try my hardest to get it correct. I'm at my wits end with this virus, I've been trying to remove it for 3 days with no luck.
  7. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    We posted at the same time.
  8. McGixxer

    McGixxer TS Rookie Topic Starter

    TDDS Log Part 1
    23:25:31.0123 0x0e34 TDSS rootkit removing tool 3.0.0.31 Apr 11 2014 08:55:10
    23:25:31.0887 0x0e34 ============================================================
    23:25:31.0887 0x0e34 Current date / time: 2014/04/14 23:25:31.0887
    23:25:31.0887 0x0e34 SystemInfo:
    23:25:31.0887 0x0e34
    23:25:31.0887 0x0e34 OS Version: 6.1.7600 ServicePack: 0.0
    23:25:31.0887 0x0e34 Product type: Workstation
    23:25:31.0887 0x0e34 ComputerName: OWNER-PC
    23:25:31.0887 0x0e34 UserName: Owner
    23:25:31.0887 0x0e34 Windows directory: C:\Windows
    23:25:31.0887 0x0e34 System windows directory: C:\Windows
    23:25:31.0887 0x0e34 Processor architecture: Intel x86
    23:25:31.0887 0x0e34 Number of processors: 2
    23:25:31.0887 0x0e34 Page size: 0x1000
    23:25:31.0887 0x0e34 Boot type: Normal boot
    23:25:31.0887 0x0e34 ============================================================
    23:25:31.0903 0x0e34 BG loaded
    23:25:32.0121 0x0e34 System UUID: {77C2BDAB-12BF-08F4-08A4-CA075466D6F2}
    23:25:33.0759 0x0e34 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    23:25:33.0822 0x0e34 ============================================================
    23:25:33.0822 0x0e34 \Device\Harddisk0\DR0:
    23:25:33.0869 0x0e34 MBR partitions:
    23:25:33.0869 0x0e34 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23F93800
    23:25:33.0869 0x0e34 ============================================================
    23:25:33.0915 0x0e34 C: <-> \Device\Harddisk0\DR0\Partition1
    23:25:33.0915 0x0e34 ============================================================
    23:25:33.0915 0x0e34 Initialize success
    23:25:33.0915 0x0e34 ============================================================
    23:26:22.0485 0x0f14 ============================================================
    23:26:22.0485 0x0f14 Scan started
    23:26:22.0485 0x0f14 Mode: Manual;
    23:26:22.0485 0x0f14 ============================================================
    23:26:22.0485 0x0f14 KSN ping started
    23:26:24.0966 0x0f14 KSN ping finished: true
    23:26:32.0127 0x0f14 ================ Scan system memory ========================
    23:26:32.0127 0x0f14 Scan was interrupted by user!
    23:26:32.0486 0x0f14 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.5.216.0 ), 0x60000 ( disabled : updated )
    23:26:32.0486 0x0f14 Win FW state via NFP2: enabled
    23:26:35.0107 0x0f14 ============================================================
    23:26:35.0107 0x0f14 Scan finished
    23:26:35.0107 0x0f14 ============================================================
    23:26:35.0107 0x0c20 Detected object count: 0
    23:26:35.0107 0x0c20 Actual detected object count: 0
    23:26:44.0373 0x060c ============================================================
    23:26:44.0373 0x060c Scan started
    23:26:44.0373 0x060c Mode: Manual;
    23:26:44.0373 0x060c ============================================================
    23:26:44.0373 0x060c KSN ping started
    23:26:46.0947 0x060c KSN ping finished: true
    23:26:48.0039 0x060c ================ Scan system memory ========================
    23:26:48.0039 0x060c System memory - ok
    23:26:48.0039 0x060c ================ Scan services =============================
    23:26:48.0476 0x060c [ 6D2ACA41739BFE8CB86EE8E85F29697D, 74A4F53C8309A8E5E94CDE4D440DD5308566185E6D8D98FD08E70A25BD728C91 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
    23:26:48.0476 0x060c 1394ohci - ok
    23:26:49.0194 0x060c [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    23:26:49.0194 0x060c ACDaemon - ok
    23:26:49.0272 0x060c [ F0E07D144C8685B8774BC32FC8DA4DF0, 39816ED2623CA9ABE2B2EDCDB2F8481634742F00FEEF7E324F34D2BAAD668A67 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
    23:26:49.0287 0x060c ACPI - ok
    23:26:49.0381 0x060c [ 98D81CA942D19F7D9153B095162AC013, ACE5C073323176621F3312AA9B1EE1A3382F8CDD590D90DC57B34035FD6BC281 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
    23:26:49.0396 0x060c AcpiPmi - ok
    23:26:50.0114 0x060c [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    23:26:50.0114 0x060c AdobeARMservice - ok
    23:26:50.0551 0x060c [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    23:26:50.0551 0x060c AdobeFlashPlayerUpdateSvc - ok
    23:26:50.0644 0x060c [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    23:26:50.0676 0x060c adp94xx - ok
    23:26:50.0754 0x060c [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    23:26:50.0754 0x060c adpahci - ok
    23:26:50.0800 0x060c [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    23:26:50.0816 0x060c adpu320 - ok
    23:26:50.0894 0x060c [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    23:26:50.0910 0x060c AeLookupSvc - ok
    23:26:51.0081 0x060c [ 0DB7A48388D54D154EBEC120461A0FCD, 567B65F96ADE0E8252B7D8CE7F254CB8054C3AE4BC3577C394EFDEF8D8A61427 ] AFD C:\Windows\system32\drivers\afd.sys
    23:26:51.0081 0x060c AFD - ok
    23:26:51.0222 0x060c [ 6416F9B6B220F0A890525C38235AFAD7, C2A643E1BA75CD00C1C7F62475A7122AA95530A835AE62CF0FD9EADFA07B7EBD ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
    23:26:51.0222 0x060c AgereModemAudio - ok
    23:26:51.0284 0x060c [ 07758C2196A62F207F77556311E7459A, E63C4BE29CA03907FC8E23D65D1D6CF517D22AA7F5C341E42777101AF1CAB2D9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
    23:26:51.0315 0x060c AgereSoftModem - ok
    23:26:51.0705 0x060c [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
    23:26:51.0705 0x060c agp440 - ok
    23:26:52.0126 0x060c [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
    23:26:52.0142 0x060c aic78xx - ok
    23:26:52.0329 0x060c [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
    23:26:52.0345 0x060c ALG - ok
    23:26:52.0454 0x060c [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
    23:26:52.0470 0x060c aliide - ok
    23:26:52.0610 0x060c [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
    23:26:52.0610 0x060c amdagp - ok
    23:26:52.0657 0x060c [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
    23:26:52.0657 0x060c amdide - ok
    23:26:52.0766 0x060c [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    23:26:52.0766 0x060c AmdK8 - ok
    23:26:52.0813 0x060c [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    23:26:52.0813 0x060c AmdPPM - ok
    23:26:53.0078 0x060c [ 19CE906B4CDC11FC4FEF5745F33A63B6, 27BF91DB1FDC81CFCF0E0DCFD3C4AD51FCFB778D36F1E83105C2AFCF6851A4DF ] amdsata C:\Windows\system32\drivers\amdsata.sys
    23:26:53.0078 0x060c amdsata - ok
    23:26:53.0265 0x060c [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    23:26:53.0265 0x060c amdsbs - ok
    23:26:53.0296 0x060c [ 869E67D66BE326A5A9159FBA8746FA70, 8F493A340F19FB39B5BD24EF8603812BECE7770544AB91817FF67236448569CB ] amdxata C:\Windows\system32\drivers\amdxata.sys
    23:26:53.0296 0x060c amdxata - ok
    23:26:53.0328 0x060c [ FEB834C02CE1E84B6A38F953CA067706, E5A7F8B632ABFBD1283C3D44FB02449814EDB653B204E1720DAA780A6D64FD01 ] AppID C:\Windows\system32\drivers\appid.sys
    23:26:53.0328 0x060c AppID - ok
    23:26:53.0421 0x060c [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
    23:26:53.0421 0x060c AppIDSvc - ok
    23:26:53.0437 0x060c [ 7DEAD9E3F65DCB2794F2711003BBF650, F541C30EEFD1BDB70F361B878B6E51DC728873695DD137148CE531FBACCDA21B ] Appinfo C:\Windows\System32\appinfo.dll
    23:26:53.0437 0x060c Appinfo - ok
    23:26:53.0608 0x060c [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    23:26:53.0608 0x060c Apple Mobile Device - ok
    23:26:53.0874 0x060c [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
    23:26:53.0874 0x060c arc - ok
    23:26:53.0952 0x060c [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    23:26:53.0952 0x060c arcsas - ok
    23:26:54.0435 0x060c [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    23:26:54.0529 0x060c aspnet_state - ok
    23:26:54.0560 0x060c [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    23:26:54.0560 0x060c AsyncMac - ok
    23:26:54.0638 0x060c [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\DRIVERS\atapi.sys
    23:26:54.0638 0x060c atapi - ok
    23:26:54.0763 0x060c [ 510C873BFA135AA829F4180352772734, BC528D840EB338B0C5D11801C63D8EADD40AF8043DC77ACB4B42E8D20767538F ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    23:26:54.0778 0x060c AudioEndpointBuilder - ok
    23:26:54.0825 0x060c [ 510C873BFA135AA829F4180352772734, BC528D840EB338B0C5D11801C63D8EADD40AF8043DC77ACB4B42E8D20767538F ] Audiosrv C:\Windows\System32\Audiosrv.dll
    23:26:54.0841 0x060c Audiosrv - ok
    23:26:54.0903 0x060c [ DD6A431B43E34B91A767D1CE33728175, 8BFF6474C9DFBEC96FA7B2789EF9B17C7910B52DBCF70CDA1F0C698CFA5EFB6E ] AxInstSV C:\Windows\System32\AxInstSV.dll
    23:26:54.0919 0x060c AxInstSV - ok
    23:26:54.0997 0x060c [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
    23:26:55.0028 0x060c b06bdrv - ok
    23:26:55.0153 0x060c [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
    23:26:55.0168 0x060c b57nd60x - ok
    23:26:55.0418 0x060c [ 66E66FD5A83C8BBFB791D14246D84015, D1814B71DE284C9806962341888FE0641B2740190AF63FA05FF0EC594F105916 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
    23:26:55.0418 0x060c BBSvc - ok
    23:26:55.0527 0x060c [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
    23:26:55.0527 0x060c BDESVC - ok
    23:26:55.0652 0x060c [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
    23:26:55.0652 0x060c Beep - ok
    23:26:55.0730 0x060c [ 85AC71C045CEB054ED48A7841AAE0C11, BA0C0CC50E5C49838116AC9A12A7CF1A683601FD08D3CF6EC06620C51C0806FF ] BFE C:\Windows\System32\bfe.dll
    23:26:55.0746 0x060c BFE - ok
    23:26:55.0839 0x060c [ 53F476476F55A27F580661BDE09C4EC4, 90DFBF97F011CFF41D2CFA2E33978BC746A7E693AC75EED1436130C4F10B4E67 ] BITS C:\Windows\system32\qmgr.dll
    23:26:55.0902 0x060c BITS - ok
    23:26:55.0933 0x060c [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    23:26:55.0933 0x060c blbdrive - ok
    23:26:56.0073 0x060c [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    23:26:56.0089 0x060c Bonjour Service - ok
    23:26:56.0151 0x060c [ 9A5C671B7FBAE4865149BB11F59B91B2, BE1D5901CB8EF20E34F711D6451BDFBCA4BD65AFAD6028964C5CE1673D94FBAD ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    23:26:56.0151 0x060c bowser - ok
    23:26:56.0214 0x060c [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    23:26:56.0214 0x060c BrFiltLo - ok
    23:26:56.0229 0x060c [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    23:26:56.0229 0x060c BrFiltUp - ok
    23:26:56.0323 0x060c [ A0E691DC6589D4D2CBE373171D1A49E5, 66BAED3EF7AFE0FB4304FC97ABE2BB106ADE1A956F89DCB52E70F30239461D05 ] Browser C:\Windows\System32\browser.dll
    23:26:56.0323 0x060c Browser - ok
    23:26:56.0370 0x060c [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    23:26:56.0385 0x060c Brserid - ok
    23:26:56.0463 0x060c [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    23:26:56.0463 0x060c BrSerWdm - ok
    23:26:56.0588 0x060c [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    23:26:56.0588 0x060c BrUsbMdm - ok
    23:26:56.0604 0x060c [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    23:26:56.0604 0x060c BrUsbSer - ok
    23:26:56.0635 0x060c [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    23:26:56.0635 0x060c BTHMODEM - ok
    23:26:56.0682 0x060c [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
    23:26:56.0697 0x060c bthserv - ok
    23:26:56.0947 0x060c [ F1140ED3A1E1D6824A63F27AFD9EEF32, AF40AA352857A4161B500C404B88DEBD41E0A06640393B57CD5FD14E325BBE97 ] camsvc C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
    23:26:56.0947 0x060c camsvc - ok
    23:26:57.0150 0x060c catchme - ok
    23:26:57.0228 0x060c [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    23:26:57.0228 0x060c cdfs - ok
    23:26:57.0306 0x060c [ BA6E70AA0E6091BC39DE29477D866A77, A17A68BDA46995F75FB1C2C593A81CD3B2BFE290CEAA45FA2380DDF5537A23C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    23:26:57.0306 0x060c cdrom - ok
    23:26:57.0399 0x060c [ 628A9E30EC5E18DD5DE6BE4DBDC12198, DDA43DCCB195440D6BD5752BD00D984F45BD6D23DBE2A656C33E3CD1E5D17AD7 ] CertPropSvc C:\Windows\System32\certprop.dll
    23:26:57.0399 0x060c CertPropSvc - ok
    23:26:57.0540 0x060c [ 1F8A319D29394F9CE1B7AE020DF2EBBF, 624D2A19751D50566C4D3292CA627ADE78C2BE5807B37A0C370EF7FE4FE62048 ] cfWiMAXService C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
    23:26:57.0555 0x060c cfWiMAXService - ok
    23:26:57.0618 0x060c [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    23:26:57.0618 0x060c circlass - ok
    23:26:57.0711 0x060c [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
    23:26:57.0711 0x060c CLFS - ok
    23:26:57.0898 0x060c [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    23:26:57.0914 0x060c clr_optimization_v2.0.50727_32 - ok
    23:26:58.0086 0x060c [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    23:26:58.0273 0x060c clr_optimization_v4.0.30319_32 - ok
    23:26:58.0304 0x060c [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    23:26:58.0304 0x060c CmBatt - ok
    23:26:58.0382 0x060c [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
    23:26:58.0382 0x060c cmdide - ok
    23:26:58.0491 0x060c [ DB5E008B3744DD60C8498CBBF2A1CFA6, 1D851BF2433A953B32438A911D194C9DB42A52CD6E8DA296CA3C8DD2CCA83381 ] CNG C:\Windows\system32\Drivers\cng.sys
    23:26:58.0522 0x060c CNG - ok
    23:26:58.0585 0x060c [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    23:26:58.0585 0x060c Compbatt - ok
    23:26:58.0647 0x060c [ F1724BA27E97D627F808FB0BA77A28A6, F7D69082EEFEC0FB8B309F6AEE282D4A5DFC1A40851ED65904AA9582C5DEA5AB ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    23:26:58.0647 0x060c CompositeBus - ok
    23:26:58.0694 0x060c COMSysApp - ok
    23:26:58.0756 0x060c [ CAB0EEAF5295FC96DDD3E19DCE27E131, 87BCAC18D920153322D325AA5B93BB0B447577D67261FDCC01C5B60643CEA792 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    23:26:58.0756 0x060c ConfigFree Service - ok
    23:26:58.0850 0x060c [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    23:26:58.0850 0x060c crcdisk - ok
    23:26:58.0928 0x060c [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED, 579D206CF49FB78C2D9BA29A9C57489B7875242EB618019CB7B8D336C70A09E6 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    23:26:58.0928 0x060c CryptSvc - ok
    23:26:59.0006 0x060c [ 33E7AB50F87F97ABD9057205E27CB182, CD5139E2ED2652E5EE5E31F43B0EE06971A4490943238C0BA1BA36C02963C245 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
    23:26:59.0022 0x060c dc3d - ok
    23:26:59.0084 0x060c [ B82CD39E336973359D7C9BF911E8E84F, 45DB8F1E88FC25A81D2F3C2F8A8CDB6B34C44950B038E24FB71DCDD9823DB22A ] DcomLaunch C:\Windows\system32\rpcss.dll
    23:26:59.0100 0x060c DcomLaunch - ok
    23:26:59.0146 0x060c [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
    23:26:59.0162 0x060c defragsvc - ok
    23:26:59.0240 0x060c [ 83D1ECEA8FAAE75604C0FA49AC7AD996, 0EB4F374CB91AFF12ABC7EFC7858BDB6E58B50FCE0ADA1711F90FF592059DA40 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    23:26:59.0256 0x060c DfsC - ok
    23:26:59.0396 0x060c [ C56495FBD770712367CAD35E5DE72DA6, 9D5456A2E208F542F0B6C951EFCABA2A10919777C4287D7298A28F543D5BAC32 ] Dhcp C:\Windows\system32\dhcpcore.dll
    23:26:59.0396 0x060c Dhcp - ok
    23:26:59.0458 0x060c [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
    23:26:59.0458 0x060c discache - ok
    23:26:59.0521 0x060c [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
    23:26:59.0521 0x060c Disk - ok
    23:26:59.0568 0x060c [ B15BE77A2BACF9C3177D27518AFE26A9, FBF02038C2EC0262B401FCBD348C48DF184AD76E95643E3D6ED32C02E90D8FC9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    23:26:59.0583 0x060c Dnscache - ok
    23:26:59.0677 0x060c [ 4408C85C21EEA48EB0CE486BAEEF0502, 67EA726F4053665D94D7790EC89616EA0698A7548073A9211E3F75937B4384BE ] dot3svc C:\Windows\System32\dot3svc.dll
    23:26:59.0677 0x060c dot3svc - ok
    23:26:59.0786 0x060c [ B5E479EB83707DD698F66953E922042C, 82891A4699F180A20EB25A0EC49A7E008B007A374BAA3279483AC1C95D125FE8 ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
    23:26:59.0786 0x060c Dot4 - ok
    23:26:59.0817 0x060c [ C25FEA07A8E7767E8B89AB96A3B96519, 29850207B9FC908AC976C1E0899222538733A0D1C5F9F5EAB2E798A053201431 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
    23:26:59.0817 0x060c Dot4Print - ok
    23:26:59.0895 0x060c [ 9F7DE667C505CE6500BECDD8E11644D7, AA9C589980684429DBAF882AB9A197A6894F23B0CB629C7AF3E27B34B61CB6C1 ] Dot4Scan C:\Windows\system32\DRIVERS\Dot4Scan.sys
    23:26:59.0911 0x060c Dot4Scan - ok
    23:26:59.0942 0x060c [ CF491FF38D62143203C065260567E2F7, 4315FD8FC88CF627EBE469A2DF0F280B17C95D3004FC7A93D6F8E47F0D91A037 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
    23:26:59.0942 0x060c dot4usb - ok
    23:27:00.0067 0x060c [ 7FA81C6E11CAA594ADB52084DA73A1E5, 9ED1C585D9CA091E75E4A2A1E5B923B104EBDC5FC9D12154DE909C583E4D0CAE ] DPS C:\Windows\system32\dps.dll
    23:27:00.0067 0x060c DPS - ok
    23:27:00.0176 0x060c [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    23:27:00.0176 0x060c drmkaud - ok
    23:27:00.0270 0x060c [ 1679A4669326CB1A67CC95658D273234, 57429EC10744956635CAE0742320D7C03B3EEA0CB1F5769AEF21C054C0B5E498 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    23:27:00.0285 0x060c DXGKrnl - ok
    23:27:00.0379 0x060c [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
    23:27:00.0379 0x060c EapHost - ok
    23:27:00.0597 0x060c [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
    23:27:00.0769 0x060c ebdrv - ok
    23:27:00.0831 0x060c [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] EFS C:\Windows\System32\lsass.exe
    23:27:00.0847 0x060c EFS - ok
    23:27:01.0018 0x060c [ 1697C39978CD69F6FBC15302EDCECE1F, E496FAE102EE33EBD35AC745E8647976DB9F91EF78E54EB962FF2D04D45B561A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    23:27:01.0112 0x060c ehRecvr - ok
    23:27:01.0174 0x060c [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
    23:27:01.0174 0x060c ehSched - ok
    23:27:01.0268 0x060c [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    23:27:01.0299 0x060c elxstor - ok
    23:27:01.0346 0x060c [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
    23:27:01.0346 0x060c ErrDev - ok
    23:27:01.0455 0x060c [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
    23:27:01.0471 0x060c EventSystem - ok
    23:27:01.0502 0x060c [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
    23:27:01.0502 0x060c exfat - ok
    23:27:01.0611 0x060c [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    23:27:01.0611 0x060c fastfat - ok
    23:27:01.0705 0x060c [ F7EA23CC5E6BF2181F3F399D54F6EFC1, 4659A2EDC5D5171668FB20BED7B56466A674876888519D6F524F7456EBD11263 ] Fax C:\Windows\system32\fxssvc.exe
    23:27:01.0720 0x060c Fax - ok
    23:27:01.0767 0x060c [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    23:27:01.0767 0x060c fdc - ok
    23:27:01.0892 0x060c [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
    23:27:01.0892 0x060c fdPHost - ok
    23:27:01.0954 0x060c [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
    23:27:01.0954 0x060c FDResPub - ok
    23:27:02.0001 0x060c [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    23:27:02.0017 0x060c FileInfo - ok
    23:27:02.0032 0x060c [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    23:27:02.0032 0x060c Filetrace - ok
    23:27:02.0079 0x060c [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    23:27:02.0079 0x060c flpydisk - ok
    23:27:02.0126 0x060c [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    23:27:02.0126 0x060c FltMgr - ok
    23:27:02.0204 0x060c [ 7FE4995528A7529A761875151EE3D512, 63F062A8E6AA9AEF39A46E94ADD548C72B4E21C1090DE9CBDCFB3F4489637BAF ] FontCache C:\Windows\system32\FntCache.dll
    23:27:02.0251 0x060c FontCache - ok
    23:27:02.0360 0x060c [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    23:27:02.0485 0x060c FontCache3.0.0.0 - ok
    23:27:02.0485 0x060c [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    23:27:02.0485 0x060c FsDepends - ok
    23:27:02.0656 0x060c [ B0082808A6856A252F7CDD939892CE50, 3A069239629C4F54049A2CFC6642AC5102ECEAA74470BAA9DDB1AB108D1060EE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
    23:27:02.0688 0x060c fssfltr - ok
    23:27:02.0922 0x060c [ 28DDEEEC44E988657B732CF404D504CB, 47F83018E5449CDCED3DD447991788EBAAC92C418D4513FBA9408C45E9AB8E7E ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    23:27:03.0078 0x060c fsssvc - ok
    23:27:03.0109 0x060c [ 500A9814FD9446A8126858A5A7F7D273, FB9607A43B8DDA87A449A3BFEBDC035F00BA7B5D9CC56AD5F310732A38F56A46 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    23:27:03.0109 0x060c Fs_Rec - ok
    23:27:03.0187 0x060c [ 4732E596BB1C50D9F9188C5074EE7782, 465E47C6AFA53B7CAFED5C61A5D832E7B3A1A33F82E1F11A472B84CD24D2ED55 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    23:27:03.0202 0x060c fvevol - ok
    23:27:03.0280 0x060c [ CBC22823628544735625B280665E434E, 6B5A3FE469CACE241F3332E6E6B3D0ACB3C2EB3DF0297C744F5A155992F0B411 ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys
    23:27:03.0280 0x060c FwLnk - ok
    23:27:03.0374 0x060c [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    23:27:03.0390 0x060c gagp30kx - ok
    23:27:03.0546 0x060c [ 67CF4C2E7477B9A01DF07E38AF293414, 97DE62637E66D8FA5DDE5247270030C362326D073824A3D1CF6056B5CB5C72CB ] GameConsoleService C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
    23:27:03.0624 0x060c GameConsoleService - ok
    23:27:03.0702 0x060c [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    23:27:03.0702 0x060c GEARAspiWDM - ok
    23:27:03.0764 0x060c [ 8BA3C04702BF8F927AB36AE8313CA4EE, 3B6460C8134AA9D6E4FB978201B35FE9B67DD5BBB6C8D9625F3097DDA30C2893 ] gpsvc C:\Windows\System32\gpsvc.dll
    23:27:03.0780 0x060c gpsvc - ok
    23:27:03.0842 0x060c [ 6003BC70F1A8307262BD3C941BDA0B7E, E820EB4B7099687831A67D37F6004A58968D3B89BF7F964848191455E4DA3AF0 ] grmnusb C:\Windows\system32\drivers\grmnusb.sys
    23:27:03.0842 0x060c grmnusb - ok
    23:27:04.0014 0x060c [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    23:27:04.0014 0x060c gupdate - ok
    23:27:04.0092 0x060c [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    23:27:04.0092 0x060c gupdatem - ok
    23:27:04.0123 0x060c [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    23:27:04.0123 0x060c gusvc - ok
    23:27:04.0170 0x060c [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    23:27:04.0170 0x060c hcw85cir - ok
    23:27:04.0232 0x060c [ 3530CAD25DEBA7DC7DE8BB51632CBC5F, 6706B8AD211A4B89B6571ACD227412026EAD87D71456B3EC6E7DD8FA15B997BE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    23:27:04.0248 0x060c HdAudAddService - ok
    23:27:04.0294 0x060c [ 717A2207FD6F13AD3E664C7D5A43C7BF, BF28A6F00B64FA0E801493E3289CFFD5E313E724DF7B5AB521C9E37A20890DCF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    23:27:04.0294 0x060c HDAudBus - ok
    23:27:04.0341 0x060c [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    23:27:04.0341 0x060c HidBatt - ok
    23:27:04.0388 0x060c [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    23:27:04.0404 0x060c HidBth - ok
    23:27:04.0560 0x060c [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    23:27:04.0560 0x060c HidIr - ok
    23:27:04.0684 0x060c [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\System32\hidserv.dll
    23:27:04.0684 0x060c hidserv - ok
    23:27:04.0778 0x060c [ 25072FB35AC90B25F9E4E3BACF774102, EBCE089947CC5A251A517CB91E81FCB948B18405FBACA04C874D4A48AF88676D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    23:27:04.0778 0x060c HidUsb - ok
    23:27:04.0872 0x060c [ 741C2A45CA8407E374AABA3E330B7872, FCF31C46297CFDF8240F0E783A61C8463FEDB1EF7A676AB89DFF0EAE9F3534B4 ] hkmsvc C:\Windows\system32\kmsvc.dll
    23:27:04.0887 0x060c hkmsvc - ok
    23:27:04.0903 0x060c [ A768CA158BB06782A2835B907F4873C3, EFF736C6BA38FB8FC8807286AB273E7274F505E8E59D952E8563DF77C412C5AE ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    23:27:04.0903 0x060c HomeGroupListener - ok
    23:27:04.0950 0x060c [ FB08DEC5EF43D0C66D83B8E9694E7549, 9C9ECE9E90F524791FC5DCE797BAE39605F966592126FF058BA3FA0BEFD07BEB ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    23:27:04.0950 0x060c HomeGroupProvider - ok
    23:27:05.0074 0x060c [ 08457D8F8149757C70CEA59C71EC5D27, DC89AB78F423950E1C1A6B64CE46E6395AA8F43456A70BE1D3A517F568068BA5 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    23:27:05.0090 0x060c hpqcxs08 - ok
    23:27:05.0121 0x060c [ 75CC8C5146A3FB76221A7606628778D5, 2FDD943E22E38083639DF61335DEFE9C38685158D8BF0528834C1B657DC1DE6F ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    23:27:05.0137 0x060c hpqddsvc - ok
    23:27:05.0168 0x060c [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
    23:27:05.0168 0x060c HpSAMD - ok
    23:27:05.0308 0x060c [ 83DB5DD8BE71CBA5447FBD7A48FDBEDA, D9F31BA67F96EB424AAA91C1CC23A74A74099F7AB0ABBBDE3B46A34C1481DFE6 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
    23:27:05.0340 0x060c HPSLPSVC - ok
    23:27:05.0419 0x060c [ C531C7FD9E8B62021112787C4E2C5A5A, 09205E2A5BFB6C623B312B8AC82F7F7CA8A922B1D9A0E3952BD3BA47BBE1F18C ] HTTP C:\Windows\system32\drivers\HTTP.sys
    23:27:05.0434 0x060c HTTP - ok
    23:27:05.0481 0x060c [ 8305F33CDE89AD6C7A0763ED0B5A8D42, A7CA4978DC1FF6105EA39124DF854F0B1FD478476B871ED0E018AF3AE2165282 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    23:27:05.0481 0x060c hwpolicy - ok
    23:27:05.0512 0x060c [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    23:27:05.0512 0x060c i8042prt - ok
    23:27:05.0606 0x060c [ 01446278D4563B3013C92830AE6CBB26, 68DB91660E46945CAD5AB9767A603D1B750899A0737C538551F01892E755F0ED ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    23:27:05.0606 0x060c iaStor - ok
    23:27:05.0684 0x060c [ 71F1A494FEDF4B33C02C4A6A28D6D9E9, 3AF6B8220E5081C79951979FE59E980C0309C826E201AE286D3B42CD2BA8145F ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    23:27:05.0699 0x060c iaStorV - ok
    23:27:05.0871 0x060c [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    23:27:05.0871 0x060c IDriverT - ok
    23:27:05.0965 0x060c [ 5AF815EB5BC9802E5A064E2BA62BFC0C, DC8CED05F623D30C57E8A7A382A219B4266C9C766ABF8A8D71783EACB8607B82 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    23:27:06.0043 0x060c idsvc - ok
    23:27:06.0448 0x060c [ 8266AE06DF974E5BA047B3E9E9E70B3F, 44E5A8EED802A1DDF3CCDB478A88A3AB3CF009F449FB11E0F94A28498342B4E2 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
    23:27:06.0635 0x060c igfx - ok
    23:27:06.0745 0x060c [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    23:27:06.0745 0x060c iirsp - ok
    23:27:06.0838 0x060c [ FAC0EE6562B121B1399D6E855583F7A5, 034C9EE9232EB2CE64297EC4BCBEB5DA443ED9176C436CC754EF84FFB4AD4B08 ] IKEEXT C:\Windows\System32\ikeext.dll
    23:27:06.0854 0x060c IKEEXT - ok
    23:27:07.0057 0x060c [ E4A2E810CB2607C9C159C0DFB0BD4C88, 9F84636D1096BD5EFEDC295D289241CCF3BE77C643C83F3C0F105791042D6A08 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
    23:27:07.0119 0x060c IntcAzAudAddService - ok
    23:27:07.0166 0x060c [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
    23:27:07.0166 0x060c intelide - ok
    23:27:07.0244 0x060c [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    23:27:07.0244 0x060c intelppm - ok
    23:27:07.0291 0x060c [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    23:27:07.0291 0x060c IPBusEnum - ok
    23:27:07.0322 0x060c [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    23:27:07.0337 0x060c IpFilterDriver - ok
    23:27:07.0384 0x060c [ 477397B432A256A50EE7E4339EB9EA14, 3722938E69D16962F773F39669E9B90279DC9527BBC63564B33C89DAFD283497 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    23:27:07.0400 0x060c iphlpsvc - ok
  9. McGixxer

    McGixxer TS Rookie Topic Starter

    23:27:07.0415 0x060c [ E4454B6C37D7FFD5649611F6496308A7, 5B2AA8C06076C9A1FF944E5EA07C29BA7FABEBB38E6BFB388ED46933EAC465FB ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
    23:27:07.0431 0x060c IPMIDRV - ok
    23:27:07.0462 0x060c [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    23:27:07.0462 0x060c IPNAT - ok
    23:27:07.0540 0x060c [ B21735A057ED5C2811B45DFCE067F4CD, 69D99AB0E5DA580012B6FA634A2DE34A9080411A96C93B6B9A3DC31D4B30BAE3 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    23:27:07.0587 0x060c iPod Service - ok
    23:27:07.0603 0x060c [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
    23:27:07.0603 0x060c IRENUM - ok
    23:27:07.0634 0x060c [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
    23:27:07.0634 0x060c isapnp - ok
    23:27:07.0696 0x060c [ ED46C223AE46C6866AB77CDC41C404B7, 1B2A4A3FF0E5F8F02717F20983D57612D62DFF809064A7E524700E7254BB7DB3 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    23:27:07.0696 0x060c iScsiPrt - ok
    23:27:07.0743 0x060c [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    23:27:07.0743 0x060c kbdclass - ok
    23:27:07.0759 0x060c [ 3D9F0EBF350EDCFD6498057301455964, B3CB5F0C045B06C86E683F3C67DC0D4E37AF16E20B189B05C926A5A7011438FB ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    23:27:07.0759 0x060c kbdhid - ok
    23:27:07.0774 0x060c [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] KeyIso C:\Windows\system32\lsass.exe
    23:27:07.0774 0x060c KeyIso - ok
    23:27:07.0883 0x060c [ 52FC17C8589F11747D01D3CF592673D0, 0D432F14DF6A0964947FADF4AFBCC195946A68230DC17FA610CC000BB0C921A7 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    23:27:07.0899 0x060c KSecDD - ok
    23:27:07.0946 0x060c [ 3E5474B03568CFAB834DA3C38E8C9EFA, 1223B99AD86905C34BC95C61DA894F36567F4A23EA7E32E955133C5B2FD558DB ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    23:27:07.0961 0x060c KSecPkg - ok
    23:27:08.0008 0x060c [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
    23:27:08.0024 0x060c KtmRm - ok
    23:27:08.0071 0x060c [ 8F6BF790D3168224C16F2AF68A84438C, CEEA0E38B746163A4110E157DAB50CC35A689A5BBC9B3691F2B9D3AE49B0D95E ] LanmanServer C:\Windows\System32\srvsvc.dll
    23:27:08.0086 0x060c LanmanServer - ok
    23:27:08.0117 0x060c [ B9891F885DCF1F0513A51CB58493CB1F, C883D243E1E7B7AEA031FB90FE4FCEED631F835DC95F9D9D60BC554E6EC358C2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    23:27:08.0117 0x060c LanmanWorkstation - ok
    23:27:08.0180 0x060c [ CB5D13966F74D7F000724A907F614193, 720374DE3C3E930B3C679DEF41A7073477F0C9C3156A0400F2F23672CCFCC981 ] libusb0 C:\Windows\system32\DRIVERS\libusb0.sys
    23:27:08.0180 0x060c libusb0 - ok
    23:27:08.0242 0x060c [ 6E5DAC168D1FF9843E84A59D51D31107, A847CFEB0D18E7865D483C74560DF67772DCB8EC22DB0F5910F3A68BFA9F3DCD ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    23:27:08.0242 0x060c LightScribeService - ok
    23:27:08.0305 0x060c [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    23:27:08.0305 0x060c lltdio - ok
    23:27:08.0367 0x060c [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    23:27:08.0367 0x060c lltdsvc - ok
    23:27:08.0383 0x060c [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
    23:27:08.0383 0x060c lmhosts - ok
    23:27:08.0429 0x060c [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    23:27:08.0429 0x060c LSI_FC - ok
    23:27:08.0476 0x060c [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    23:27:08.0476 0x060c LSI_SAS - ok
    23:27:08.0523 0x060c [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    23:27:08.0523 0x060c LSI_SAS2 - ok
    23:27:08.0554 0x060c [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    23:27:08.0554 0x060c LSI_SCSI - ok
    23:27:08.0585 0x060c [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
    23:27:08.0585 0x060c luafv - ok
    23:27:08.0632 0x060c [ E2B0887816ED336685954E3D8FDAA51D, 4DCB08ADC6A89DCA68D1285734B283B567888EF72249F6BBA73A63D1BD462466 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    23:27:08.0632 0x060c Mcx2Svc - ok
    23:27:08.0663 0x060c [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    23:27:08.0679 0x060c megasas - ok
    23:27:08.0710 0x060c [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    23:27:08.0726 0x060c MegaSR - ok
    23:27:08.0773 0x060c [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
    23:27:08.0773 0x060c MMCSS - ok
    23:27:08.0819 0x060c [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
    23:27:08.0819 0x060c Modem - ok
    23:27:08.0882 0x060c [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    23:27:08.0897 0x060c monitor - ok
    23:27:08.0944 0x060c [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    23:27:08.0944 0x060c mouclass - ok
    23:27:08.0975 0x060c [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    23:27:08.0991 0x060c mouhid - ok
    23:27:09.0007 0x060c [ 921C18727C5920D6C0300736646931C2, 19ACE502982E9C5B0134676102EAEE96675C9CA237E410DB36C389D6B4078301 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    23:27:09.0007 0x060c mountmgr - ok
    23:27:09.0100 0x060c [ 8072A7BB35D92CC621AC2605EEF79BC4, 68F61BE84A5032CEC24F04C90DACA1AE78F3744016389BE2345256B26E44E09A ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    23:27:09.0100 0x060c MpFilter - ok
    23:27:09.0147 0x060c [ 2AF5997438C55FB79D33D015C30E1974, E8F048A02FEB400C133D0BFC1659921E73B59549E3F7D2A13929901B87A1901F ] mpio C:\Windows\system32\DRIVERS\mpio.sys
    23:27:09.0163 0x060c mpio - ok
    23:27:09.0209 0x060c [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    23:27:09.0209 0x060c mpsdrv - ok
    23:27:09.0272 0x060c [ 5CD996CECF45CBC3E8D109C86B82D69E, ABE40DA4DA555D3D5054BE28BF82E775D90DCB9E31409DC95FABF2F016B17700 ] MpsSvc C:\Windows\system32\mpssvc.dll
    23:27:09.0287 0x060c MpsSvc - ok
    23:27:09.0319 0x060c [ B1BE47008D20E43DA3ADC37C24CDB89D, 6E8555E84B42E5098227B35EA5ABADF2CD3AC247B37CB9E9304FF67064EBE59B ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    23:27:09.0334 0x060c MRxDAV - ok
    23:27:09.0412 0x060c [ CA7570E42522E24324A12161DB14EC02, E4DA5EDC7CBCC9E601543071A49347A0AA3EB4EAC205E342A1F2768FD785D08F ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    23:27:09.0412 0x060c mrxsmb - ok
    23:27:09.0475 0x060c [ F965C3AB2B2AE5C378F4562486E35051, 5FFDD5531B98FF0EA19A901C4EE1CE6043C245A4BE5533A495E331B5834D696B ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    23:27:09.0490 0x060c mrxsmb10 - ok
    23:27:09.0521 0x060c [ 25C38264A3C72594DD21D355D70D7A5D, DCEF2DEBB1859FED6FC7A19D13A841B6B6CA10577E12F116D0EB2D2B8C72A4A1 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    23:27:09.0521 0x060c mrxsmb20 - ok
    23:27:09.0568 0x060c [ 4326D168944123F38DD3B2D9C37A0B12, 322AE93418BE3BA6B3E11C86431EC3F4B23CADC3B968B92978A08A7C0D0D8902 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
    23:27:09.0584 0x060c msahci - ok
    23:27:09.0599 0x060c [ 455029C7174A2DBB03DBA8A0D8BDDD9A, 614D71978B024109ADD9A7A74F74ABD5FAA1C36A2E859AF288398EAE7CD76DF2 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
    23:27:09.0599 0x060c msdsm - ok
    23:27:09.0631 0x060c [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
    23:27:09.0631 0x060c MSDTC - ok
    23:27:09.0662 0x060c [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
    23:27:09.0662 0x060c Msfs - ok
    23:27:09.0677 0x060c [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    23:27:09.0677 0x060c mshidkmdf - ok
    23:27:09.0693 0x060c [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
    23:27:09.0693 0x060c msisadrv - ok
    23:27:09.0755 0x060c [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    23:27:09.0755 0x060c MSiSCSI - ok
    23:27:09.0771 0x060c msiserver - ok
    23:27:09.0818 0x060c [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    23:27:09.0818 0x060c MSKSSRV - ok
    23:27:09.0880 0x060c [ 1EE3643D1AA747222427F63353611AD7, 18465E375485DF4E980121449077D5BA87C25C5FA8D86F40DA3B7BE153306766 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    23:27:09.0880 0x060c MsMpSvc - ok
    23:27:09.0911 0x060c [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    23:27:09.0927 0x060c MSPCLOCK - ok
    23:27:09.0943 0x060c [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    23:27:09.0943 0x060c MSPQM - ok
    23:27:09.0974 0x060c [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    23:27:09.0974 0x060c MsRPC - ok
    23:27:10.0036 0x060c [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    23:27:10.0036 0x060c mssmbios - ok
    23:27:10.0067 0x060c [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    23:27:10.0067 0x060c MSTEE - ok
    23:27:10.0067 0x060c [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    23:27:10.0083 0x060c MTConfig - ok
    23:27:10.0099 0x060c [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
    23:27:10.0099 0x060c Mup - ok
    23:27:10.0161 0x060c [ 80284F1985C70C86F0B5F86DA2DFE1DF, 424A5BBC28C72DA0DBABEB9E423B8C409754CD1BA3DFC9E174BF22D8BCE1BE63 ] napagent C:\Windows\system32\qagentRT.dll
    23:27:10.0161 0x060c napagent - ok
    23:27:10.0208 0x060c [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    23:27:10.0223 0x060c NativeWifiP - ok
    23:27:10.0286 0x060c [ 23759D175A0A9BAAF04D05047BC135A8, 2C8C553B4E1ED3A644F619F16BCEDD5A3C6D74A17E6E75A3E740E06B1D636348 ] NDIS C:\Windows\system32\drivers\ndis.sys
    23:27:10.0364 0x060c NDIS - ok
    23:27:10.0395 0x060c [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    23:27:10.0395 0x060c NdisCap - ok
    23:27:10.0426 0x060c [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    23:27:10.0426 0x060c NdisTapi - ok
    23:27:10.0457 0x060c [ B30AE7F2B6D7E343B0DF32E6C08FCE75, 39BBBF7AF886732CB9ED3E6C06DA4318554089F3BEA74C74328FE1C6EF68E70B ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    23:27:10.0457 0x060c Ndisuio - ok
    23:27:10.0473 0x060c [ 267C415EADCBE53C9CA873DEE39CF3A4, BAA8626BDA7B68176B19A99FBBD40FB2A774C8F44B56F9FFB99A1F5C16A1C555 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    23:27:10.0473 0x060c NdisWan - ok
    23:27:10.0489 0x060c [ AF7E7C63DCEF3F8772726F86039D6EB4, 1CFDED48E8844138864786DBF9D5519162A6DB28F885A781934E8AFBD52EAC50 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    23:27:10.0489 0x060c NDProxy - ok
    23:27:10.0535 0x060c [ 69C503C004F49AEE8B8E3067CC047BA7, 0E7A2FB0CC7669E6400EDA4D2220BBB1A85CF3D3529739DA5AE2C073FFA08313 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
    23:27:10.0535 0x060c Net Driver HPZ12 - ok
    23:27:10.0598 0x060c [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    23:27:10.0598 0x060c NetBIOS - ok
    23:27:10.0629 0x060c [ DD52A733BF4CA5AF84562A5E2F963B91, 5CEB9664CED3D120F5408A12035748728710D41090A289CF66023CED4C838A1F ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    23:27:10.0629 0x060c NetBT - ok
    23:27:10.0660 0x060c [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] Netlogon C:\Windows\system32\lsass.exe
    23:27:10.0676 0x060c Netlogon - ok
    23:27:10.0738 0x060c [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
    23:27:10.0754 0x060c Netman - ok
    23:27:10.0832 0x060c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    23:27:10.0879 0x060c NetMsmqActivator - ok
    23:27:10.0894 0x060c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    23:27:10.0894 0x060c NetPipeActivator - ok
    23:27:10.0972 0x060c [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
    23:27:10.0988 0x060c netprofm - ok
    23:27:11.0019 0x060c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    23:27:11.0019 0x060c NetTcpActivator - ok
    23:27:11.0035 0x060c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    23:27:11.0035 0x060c NetTcpPortSharing - ok
    23:27:11.0097 0x060c [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    23:27:11.0097 0x060c nfrd960 - ok
    23:27:11.0175 0x060c [ FCBC2F48430EB0D7150A6521C0B84ACA, EEFB975E2D1121EE9E93702F2CA2938C99C6B2273616C85816BA15E857E8D4FF ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    23:27:11.0175 0x060c NisDrv - ok
    23:27:11.0237 0x060c [ E4AA07F8BCBCB66EF115C443CD45C7A2, 3B538D9E376F12FC8589BA500BB5E859337CF1856D0E4AA66E2E3B5E301DAEC5 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    23:27:11.0253 0x060c NisSrv - ok
    23:27:11.0315 0x060c [ 2226496E34BD40734946A054B1CD657F, 98392D98C9213822268971432BB55047ABD8B4EBD42483FA69BF50FB8FAD64A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
    23:27:11.0315 0x060c NlaSvc - ok
    23:27:11.0409 0x060c [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    23:27:11.0409 0x060c Npfs - ok
    23:27:11.0471 0x060c [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
    23:27:11.0471 0x060c nsi - ok
    23:27:11.0487 0x060c [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    23:27:11.0487 0x060c nsiproxy - ok
    23:27:11.0581 0x060c [ A8F59428E9F361C7AC42A94AC1560BC9, 5B056375C8D21E7AE9E2EAC2EF62F5A2D6D0DBB52DD2FC34F9CC35F55C6766A6 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    23:27:11.0627 0x060c Ntfs - ok
    23:27:11.0659 0x060c [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
    23:27:11.0659 0x060c Null - ok
    23:27:11.0674 0x060c [ F1B0BED906F97E16F6D0C3629D2F21C6, 563DE1AF0BE884264FD0D17AAA92EA32A2EACDF1E6C56D038773919D731E110C ] nvraid C:\Windows\system32\drivers\nvraid.sys
    23:27:11.0690 0x060c nvraid - ok
    23:27:11.0721 0x060c [ 4520B63899E867F354EE012D34E11536, BDFF1033609834F44B0EDBE8B360FD7977D027034C469862385736AEFE8832B7 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    23:27:11.0721 0x060c nvstor - ok
    23:27:11.0752 0x060c [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
    23:27:11.0752 0x060c nv_agp - ok
    23:27:11.0846 0x060c [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    23:27:11.0877 0x060c odserv - ok
    23:27:11.0908 0x060c [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    23:27:11.0908 0x060c ohci1394 - ok
    23:27:11.0939 0x060c [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    23:27:11.0939 0x060c ose - ok
    23:27:12.0189 0x060c [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    23:27:12.0423 0x060c osppsvc - ok
    23:27:12.0501 0x060c [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    23:27:12.0517 0x060c p2pimsvc - ok
    23:27:12.0563 0x060c [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
    23:27:12.0579 0x060c p2psvc - ok
    23:27:12.0610 0x060c [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
    23:27:12.0610 0x060c Parport - ok
    23:27:12.0751 0x060c [ 66D3415C159741ADE7038A277EFFF99F, D9853845FE495A546328986718074373EAB0F59538CFE7E604B1A94C8CBE7140 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    23:27:12.0751 0x060c partmgr - ok
    23:27:12.0797 0x060c [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
    23:27:12.0813 0x060c Parvdm - ok
    23:27:12.0844 0x060c [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
    23:27:12.0844 0x060c PcaSvc - ok
    23:27:12.0875 0x060c [ C858CB77C577780ECC456A892E7E7D0F, 21AE545B736739DE5A7B02CF227516BA6D02B1AAAECD8CC516CCF9F1FD710BCF ] pci C:\Windows\system32\DRIVERS\pci.sys
    23:27:12.0875 0x060c pci - ok
    23:27:12.0907 0x060c [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\DRIVERS\pciide.sys
    23:27:12.0907 0x060c pciide - ok
    23:27:12.0938 0x060c [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    23:27:12.0938 0x060c pcmcia - ok
    23:27:12.0953 0x060c [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
    23:27:12.0953 0x060c pcw - ok
    23:27:13.0000 0x060c [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    23:27:13.0016 0x060c PEAUTH - ok
    23:27:13.0094 0x060c [ 28F7FFFF50C474CF8BE16A2CACC7CE42, E17F79BD51BED437A02F2E48A73E1DB668D8173996C2193DE15643FE2251E8E7 ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
    23:27:13.0094 0x060c PGEffect - ok
    23:27:13.0203 0x060c [ 9C1BFF7910C89A1D12E57343475840CB, 62E00E1278BD263B2AC8CB803C31F2818C54DB143C49470FAD07731E04BD2DE3 ] pla C:\Windows\system32\pla.dll
    23:27:13.0297 0x060c pla - ok
    23:27:13.0343 0x060c [ 71DEF5EC79774C798342D0EA16E41780, 5B5A365E57A7ACE3C4EDA1D891BD613879B284831E8253FDE498E40B2091E3B6 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    23:27:13.0359 0x060c PlugPlay - ok
    23:27:13.0421 0x060c [ 12B4549D515CB26BB8D375038017CA65, B09ED2BED994D2B04862BBF62EF56F110235D3489D3B1762432F22A3A8F97BB8 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
    23:27:13.0421 0x060c Pml Driver HPZ12 - ok
    23:27:13.0453 0x060c [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    23:27:13.0453 0x060c PNRPAutoReg - ok
    23:27:13.0515 0x060c [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    23:27:13.0515 0x060c PNRPsvc - ok
    23:27:13.0577 0x060c [ 48E1B75C6DC0232FD92BAAE4BD344721, 5BA4EB5A60725836D8085EABF87F51160BA57E318A0C4378410217911A393CE7 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    23:27:13.0577 0x060c PolicyAgent - ok
    23:27:13.0624 0x060c [ DBFF83F709A91049621C1D35DD45C92C, 0A722A44F431CAB5EA77FF5F25EB6975C2111B605564FF9FB59751067E7CD3A7 ] Power C:\Windows\system32\umpo.dll
    23:27:13.0640 0x060c Power - ok
    23:27:13.0687 0x060c [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    23:27:13.0687 0x060c PptpMiniport - ok
    23:27:13.0702 0x060c [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
    23:27:13.0718 0x060c Processor - ok
    23:27:13.0796 0x060c [ AEA3BDBDBA667AA6F678CB38907E4F5E, AB698DCA117F8D5F22F9CD8D7884147BAB4E0C055B8A487BC035C18ED1634752 ] ProfSvc C:\Windows\system32\profsvc.dll
    23:27:13.0796 0x060c ProfSvc - ok
    23:27:13.0827 0x060c [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] ProtectedStorage C:\Windows\system32\lsass.exe
    23:27:13.0827 0x060c ProtectedStorage - ok
    23:27:13.0889 0x060c [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    23:27:13.0889 0x060c Psched - ok
    23:27:13.0921 0x060c [ 49452BFCEC22F36A7A9B9C2181BC3042, C01A2005E9897B142FF9BC6155770F70C19725C425E48D14239195E81E2E42D0 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
    23:27:13.0921 0x060c PxHelp20 - ok
    23:27:13.0983 0x060c [ 291E76C02C0994E4E6F1F97A4BCF6C0E, A0EB0354E41C7EAEE50128EA57336A62D332F7745AE9E9F0207C4CE8764C31A1 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    23:27:13.0983 0x060c QBCFMonitorService - ok
    23:27:14.0045 0x060c [ 6BEE1814470DC12FA20C53DFC3C97EBB, 91E8C22E54A090966E9B96395392B2C03A32DB1AF8DB2289E2EA9460F0A76C0F ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    23:27:14.0061 0x060c QBFCService - ok
    23:27:14.0170 0x060c [ 1F3EB5363F467AAD7CA467AE26D0E8C4, 9D0B39C0EB09918590190650A711A639F7186B60B2770C0CEE3DFE0DE60CABE9 ] QBVSS C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
    23:27:14.0201 0x060c QBVSS - ok
    23:27:14.0326 0x060c [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    23:27:14.0389 0x060c ql2300 - ok
    23:27:14.0451 0x060c [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    23:27:14.0451 0x060c ql40xx - ok
    23:27:14.0513 0x060c [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
    23:27:14.0513 0x060c QWAVE - ok
    23:27:14.0560 0x060c [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    23:27:14.0560 0x060c QWAVEdrv - ok
    23:27:14.0607 0x060c [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    23:27:14.0607 0x060c RasAcd - ok
    23:27:14.0701 0x060c [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    23:27:14.0701 0x060c RasAgileVpn - ok
    23:27:14.0732 0x060c [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
    23:27:14.0747 0x060c RasAuto - ok
    23:27:14.0794 0x060c [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    23:27:14.0794 0x060c Rasl2tp - ok
    23:27:14.0810 0x060c [ 0CE66EC736B7FC526D78F7624C7D2A94, D70B45AA413691CF84B24E966EBA1689955E54BDDA206380CAB7CD50F56D5CEB ] RasMan C:\Windows\System32\rasmans.dll
    23:27:14.0825 0x060c RasMan - ok
    23:27:14.0841 0x060c [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    23:27:14.0841 0x060c RasPppoe - ok
    23:27:14.0903 0x060c [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    23:27:14.0903 0x060c RasSstp - ok
    23:27:14.0935 0x060c [ 835D7E81BF517A3B72384BDCC85E1CE6, DC855AF17150C1B27926293115C01B5E1FD00FABCE18AFAEAB3DC68BDE4C908B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    23:27:14.0935 0x060c rdbss - ok
    23:27:14.0981 0x060c [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    23:27:14.0981 0x060c rdpbus - ok
    23:27:15.0013 0x060c [ 1E016846895B15A99F9A176A05029075, 78AE674B6E7D3A69099B24AC07E06563A4C867F9DCD8548E4DAAE6FC5ACA4E29 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    23:27:15.0013 0x060c RDPCDD - ok
    23:27:15.0044 0x060c [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    23:27:15.0044 0x060c RDPENCDD - ok
    23:27:15.0091 0x060c [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    23:27:15.0091 0x060c RDPREFMP - ok
    23:27:15.0153 0x060c [ C5B8D47A4688DE9D335204EA757C2240, 2F646466120911B0CA0E331B4959A470E18DFD51C8FAAB69BE0461C31D52DBBE ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    23:27:15.0169 0x060c RDPWD - ok
    23:27:15.0231 0x060c [ 35045BC673E74FE0E8AA89BC16D50FBB, E433CE2809E9E0BE3131D477B1CC3A96416DC3BB8CCE4774F56C3E72FCCC3A72 ] rdsdrvdm C:\Windows\system32\DRIVERS\rdsdrvdm.sys
    23:27:15.0231 0x060c rdsdrvdm - ok
    23:27:15.0309 0x060c [ 4EA225BF1CF05E158853F30A99CA29A7, F211480F13E2FE36C31110AE67ABE74E9D572D3A36BEEDE29E14ECBD8C246878 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    23:27:15.0309 0x060c rdyboost - ok
    23:27:15.0403 0x060c [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
    23:27:15.0403 0x060c RemoteAccess - ok
    23:27:15.0481 0x060c [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
    23:27:15.0481 0x060c RemoteRegistry - ok
    23:27:15.0512 0x060c [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    23:27:15.0512 0x060c RpcEptMapper - ok
    23:27:15.0543 0x060c [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
    23:27:15.0559 0x060c RpcLocator - ok
    23:27:15.0637 0x060c [ 675C575444AAFD56B4E8A99EF8A570CD, 22B068C69B4FA360601250E003DCBB96FED30966A4D01D29ACAE7A6687C25B6D ] rpcnet C:\Windows\system32\rpcnet.exe
    23:27:15.0637 0x060c rpcnet - ok
  10. McGixxer

    McGixxer TS Rookie Topic Starter

    Part 3

    23:27:15.0683 0x060c [ B82CD39E336973359D7C9BF911E8E84F, 45DB8F1E88FC25A81D2F3C2F8A8CDB6B34C44950B038E24FB71DCDD9823DB22A ] RpcSs C:\Windows\system32\rpcss.dll
    23:27:15.0699 0x060c RpcSs - ok
    23:27:15.0902 0x060c RSELSVC - ok
    23:27:15.0980 0x060c [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    23:27:15.0980 0x060c rspndr - ok
    23:27:16.0089 0x060c [ EF8B2AFC3C0751C5E5A59983C8893260, F612ACAD35F6ECC6596003D052B240B7688016FD5D82978727DD408DF36104F3 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
    23:27:16.0089 0x060c RSUSBSTOR - ok
    23:27:16.0167 0x060c [ D5EDE44CA85899E0478208C8413C1C31, 341BACF35E24745134167CB5D03E24E9B61B083D06086DFDAC20F9F9F4603751 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
    23:27:16.0167 0x060c RTL8167 - ok
    23:27:16.0292 0x060c [ 470253597930E765DD08B30E723C1FA2, A39E48ED2130D3DB00010F3B8A2F688AA928A1E02064171FFD64F7F0BF402C59 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
    23:27:16.0292 0x060c RTL8169 - ok
    23:27:16.0401 0x060c [ 949F74CB383A1D5DA67AEA9CCD4A8B87, F3FE508A5EE5AE86351ECB8971651EF1B75CAC4B7CF68EEBE2846285DCAA2099 ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys
    23:27:16.0417 0x060c RTL8187B - ok
    23:27:17.0026 0x060c [ 0D60B8C10A2C5E8DD620B3FDEB1CDA64, CC7BBB3B177559190E425F33E00CDA153C87B47AFAA8330361BC6ADA26B2C97B ] RtlProt C:\Windows\system32\DRIVERS\rtlprot.sys
    23:27:17.0026 0x060c RtlProt - ok
    23:27:17.0198 0x060c RtsUIR - ok
    23:27:17.0213 0x060c [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] SamSs C:\Windows\system32\lsass.exe
    23:27:17.0213 0x060c SamSs - ok
    23:27:17.0276 0x060c [ 34EE0C44B724E3E4CE2EFF29126DE5B5, D27AAF77CB8830893558A600E19CDBF9A6AA7D69DE4B34F317ED4AFD38E8CAFB ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
    23:27:17.0276 0x060c sbp2port - ok
    23:27:17.0400 0x060c [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    23:27:17.0400 0x060c SCardSvr - ok
    23:27:17.0432 0x060c [ A95C54B2AC3CC9C73FCDF9E51A1D6B51, 8C0189A6AF9AEC46CBA4DA422C52B2D3E4858B2F2658DB6CA7996B5F368D2503 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    23:27:17.0432 0x060c scfilter - ok
    23:27:17.0650 0x060c [ DF1E5C82E4D09CF8105CC644980C4803, 36BB8402B29466CF1AE5BD56ED6CF6FE47DE162ADF04D44E2BCEA168CB0BD4D4 ] Schedule C:\Windows\system32\schedsvc.dll
    23:27:17.0744 0x060c Schedule - ok
    23:27:17.0822 0x060c [ 628A9E30EC5E18DD5DE6BE4DBDC12198, DDA43DCCB195440D6BD5752BD00D984F45BD6D23DBE2A656C33E3CD1E5D17AD7 ] SCPolicySvc C:\Windows\System32\certprop.dll
    23:27:17.0822 0x060c SCPolicySvc - ok
    23:27:17.0915 0x060c [ 5FD90ABDBFAEE85986802622CBB03446, 0A8D9DC09C2ACA9EAABED04737E9EBF6EFB92BB2B9E5F37F10BFDF47CBF7DEDB ] SDRSVC C:\Windows\System32\SDRSVC.dll
    23:27:17.0931 0x060c SDRSVC - ok
    23:27:18.0071 0x060c [ CC781378E7EDA615D2CDCA3B17829FA4, 137BF83A2A3D69335AD031B8D73473526F782CB8917A34B3CD92F923E7660F2A ] SeaPort C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    23:27:18.0071 0x060c SeaPort - ok
    23:27:18.0134 0x060c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    23:27:18.0134 0x060c secdrv - ok
    23:27:18.0134 0x060c [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
    23:27:18.0149 0x060c seclogon - ok
    23:27:18.0243 0x060c [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\system32\sens.dll
    23:27:18.0243 0x060c SENS - ok
    23:27:18.0305 0x060c [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    23:27:18.0305 0x060c SensrSvc - ok
    23:27:18.0321 0x060c [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    23:27:18.0321 0x060c Serenum - ok
    23:27:18.0368 0x060c [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
    23:27:18.0368 0x060c Serial - ok
    23:27:18.0399 0x060c [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    23:27:18.0414 0x060c sermouse - ok
    23:27:18.0477 0x060c [ 8F55CE568C543D5ADF45C409D16718FC, 64D45854A91B656C1AF36EB272FDC54E9B5FB0200CB93E20F7D997DDA109EF7F ] SessionEnv C:\Windows\system32\sessenv.dll
    23:27:18.0477 0x060c SessionEnv - ok
    23:27:18.0524 0x060c [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
    23:27:18.0524 0x060c sffdisk - ok
    23:27:18.0555 0x060c [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
    23:27:18.0570 0x060c sffp_mmc - ok
    23:27:18.0586 0x060c [ A0708BBD07D245C06FF9DE549CA47185, 6A95ACD63A3E7CE6065D0A8B5C182C5B3F4540B8345AB5DCCBD3AC77E9D6CEAC ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
    23:27:18.0586 0x060c sffp_sd - ok
    23:27:18.0602 0x060c [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    23:27:18.0602 0x060c sfloppy - ok
    23:27:18.0664 0x060c [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
    23:27:18.0664 0x060c SharedAccess - ok
    23:27:18.0695 0x060c [ CD2E48FA5B29EE2B3B5858056D246EF2, B743F92D0121CF3D827753C85F1F5A14C2DAA1CAFD42C7810C3BECB853DB6175 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    23:27:18.0695 0x060c ShellHWDetection - ok
    23:27:18.0742 0x060c [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
    23:27:18.0742 0x060c sisagp - ok
    23:27:18.0804 0x060c [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    23:27:18.0804 0x060c SiSRaid2 - ok
    23:27:18.0851 0x060c [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    23:27:18.0851 0x060c SiSRaid4 - ok
    23:27:18.0882 0x060c [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    23:27:18.0898 0x060c Smb - ok
    23:27:18.0929 0x060c [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    23:27:18.0929 0x060c SNMPTRAP - ok
    23:27:18.0929 0x060c [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
    23:27:18.0945 0x060c spldr - ok
    23:27:19.0038 0x060c [ E17323B0AA9FB3FF9945731D736EDA2F, 65837FC6329A4B2B042B0CDB04F139CA14C2BD1EE0CDB2C7705431E9D97D0597 ] Spooler C:\Windows\System32\spoolsv.exe
    23:27:19.0038 0x060c Spooler - ok
    23:27:19.0226 0x060c [ 4C287F9069FEDBD791178876EE9DE536, 6099E76FF6FBA002EBA2BA7BE4E3238D91332E077524D1DD402E0C9ADA22E852 ] sppsvc C:\Windows\system32\sppsvc.exe
    23:27:19.0288 0x060c sppsvc - ok
    23:27:19.0335 0x060c [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7, E7A8A5774C62DC12B56DC3E0A385ACA9069F3A5E6AC664AD0C383EF44DCF81B3 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    23:27:19.0350 0x060c sppuinotify - ok
    23:27:19.0428 0x060c [ C4A027B8C0BD3FC0699F41FA5E9E0C87, A709BD7DDF0ACA5CF65B5A541FC6013FF86181138B86D1BF631E4BF5F4F2E266 ] srv C:\Windows\system32\DRIVERS\srv.sys
    23:27:19.0428 0x060c srv - ok
    23:27:19.0491 0x060c [ 414BB592CAD8A79649D01F9D94318FB3, 093F52568B48E94B6C53F2E7F229416B8643DD9CEBB3E41601C64E932E3098F3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    23:27:19.0506 0x060c srv2 - ok
    23:27:19.0569 0x060c [ FF207D67700AA18242AAF985D3E7D8F4, CFB36B6AA3D6915D23654FB11E848EC47DA8346F47151BE66967E51101FD4222 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    23:27:19.0569 0x060c srvnet - ok
    23:27:19.0616 0x060c [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    23:27:19.0616 0x060c SSDPSRV - ok
    23:27:19.0662 0x060c [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
    23:27:19.0678 0x060c SstpSvc - ok
    23:27:19.0725 0x060c [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    23:27:19.0725 0x060c stexstor - ok
    23:27:19.0772 0x060c [ EDB05BD63148796F23EA78506404A538, 8EBF623D3DEB6CCAC75AAFCF8B23271029A28BE29D459088E40FBF109E80AA17 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
    23:27:19.0787 0x060c StillCam - ok
    23:27:19.0865 0x060c [ A22825E7BB7018E8AF3E229A5AF17221, 5C97557F8BC6ABBB5BE624AE41AAC22C3D845F76C3E930337A4C07B2381086D7 ] StiSvc C:\Windows\System32\wiaservc.dll
    23:27:19.0881 0x060c StiSvc - ok
    23:27:19.0912 0x060c [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    23:27:19.0928 0x060c swenum - ok
    23:27:19.0990 0x060c [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
    23:27:20.0006 0x060c swprv - ok
    23:27:20.0052 0x060c [ 8FE2C9649FFE62143965F8D16B08BE28, 3E6C325CA62059859AE6902ED30C9AB09A8B0E889052AE4210A6A84EF7659FD0 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    23:27:20.0068 0x060c SynTP - ok
    23:27:20.0162 0x060c [ 04105C8DA62353589C29BDAEB8D88BD8, CC7A3A779A143E09FE5C0AA6795A7B13496C4E121347949CB23F7946EE5E2DED ] SysMain C:\Windows\system32\sysmain.dll
    23:27:20.0193 0x060c SysMain - ok
    23:27:20.0208 0x060c [ FCFB6C552FBC0DA299799CBD50AD9FD4, A2A90829087B1A7F9B57D6F184EB4AE38D10B2986B0DC8D2ACA5EE9412CA3976 ] TabletInputService C:\Windows\System32\TabSvc.dll
    23:27:20.0224 0x060c TabletInputService - ok
    23:27:20.0255 0x060c [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF, FF66CBA014F3F8B721088F5AB3D004C1711E7F587CC8D4AC3DCFB45CDB746800 ] TapiSrv C:\Windows\System32\tapisrv.dll
    23:27:20.0271 0x060c TapiSrv - ok
    23:27:20.0286 0x060c [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
    23:27:20.0302 0x060c TBS - ok
    23:27:21.0488 0x060c [ BBCEAEFF1FD72A026F827CBB2F4AA8AD, D06B2B340BFF9AB71E2EC1B808079A43A09358495CB583840D79454D4BB1654E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    23:27:21.0534 0x060c Tcpip - ok
    23:27:21.0581 0x060c [ BBCEAEFF1FD72A026F827CBB2F4AA8AD, D06B2B340BFF9AB71E2EC1B808079A43A09358495CB583840D79454D4BB1654E ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    23:27:21.0612 0x060c TCPIP6 - ok
    23:27:21.0675 0x060c [ E64444523ADD154F86567C469BC0B17F, FBE8A1DC28C102068183754F6BF0D03F5D18FD24BEB7E4B57D1CFCEBB13B381F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    23:27:21.0675 0x060c tcpipreg - ok
    23:27:21.0722 0x060c [ 4084EA00D50C858D6F9038F86AE2E2D0, FD7C34311B7F700C7C93B9A8A59D507C53ADF874651C6979979EDF5E21C32FD5 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
    23:27:21.0722 0x060c tdcmdpst - ok
    23:27:21.0737 0x060c [ 1875C1490D99E70E449E3AFAE9FCBADF, FFDF03826DAB748D51B53B648B632E79B3CD6238F684FDEA749B4D0F93BE5A77 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    23:27:21.0737 0x060c TDPIPE - ok
    23:27:21.0784 0x060c [ 7156308896D34EA75A582F9A09E50C17, B5663B4035EE4D7957D2EDB4F9D3342806CB0E094D9661C6BD6AFC031160F176 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    23:27:21.0784 0x060c TDTCP - ok
    23:27:21.0815 0x060c [ CB39E896A2A83702D1737BFD402B3542, FA77D98EA3606CA2FCEF0E0949FDE2C32A080B47CAFDE46CE903CA3CBFC5DF35 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    23:27:21.0815 0x060c tdx - ok
    23:27:21.0846 0x060c [ C36F41EE20E6999DBF4B0425963268A5, 9DB789A17DF2C283D6E803EEA15F2BDFC56EE3BE342A5606DD5C179C3550ECA6 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    23:27:21.0846 0x060c TermDD - ok
    23:27:21.0909 0x060c [ A01E50A04D7B1960B33E92B9080E6A94, 0512BF11F2FD62BDBD2B1AA34D509BE82AC374C37B925C8C0ED119C6331930FD ] TermService C:\Windows\System32\termsrv.dll
    23:27:21.0940 0x060c TermService - ok
    23:27:21.0971 0x060c [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
    23:27:21.0971 0x060c Themes - ok
    23:27:21.0987 0x060c [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
    23:27:21.0987 0x060c THREADORDER - ok
    23:27:22.0065 0x060c [ FB8448D1B0DA00D70C28ADF9282B31BB, 7342DE5FBCFE6D1B0E916030176A485E8BFD65CD52640807082294D146697DDC ] TMachInfo C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    23:27:22.0065 0x060c TMachInfo - ok
    23:27:22.0127 0x060c [ FE65D33B7D4FF07DD1D29526A48DF810, E595370FD907734BC24263661C58F9AF7BDAEAE3BABED65A6C0EF837E17A7F68 ] TODDSrv C:\Windows\system32\TODDSrv.exe
    23:27:22.0127 0x060c TODDSrv - ok
    23:27:22.0205 0x060c [ 4D689051684EB542187395DC14F28A7F, 6A576E11396D33ED6A1D30CC9E60A2A4019E1C61684E7641A30DA1F84C27CFE4 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
    23:27:22.0205 0x060c TOSHIBA eco Utility Service - ok
    23:27:22.0236 0x060c [ 94ECABE1BA3559214FE6C3CE6C9677EB, A192E7059297FA18E0FF5B3249D5C367365998ABCFFFEF84B7FE6EDF28AC6103 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    23:27:22.0252 0x060c TOSHIBA HDD SSD Alert Service - ok
    23:27:22.0299 0x060c [ 969377943FE7284609BABBAB4E06B93C, 401ABFF0F2157730F8188E1C02C947EB62E9E0BE87DF260C4BCE74F5E8C08A46 ] tos_sps32 C:\Windows\system32\DRIVERS\tos_sps32.sys
    23:27:22.0314 0x060c tos_sps32 - ok
    23:27:22.0392 0x060c [ 507759E00572524834940DAE5CAFF007, 727552F1B37B556049BE6C220C2C744AE84161F67AE839B73917DB5D3FC47088 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    23:27:22.0408 0x060c TPCHSrv - ok
    23:27:22.0486 0x060c [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
    23:27:22.0502 0x060c TrkWks - ok
    23:27:22.0595 0x060c [ 41A4C781D2286208D397D72099304133, 447CAAD5589AA499EEE49FBA2CB53210359DB76AFF1DF2F0BD4D92A397037C1D ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    23:27:22.0611 0x060c TrustedInstaller - ok
    23:27:22.0642 0x060c [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242, 9606DACB8CBDAF520282BE8C8F064535767405F138D9E9A215D2C59183E93CC1 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    23:27:22.0642 0x060c tssecsrv - ok
    23:27:22.0689 0x060c [ 3E461D890A97F9D4C168F5FDA36E1D00, 82A8778F404F7AC5102802CF46F279F1E58AC74244665D06FD0C68A8BD887536 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    23:27:22.0689 0x060c tunnel - ok
    23:27:22.0736 0x060c [ FC24015B4052600C324C43E3A79C0664, 908DFC8490079FB3178DEF9D3A712F22E4E39D65092401D1003925FCF65EE4DB ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
    23:27:22.0751 0x060c TVALZ - ok
    23:27:22.0798 0x060c [ 009AECD4C19209B09669A6615EA1E889, 58AEB6CEA36EB5B5A1F22392382773E812D22967C9A107FE03A43C899DBF6DD6 ] TVALZFL C:\Windows\system32\DRIVERS\TVALZFL.sys
    23:27:22.0798 0x060c TVALZFL - ok
    23:27:22.0845 0x060c [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    23:27:22.0860 0x060c uagp35 - ok
    23:27:22.0923 0x060c [ 09CC3E16F8E5EE7168E01CF8FCBE061A, 81EEAC72A7C4D72666C743DEFF8096FDB465AA1FA8076C60D19CC192846F01CA ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    23:27:22.0923 0x060c udfs - ok
    23:27:22.0970 0x060c [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
    23:27:22.0970 0x060c UI0Detect - ok
    23:27:23.0001 0x060c [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
    23:27:23.0001 0x060c uliagpkx - ok
    23:27:23.0048 0x060c [ 049B3A50B3D646BAEEEE9EEC9B0668DC, 5774438BBD0976424C20559E14BA2AC158D9FF5D4E1FDC1C9C9F4D7A5CE8C377 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    23:27:23.0048 0x060c umbus - ok
    23:27:23.0094 0x060c [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    23:27:23.0094 0x060c UmPass - ok
    23:27:23.0141 0x060c [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
    23:27:23.0157 0x060c upnphost - ok
    23:27:23.0219 0x060c [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
    23:27:23.0219 0x060c USBAAPL - ok
    23:27:23.0266 0x060c [ C31AE588E403042632DC796CF09E30B0, 3EA64F9637D6F0AFC9DA70775AC6598828CB289BC1F7B028B3CC22878A443F30 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    23:27:23.0266 0x060c usbccgp - ok
    23:27:23.0266 0x060c USBCCID - ok
    23:27:23.0297 0x060c [ 04EC7CEC62EC3B6D9354EEE93327FC82, 6CB41D8644618A5F701F6CA91FB65BB94AA83EA48992133B5262DC539B334B2E ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
    23:27:23.0297 0x060c usbcir - ok
    23:27:23.0344 0x060c [ E4C436D914768CE965D5E659BA7EEBD8, 4FE0B360D2FE4C8B1D3FA5BD9A0E24CA6C186CD99B72EA58F6B669FABB0B1269 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    23:27:23.0360 0x060c usbehci - ok
    23:27:23.0406 0x060c [ BDCD7156EC37448F08633FD899823620, 557A6E8B1CD43213FCCB247DEC9EEBC12F263DA13CFF72DEE724E830F7F22C33 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    23:27:23.0422 0x060c usbhub - ok
    23:27:23.0469 0x060c [ EB2D819A639015253C871CDA09D91D58, E65757F3D162F26012BF9E16ECA0688BBCAE633AFFD1CE07083A3306376A4E82 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    23:27:23.0469 0x060c usbohci - ok
    23:27:23.0500 0x060c [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    23:27:23.0500 0x060c usbprint - ok
    23:27:23.0562 0x060c [ 576096CCBC07E7C4EA4F5E6686D6888F, 8C643F43BD0017979548389C4DB36A1EE872CCF19C86FAE3752A4989173E28ED ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    23:27:23.0562 0x060c usbscan - ok
    23:27:23.0578 0x060c [ 1C4287739A93594E57E2A9E6A3ED7353, FCA7D01D7A699B2C3514FD30D534C9ABA975D4AC2543546D94BEB224834BCA54 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    23:27:23.0578 0x060c USBSTOR - ok
    23:27:23.0625 0x060c [ 22480BF4E5A09192E5E30BA4DDE79FA4, E5CB29CD419009AC0F641E50E8B0E0B7FF6AD68ADB48A959FFD07A37FCF7B9BE ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    23:27:23.0625 0x060c usbuhci - ok
    23:27:23.0687 0x060c [ B5F6A992D996282B7FAE7048E50AF83A, CE8A3096DB78BD7E660A7B544AD3EE25AE747B3A63359D55B480B7FF1B6BEE8B ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    23:27:23.0703 0x060c usbvideo - ok
    23:27:23.0734 0x060c [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
    23:27:23.0734 0x060c UxSms - ok
    23:27:23.0765 0x060c [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] VaultSvc C:\Windows\system32\lsass.exe
    23:27:23.0765 0x060c VaultSvc - ok
    23:27:23.0796 0x060c [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
    23:27:23.0796 0x060c vdrvroot - ok
    23:27:23.0843 0x060c [ 8C4E7C49D3641BC9E299E466A7F8867D, 4F2E742EFE2DE47EE187B3BCDFDCB525FE484B74700A226D7894F9633F957AFA ] vds C:\Windows\System32\vds.exe
    23:27:23.0859 0x060c vds - ok
    23:27:23.0890 0x060c [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    23:27:23.0890 0x060c vga - ok
    23:27:23.0921 0x060c [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
    23:27:23.0921 0x060c VgaSave - ok
    23:27:23.0952 0x060c [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583, 33DF8F7C9A3176175113CA10D69FAF17A5412C055943F14DDC9923531FADB82D ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
    23:27:23.0952 0x060c vhdmp - ok
    23:27:23.0984 0x060c [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
    23:27:23.0984 0x060c viaagp - ok
    23:27:24.0015 0x060c [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
    23:27:24.0015 0x060c ViaC7 - ok
    23:27:24.0046 0x060c [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
    23:27:24.0046 0x060c viaide - ok
    23:27:24.0077 0x060c [ 384E5A2AA49934295171E499F86BA6F3, C79271F98506392422325C075144F45436F9979FE1E002B57F9426F3DA96CEF0 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
    23:27:24.0077 0x060c volmgr - ok
    23:27:24.0108 0x060c [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    23:27:24.0124 0x060c volmgrx - ok
    23:27:24.0202 0x060c [ 59F06B4968E58BC83DFC56CA4517960E, F0ACE8D5F30B8C81E4FDE0CEBDBA71A212A3198ED09D92B2B40C48FBB243D3F5 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    23:27:24.0202 0x060c volsnap - ok
    23:27:24.0280 0x060c [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    23:27:24.0280 0x060c vsmraid - ok
    23:27:24.0374 0x060c [ 7EA2BCD94D9CFAF4C556F5CC94532A6C, 7CD6637BE0A08E3B0F9991D79751DCA8AEC9224B83301821DAA29C9F42B7A9E3 ] VSS C:\Windows\system32\vssvc.exe
    23:27:24.0452 0x060c VSS - ok
    23:27:24.0483 0x060c [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    23:27:24.0483 0x060c vwifibus - ok
    23:27:24.0514 0x060c [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    23:27:24.0514 0x060c vwififlt - ok
    23:27:24.0561 0x060c [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
    23:27:24.0561 0x060c W32Time - ok
    23:27:24.0592 0x060c [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    23:27:24.0592 0x060c WacomPen - ok
    23:27:24.0639 0x060c [ 692A712062146E96D28BA0B7D75DE31B, B6D260272330E0C8EBFAD8F09212F48F1EFED42E6BD3F29A5780D0B691D55B34 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    23:27:24.0639 0x060c WANARP - ok
    23:27:24.0654 0x060c [ 692A712062146E96D28BA0B7D75DE31B, B6D260272330E0C8EBFAD8F09212F48F1EFED42E6BD3F29A5780D0B691D55B34 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    23:27:24.0654 0x060c Wanarpv6 - ok
    23:27:24.0779 0x060c [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    23:27:24.0826 0x060c WatAdminSvc - ok
    23:27:24.0888 0x060c [ 7790B77FE1E5EE47DCC66247095BB4C9, FFB541F83CDE32E65007D41217C2F46CDDF68121E2846B638EAB620ACA940B05 ] wbengine C:\Windows\system32\wbengine.exe
    23:27:24.0951 0x060c wbengine - ok
    23:27:24.0982 0x060c [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    23:27:24.0998 0x060c WbioSrvc - ok
    23:27:25.0044 0x060c [ 6D9B75275C3E3A5F51AEF81AFFADB2B6, 0805471A57DDF1974F3F7B36B0DD843731C608D10A1C00B01E6E9D0460098E1A ] wcncsvc C:\Windows\System32\wcncsvc.dll
    23:27:25.0076 0x060c wcncsvc - ok
    23:27:25.0091 0x060c [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    23:27:25.0091 0x060c WcsPlugInService - ok
    23:27:25.0122 0x060c [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
    23:27:25.0138 0x060c Wd - ok
    23:27:25.0200 0x060c [ A840213F1ACDCC175B4D1D5AAEAC0D7A, B20F7CAEEA790290072BC170EBEEADB4C19E1C40DB0B3FE0D4A640D0D82300D6 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    23:27:25.0232 0x060c Wdf01000 - ok
    23:27:25.0263 0x060c [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
    23:27:25.0263 0x060c WdiServiceHost - ok
    23:27:25.0278 0x060c [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
    23:27:25.0278 0x060c WdiSystemHost - ok
    23:27:25.0341 0x060c [ BB5EC38F8D4600119B4720BC5D4211F1, F04F823A9FE77704F38D773C7350C71727C5E3309CD1EC754519C826A4599476 ] WebClient C:\Windows\System32\webclnt.dll
    23:27:25.0341 0x060c WebClient - ok
    23:27:25.0372 0x060c [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
    23:27:25.0388 0x060c Wecsvc - ok
    23:27:25.0419 0x060c [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    23:27:25.0419 0x060c wercplsupport - ok
    23:27:25.0450 0x060c [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
    23:27:25.0466 0x060c WerSvc - ok
    23:27:25.0497 0x060c [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    23:27:25.0497 0x060c WfpLwf - ok
    23:27:25.0528 0x060c [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    23:27:25.0528 0x060c WIMMount - ok
    23:27:25.0637 0x060c [ 3FAE8F94296001C32EAB62CD7D82E0FD, 180FAECC426CF8F46700C855022E5865D528B1A20686F96D11080AB2FE2E0430 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
    23:27:25.0668 0x060c WinDefend - ok
    23:27:25.0684 0x060c WinHttpAutoProxySvc - ok
    23:27:25.0793 0x060c [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    23:27:25.0793 0x060c Winmgmt - ok
    23:27:25.0887 0x060c [ C4F5D3901D1B41D602DDC196E0B95B51, 20FF2A9DEE3ECBFB163DFA62A407E30ED49F609EF46936F286C2A08A24EA3E7C ] WinRM C:\Windows\system32\WsmSvc.dll
    23:27:25.0949 0x060c WinRM - ok
    23:27:26.0027 0x060c [ 30FC6E5448D0CBAAA95280EEEF7FEDAE, 04374450882504D9031951F4E9317E5A128EBA5A22A3555ACD28BC742861AF9C ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    23:27:26.0027 0x060c WinUsb - ok
    23:27:26.0105 0x060c [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
    23:27:26.0121 0x060c Wlansvc - ok
    23:27:26.0246 0x060c [ 6067ACEF367E79914AF628FA1E9B5330, 491A705267B48C103E00B26BBD21FA8829DB03A88343CBC27264CEE5DE8C8DEF ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    23:27:26.0261 0x060c wlcrasvc - ok
    23:27:26.0433 0x060c [ FB01D4AE207B9EFDBABFC55DC95C7E31, E0EFDBBE0BAC275230C8C1A053948C21BCF20B99B92E50939E95FFB9DC87F6BA ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    23:27:26.0480 0x060c wlidsvc - ok
    23:27:26.0495 0x060c [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    23:27:26.0495 0x060c WmiAcpi - ok
    23:27:26.0573 0x060c [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    23:27:26.0573 0x060c wmiApSrv - ok
    23:27:26.0698 0x060c [ 77FBD400984CF72BA0FC4B3489D65F74, 9AA404F17177FEB43A9EA1A86061B452E7C4A93C873E61B68269047519CD433E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    23:27:26.0729 0x060c WMPNetworkSvc - ok
    23:27:26.0792 0x060c [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
    23:27:26.0792 0x060c WPCSvc - ok
    23:27:26.0854 0x060c [ B7F658A2EBC07129538AD9AB35212637, 86774A760189E4B126C972A778F890C00C1C30EDD28044DD43B40644A8778B4D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    23:27:26.0870 0x060c WPDBusEnum - ok
    23:27:26.0916 0x060c [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    23:27:26.0916 0x060c ws2ifsl - ok
    23:27:26.0963 0x060c [ A661A76333057B383A06E65F0073222F, B25AEC2B668C61F2E1C6F7AD27706EE10F8B04F09B5D069784131A6B8B5DF570 ] wscsvc C:\Windows\system32\wscsvc.dll
    23:27:26.0963 0x060c wscsvc - ok
    23:27:26.0979 0x060c WSearch - ok
    23:27:27.0104 0x060c [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
    23:27:27.0150 0x060c wuauserv - ok
    23:27:27.0197 0x060c [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    23:27:27.0197 0x060c WudfPf - ok
    23:27:27.0244 0x060c [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    23:27:27.0244 0x060c WUDFRd - ok
    23:27:27.0306 0x060c [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    23:27:27.0306 0x060c wudfsvc - ok
    23:27:27.0353 0x060c [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc C:\Windows\System32\wwansvc.dll
    23:27:27.0369 0x060c WwanSvc - ok
    23:27:27.0462 0x060c [ 881B9164AA223AE22B5D35A6EE454094, A85B3059FDCBF969B3DADDEEA69ED3765F6A264D5EB0624092A154509FD0421F ] XobniService C:\Program Files\Xobni\XobniService.exe
    23:27:27.0462 0x060c XobniService - ok
    23:27:27.0494 0x060c ================ Scan global ===============================
    23:27:27.0540 0x060c [ 9A595DF601070DA78C40481120DD2C06, 4C2D6216F212DE9346339ED29152962A39E4435E70F18DD655156727E70818F6 ] C:\Windows\system32\basesrv.dll
    23:27:27.0587 0x060c [ 8531AAF69394EFB93BC653916C46D245, 0DD9319AB0E4A714EB51989B2458E46D77F4776DBAD9F65CFA55662BAFB82CD9 ] C:\Windows\system32\winsrv.dll
    23:27:27.0603 0x060c [ 8531AAF69394EFB93BC653916C46D245, 0DD9319AB0E4A714EB51989B2458E46D77F4776DBAD9F65CFA55662BAFB82CD9 ] C:\Windows\system32\winsrv.dll
    23:27:27.0650 0x060c [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
    23:27:27.0712 0x060c [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
    23:27:27.0712 0x060c [ Global ] - ok
    23:27:27.0728 0x060c ================ Scan MBR ==================================
    23:27:27.0743 0x060c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    23:27:28.0040 0x060c \Device\Harddisk0\DR0 - ok
    23:27:28.0040 0x060c ================ Scan VBR ==================================
    23:27:28.0055 0x060c [ AB0A3AA5E2E18EE56AD478CF925FAC5F ] \Device\Harddisk0\DR0\Partition1
    23:27:28.0055 0x060c \Device\Harddisk0\DR0\Partition1 - ok
    23:27:28.0071 0x060c Waiting for KSN requests completion. In queue: 107
    23:27:29.0085 0x060c Waiting for KSN requests completion. In queue: 107
    23:27:30.0099 0x060c Waiting for KSN requests completion. In queue: 107
    23:27:31.0113 0x060c AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.5.216.0 ), 0x60000 ( disabled : updated )
    23:27:31.0113 0x060c Win FW state via NFP2: enabled
    23:27:33.0718 0x060c ============================================================
    23:27:33.0718 0x060c Scan finished
    23:27:33.0718 0x060c ============================================================
    23:27:33.0734 0x02b0 Detected object count: 0
    23:27:33.0734 0x02b0 Actual detected object count: 0
  11. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    That looks clean.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  12. McGixxer

    McGixxer TS Rookie Topic Starter

    RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com
    Operating System : Windows 7 (6.1.7600 ) 32 bits version
    Started in : Normal mode
    User : Owner [Admin rights]
    Mode : Remove -- Date : 04/14/2014 23:53:52
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 7 ¤¤¤
    [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Scheduled tasks : 0 ¤¤¤
    ¤¤¤ Startup Entries : 0 ¤¤¤
    ¤¤¤ Web browsers : 0 ¤¤¤
    ¤¤¤ Browser Addons : 0 ¤¤¤
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [LOADED] ¤¤¤
    [Address] IAT @explorer.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Windows\system32\apphelp.dll @ 0x751E5E25)
    [Address] EAT @explorer.exe (BeginBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F809AE)
    [Address] EAT @explorer.exe (BeginBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F749A1)
    [Address] EAT @explorer.exe (BeginPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA0731)
    [Address] EAT @explorer.exe (BufferedPaintClear) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F76395)
    [Address] EAT @explorer.exe (BufferedPaintInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7940E)
    [Address] EAT @explorer.exe (BufferedPaintRenderAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F808ED)
    [Address] EAT @explorer.exe (BufferedPaintSetAlpha) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F8E6B3)
    [Address] EAT @explorer.exe (BufferedPaintStopAllAnimations) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F8D395)
    [Address] EAT @explorer.exe (BufferedPaintUnInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F794AB)
    [Address] EAT @explorer.exe (CloseThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F76A18)
    [Address] EAT @explorer.exe (DrawThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F73982)
    [Address] EAT @explorer.exe (DrawThemeBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F8D9DA)
    [Address] EAT @explorer.exe (DrawThemeEdge) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F93B52)
    [Address] EAT @explorer.exe (DrawThemeIcon) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA35E7)
    [Address] EAT @explorer.exe (DrawThemeParentBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F753E5)
    [Address] EAT @explorer.exe (DrawThemeParentBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F751BF)
    [Address] EAT @explorer.exe (DrawThemeText) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F74EA1)
    [Address] EAT @explorer.exe (DrawThemeTextEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F763E6)
    [Address] EAT @explorer.exe (EnableThemeDialogTexture) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7FCAF)
    [Address] EAT @explorer.exe (EnableTheming) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA2FEB)
    [Address] EAT @explorer.exe (EndBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F73F9A)
    [Address] EAT @explorer.exe (EndBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F73F9A)
    [Address] EAT @explorer.exe (EndPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA06CC)
    [Address] EAT @explorer.exe (GetBufferedPaintBits) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F74BAF)
    [Address] EAT @explorer.exe (GetBufferedPaintDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F804BC)
    [Address] EAT @explorer.exe (GetBufferedPaintTargetDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F80473)
    [Address] EAT @explorer.exe (GetBufferedPaintTargetRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA2E7F)
    [Address] EAT @explorer.exe (GetCurrentThemeName) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F805DD)
    [Address] EAT @explorer.exe (GetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F80FB1)
    [Address] EAT @explorer.exe (GetThemeBackgroundContentRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7CD2E)
    [Address] EAT @explorer.exe (GetThemeBackgroundExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7F8BF)
    [Address] EAT @explorer.exe (GetThemeBackgroundRegion) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F8165D)
    [Address] EAT @explorer.exe (GetThemeBitmap) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7BF93)
    [Address] EAT @explorer.exe (GetThemeBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F77C1F)
    [Address] EAT @explorer.exe (GetThemeColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7616C)
    [Address] EAT @explorer.exe (GetThemeDocumentationProperty) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA2932)
    [Address] EAT @explorer.exe (GetThemeEnumValue) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7616C)
    [Address] EAT @explorer.exe (GetThemeFilename) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA2412)
    [Address] EAT @explorer.exe (GetThemeFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7FF21)
    [Address] EAT @explorer.exe (GetThemeInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7616C)
    [Address] EAT @explorer.exe (GetThemeIntList) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA23B1)
    [Address] EAT @explorer.exe (GetThemeMargins) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F786E9)
    [Address] EAT @explorer.exe (GetThemeMetric) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F806E2)
    [Address] EAT @explorer.exe (GetThemePartSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7CDB1)
    [Address] EAT @explorer.exe (GetThemePosition) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA2350)
    [Address] EAT @explorer.exe (GetThemePropertyOrigin) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F93FBB)
    [Address] EAT @explorer.exe (GetThemeRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F83611)
    [Address] EAT @explorer.exe (GetThemeStream) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F839D9)
    [Address] EAT @explorer.exe (GetThemeString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA22E4)
    [Address] EAT @explorer.exe (GetThemeSysBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA3172)
    [Address] EAT @explorer.exe (GetThemeSysColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F93274)
    [Address] EAT @explorer.exe (GetThemeSysColorBrush) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA301E)
    [Address] EAT @explorer.exe (GetThemeSysFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA29C4)
    [Address] EAT @explorer.exe (GetThemeSysInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA2BD3)
    [Address] EAT @explorer.exe (GetThemeSysSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA320B)
    [Address] EAT @explorer.exe (GetThemeSysString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA2B3F)
    [Address] EAT @explorer.exe (GetThemeTextExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F72D57)
    [Address] EAT @explorer.exe (GetThemeTextMetrics) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7F992)
    [Address] EAT @explorer.exe (GetThemeTransitionDuration) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F81081)
    [Address] EAT @explorer.exe (GetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7DF46)
    [Address] EAT @explorer.exe (HitTestThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F83CE3)
    [Address] EAT @explorer.exe (IsAppThemed) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7F869)
    [Address] EAT @explorer.exe (IsCompositionActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F72E9A)
    [Address] EAT @explorer.exe (IsThemeActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7F785)
    [Address] EAT @explorer.exe (IsThemeBackgroundPartiallyTransparent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F760AB)
    [Address] EAT @explorer.exe (IsThemeDialogTextureEnabled) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA312B)
    [Address] EAT @explorer.exe (IsThemePartDefined) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F785B4)
    [Address] EAT @explorer.exe (OpenThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F773D2)
    [Address] EAT @explorer.exe (OpenThemeDataEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F93D43)
    [Address] EAT @explorer.exe (SetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA3296)
    [Address] EAT @explorer.exe (SetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F80134)
    [Address] EAT @explorer.exe (SetWindowThemeAttribute) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F8CFE6)
    [Address] EAT @explorer.exe (ThemeInitApiHook) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7B176)
    [Address] EAT @explorer.exe (UpdatePanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA068D)
    [Address] EAT @iexplore.exe (BeginBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F809AE)
    [Address] EAT @iexplore.exe (BeginBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F749A1)
    [Address] EAT @iexplore.exe (BeginPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA0731)
    [Address] EAT @iexplore.exe (BufferedPaintClear) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F76395)
    [Address] EAT @iexplore.exe (BufferedPaintInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7940E)
    [Address] EAT @iexplore.exe (BufferedPaintRenderAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F808ED)
    [Address] EAT @iexplore.exe (BufferedPaintSetAlpha) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F8E6B3)
    [Address] EAT @iexplore.exe (BufferedPaintStopAllAnimations) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F8D395)
    [Address] EAT @iexplore.exe (BufferedPaintUnInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F794AB)
    [Address] EAT @iexplore.exe (CloseThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F76A18)
    [Address] EAT @iexplore.exe (DrawThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F73982)
    [Address] EAT @iexplore.exe (DrawThemeBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F8D9DA)
    [Address] EAT @iexplore.exe (DrawThemeEdge) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F93B52)
    [Address] EAT @iexplore.exe (DrawThemeIcon) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA35E7)
    [Address] EAT @iexplore.exe (DrawThemeParentBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F753E5)
    [Address] EAT @iexplore.exe (DrawThemeParentBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F751BF)
    [Address] EAT @iexplore.exe (DrawThemeText) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F74EA1)
    [Address] EAT @iexplore.exe (DrawThemeTextEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F763E6)
    [Address] EAT @iexplore.exe (EnableThemeDialogTexture) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7FCAF)
    [Address] EAT @iexplore.exe (EnableTheming) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA2FEB)
    [Address] EAT @iexplore.exe (EndBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F73F9A)
    [Address] EAT @iexplore.exe (EndBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F73F9A)
    [Address] EAT @iexplore.exe (EndPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA06CC)
    [Address] EAT @iexplore.exe (GetBufferedPaintBits) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F74BAF)
    [Address] EAT @iexplore.exe (GetBufferedPaintDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F804BC)
    [Address] EAT @iexplore.exe (GetBufferedPaintTargetDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F80473)
    [Address] EAT @iexplore.exe (GetBufferedPaintTargetRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA2E7F)
    [Address] EAT @iexplore.exe (GetCurrentThemeName) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F805DD)
    [Address] EAT @iexplore.exe (GetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F80FB1)
    [Address] EAT @iexplore.exe (GetThemeBackgroundContentRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7CD2E)
    [Address] EAT @iexplore.exe (GetThemeBackgroundExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7F8BF)
    [Address] EAT @iexplore.exe (GetThemeBackgroundRegion) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F8165D)
    [Address] EAT @iexplore.exe (GetThemeBitmap) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7BF93)
    [Address] EAT @iexplore.exe (GetThemeBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F77C1F)
    [Address] EAT @iexplore.exe (GetThemeColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7616C)
    [Address] EAT @iexplore.exe (GetThemeDocumentationProperty) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA2932)
    [Address] EAT @iexplore.exe (GetThemeEnumValue) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7616C)
    [Address] EAT @iexplore.exe (GetThemeFilename) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA2412)
    [Address] EAT @iexplore.exe (GetThemeFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7FF21)
    [Address] EAT @iexplore.exe (GetThemeInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7616C)
    [Address] EAT @iexplore.exe (GetThemeIntList) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA23B1)
    [Address] EAT @iexplore.exe (GetThemeMargins) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F786E9)
    [Address] EAT @iexplore.exe (GetThemeMetric) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F806E2)
    [Address] EAT @iexplore.exe (GetThemePartSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7CDB1)
    [Address] EAT @iexplore.exe (GetThemePosition) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA2350)
    [Address] EAT @iexplore.exe (GetThemePropertyOrigin) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F93FBB)
    [Address] EAT @iexplore.exe (GetThemeRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F83611)
    [Address] EAT @iexplore.exe (GetThemeStream) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F839D9)
    [Address] EAT @iexplore.exe (GetThemeString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA22E4)
    [Address] EAT @iexplore.exe (GetThemeSysBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA3172)
    [Address] EAT @iexplore.exe (GetThemeSysColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F93274)
    [Address] EAT @iexplore.exe (GetThemeSysColorBrush) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA301E)
    [Address] EAT @iexplore.exe (GetThemeSysFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA29C4)
    [Address] EAT @iexplore.exe (GetThemeSysInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA2BD3)
    [Address] EAT @iexplore.exe (GetThemeSysSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA320B)
    [Address] EAT @iexplore.exe (GetThemeSysString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA2B3F)
    [Address] EAT @iexplore.exe (GetThemeTextExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F72D57)
    [Address] EAT @iexplore.exe (GetThemeTextMetrics) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7F992)
    [Address] EAT @iexplore.exe (GetThemeTransitionDuration) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F81081)
    [Address] EAT @iexplore.exe (GetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7DF46)
    [Address] EAT @iexplore.exe (HitTestThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F83CE3)
    [Address] EAT @iexplore.exe (IsAppThemed) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7F869)
    [Address] EAT @iexplore.exe (IsCompositionActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F72E9A)
    [Address] EAT @iexplore.exe (IsThemeActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7F785)
    [Address] EAT @iexplore.exe (IsThemeBackgroundPartiallyTransparent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F760AB)
    [Address] EAT @iexplore.exe (IsThemeDialogTextureEnabled) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA312B)
    [Address] EAT @iexplore.exe (IsThemePartDefined) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F785B4)
    [Address] EAT @iexplore.exe (OpenThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F773D2)
    [Address] EAT @iexplore.exe (OpenThemeDataEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F93D43)
    [Address] EAT @iexplore.exe (SetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA3296)
    [Address] EAT @iexplore.exe (SetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F80134)
    [Address] EAT @iexplore.exe (SetWindowThemeAttribute) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F8CFE6)
    [Address] EAT @iexplore.exe (ThemeInitApiHook) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7B176)
    [Address] EAT @iexplore.exe (UpdatePanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA068D)
    [Address] EAT @iexplore.exe (BeginBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F809AE)
    [Address] EAT @iexplore.exe (BeginBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F749A1)
    [Address] EAT @iexplore.exe (BeginPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA0731)
    [Address] EAT @iexplore.exe (BufferedPaintClear) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F76395)
    [Address] EAT @iexplore.exe (BufferedPaintInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7940E)
    [Address] EAT @iexplore.exe (BufferedPaintRenderAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F808ED)
    [Address] EAT @iexplore.exe (BufferedPaintSetAlpha) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F8E6B3)
    [Address] EAT @iexplore.exe (BufferedPaintStopAllAnimations) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F8D395)
    [Address] EAT @iexplore.exe (BufferedPaintUnInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F794AB)
    [Address] EAT @iexplore.exe (CloseThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F76A18)
    [Address] EAT @iexplore.exe (DrawThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F73982)
    [Address] EAT @iexplore.exe (DrawThemeBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F8D9DA)
    [Address] EAT @iexplore.exe (DrawThemeEdge) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F93B52)
    [Address] EAT @iexplore.exe (DrawThemeIcon) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA35E7)
    [Address] EAT @iexplore.exe (DrawThemeParentBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F753E5)
    [Address] EAT @iexplore.exe (DrawThemeParentBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F751BF)
    [Address] EAT @iexplore.exe (DrawThemeText) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F74EA1)
    [Address] EAT @iexplore.exe (DrawThemeTextEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F763E6)
    [Address] EAT @iexplore.exe (EnableThemeDialogTexture) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7FCAF)
    [Address] EAT @iexplore.exe (EnableTheming) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA2FEB)
    [Address] EAT @iexplore.exe (EndBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F73F9A)
    [Address] EAT @iexplore.exe (EndBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F73F9A)
    [Address] EAT @iexplore.exe (EndPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA06CC)
    [Address] EAT @iexplore.exe (GetBufferedPaintBits) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F74BAF)
    [Address] EAT @iexplore.exe (GetBufferedPaintDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F804BC)
    [Address] EAT @iexplore.exe (GetBufferedPaintTargetDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F80473)
    [Address] EAT @iexplore.exe (GetBufferedPaintTargetRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA2E7F)
    [Address] EAT @iexplore.exe (GetCurrentThemeName) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F805DD)
    [Address] EAT @iexplore.exe (GetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F80FB1)
    [Address] EAT @iexplore.exe (GetThemeBackgroundContentRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7CD2E)
    [Address] EAT @iexplore.exe (GetThemeBackgroundExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7F8BF)
    [Address] EAT @iexplore.exe (GetThemeBackgroundRegion) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F8165D)
    [Address] EAT @iexplore.exe (GetThemeBitmap) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7BF93)
    [Address] EAT @iexplore.exe (GetThemeBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F77C1F)
    [Address] EAT @iexplore.exe (GetThemeColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7616C)
    [Address] EAT @iexplore.exe (GetThemeDocumentationProperty) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA2932)
    [Address] EAT @iexplore.exe (GetThemeEnumValue) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7616C)
    [Address] EAT @iexplore.exe (GetThemeFilename) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA2412)
    [Address] EAT @iexplore.exe (GetThemeFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7FF21)
    [Address] EAT @iexplore.exe (GetThemeInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7616C)
    [Address] EAT @iexplore.exe (GetThemeIntList) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA23B1)
    [Address] EAT @iexplore.exe (GetThemeMargins) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F786E9)
    [Address] EAT @iexplore.exe (GetThemeMetric) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F806E2)
    [Address] EAT @iexplore.exe (GetThemePartSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7CDB1)
    [Address] EAT @iexplore.exe (GetThemePosition) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA2350)
    [Address] EAT @iexplore.exe (GetThemePropertyOrigin) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F93FBB)
    [Address] EAT @iexplore.exe (GetThemeRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F83611)
    [Address] EAT @iexplore.exe (GetThemeStream) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F839D9)
    [Address] EAT @iexplore.exe (GetThemeString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA22E4)
    [Address] EAT @iexplore.exe (GetThemeSysBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA3172)
    [Address] EAT @iexplore.exe (GetThemeSysColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F93274)
    [Address] EAT @iexplore.exe (GetThemeSysColorBrush) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA301E)
    [Address] EAT @iexplore.exe (GetThemeSysFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA29C4)
    [Address] EAT @iexplore.exe (GetThemeSysInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA2BD3)
    [Address] EAT @iexplore.exe (GetThemeSysSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA320B)
    [Address] EAT @iexplore.exe (GetThemeSysString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA2B3F)
    [Address] EAT @iexplore.exe (GetThemeTextExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F72D57)
    [Address] EAT @iexplore.exe (GetThemeTextMetrics) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7F992)
    [Address] EAT @iexplore.exe (GetThemeTransitionDuration) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F81081)
    [Address] EAT @iexplore.exe (GetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7DF46)
    [Address] EAT @iexplore.exe (HitTestThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F83CE3)
    [Address] EAT @iexplore.exe (IsAppThemed) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7F869)
    [Address] EAT @iexplore.exe (IsCompositionActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F72E9A)
    [Address] EAT @iexplore.exe (IsThemeActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7F785)
    [Address] EAT @iexplore.exe (IsThemeBackgroundPartiallyTransparent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F760AB)
    [Address] EAT @iexplore.exe (IsThemeDialogTextureEnabled) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA312B)
    [Address] EAT @iexplore.exe (IsThemePartDefined) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F785B4)
    [Address] EAT @iexplore.exe (OpenThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F773D2)
    [Address] EAT @iexplore.exe (OpenThemeDataEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F93D43)
    [Address] EAT @iexplore.exe (SetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA3296)
    [Address] EAT @iexplore.exe (SetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F80134)
    [Address] EAT @iexplore.exe (SetWindowThemeAttribute) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F8CFE6)
    [Address] EAT @iexplore.exe (ThemeInitApiHook) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7B176)
    [Address] EAT @iexplore.exe (UpdatePanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA068D)
    ¤¤¤ External Hives: ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts

    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BEVT-26ZCT0 +++++
    --- User ---
    [MBR] 62a03ea260bf44b62c0615f88e728e8c
    [BSP] 335562380b98f5c4651527779a4b6055 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 294695 MB
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 606609408 | Size: 9049 MB
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) SanDisk U3 Cruzer Micro USB Device +++++
    --- User ---
    [MBR] 0f5a61d3103f5cc8aa13d1c06f08e539
    [BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 245 | Size: 1950 MB
    User = LL1 ... OK!
    Error reading LL2 MBR! ([0x32] The request is not supported. )
    Finished : << RKreport[0]_D_04142014_235352.txt >>
    RKreport[0]_S_04142014_235301.txt
  13. McGixxer

    McGixxer TS Rookie Topic Starter

    Quick question! Should my Microsoft Security Essentials real time protection be on or off during all this? At the moment its on, and I'm waiting for the Mbytes Root Kit to finish at the moment
  14. McGixxer

    McGixxer TS Rookie Topic Starter

    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    www.malwarebytes.org
    Database version: v2014.04.15.02
    Windows 7 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Owner :: OWNER-PC [administrator]
    4/15/2014 12:06:32 AM
    mbar-log-2014-04-15 (00-06-32).txt
    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 302918
    Time elapsed: 19 minute(s), 29 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    Physical Sectors Detected: 0
    (No malicious items detected)
    (end)
  15. McGixxer

    McGixxer TS Rookie Topic Starter

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7600 Windows 7 x86
    Account is Administrative
    Internet Explorer version: 9.0.8112.16421
    Java version: 1.6.0_30
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.995000 GHz
    Memory total: 3082801152, free: 1831952384
    No address found
    Downloaded database version: v2014.04.15.02
    Downloaded database version: v2014.03.27.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    04/15/2014 00:06:23
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntkrnlpa.exe
    \SystemRoot\system32\halmacpi.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\94844205.sys
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\DRIVERS\ACPI.sys
    \SystemRoot\system32\DRIVERS\WMILIB.SYS
    \SystemRoot\system32\DRIVERS\msisadrv.sys
    \SystemRoot\system32\DRIVERS\pci.sys
    \SystemRoot\system32\DRIVERS\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\DRIVERS\atapi.sys
    \SystemRoot\system32\DRIVERS\ataport.SYS
    \SystemRoot\system32\DRIVERS\msahci.sys
    \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\DRIVERS\MpFilter.sys
    \SystemRoot\System32\Drivers\PxHelp20.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
    \SystemRoot\system32\DRIVERS\tos_sps32.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\rtlprot.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\TVALZFL.sys
    \SystemRoot\system32\DRIVERS\FwLnk.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\igdkmd32.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Rt86win7.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\tdcmdpst.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\rdsdrvdm.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHDA.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\AGRSM.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\pgeffect.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\system32\DRIVERS\RTL8187B.sys
    \SystemRoot\System32\drivers\vwifibus.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\user32.dll
    \Windows\System32\msctf.dll
    \Windows\System32\lpk.dll
    \Windows\System32\shell32.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\ole32.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\sechost.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\usp10.dll
    \Windows\System32\psapi.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\wininet.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\imm32.dll
    \Windows\System32\nsi.dll
    \Windows\System32\devobj.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\msasn1.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR3
    Upper Device Object: 0xffffffff8706bac8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000007f\
    Lower Device Object: 0xffffffff88316520
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff8700b8b8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xffffffff861f2028
    Lower Device Driver Name: \Driver\iaStor\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff8700b8b8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8700b4f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff8700b8b8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff861f2028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 93C5EB0E
    Partition information:
    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3072000
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 3074048 Numsec = 603535360
    Partition file system is NTFS
    Partition is bootable
    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 606609408 Numsec = 18532352
    Partition is not bootable
    Hidden partition VBR is not infected.
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 320072933376 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xffffffff8706bac8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff881bb8c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff8706bac8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff88316520, DeviceName: \Device\0000007f\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 0
    Partition information:
    Partition 0 type is Other (0xb)
    Partition is ACTIVE.
    Partition starts at LBA: 245 Numsec = 3995467
    Partition file system is FAT32
    Partition is bootable
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 2047678976 bytes
    Sector size: 512 bytes
    Done!
    Scan finished
    =======================================
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR3
    Upper Device Object: 0xffffffff8706bac8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000007f\
    Lower Device Object: 0xffffffff88316520
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff8700b8b8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xffffffff861f2028
    Lower Device Driver Name: \Driver\iaStor\
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 93C5EB0E
    Partition information:
    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3072000
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 3074048 Numsec = 603535360
    Partition file system is NTFS
    Partition is bootable
    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 606609408 Numsec = 18532352
    Partition is not bootable
    Hidden partition VBR is not infected.
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 320072933376 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
    Done!
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 0
    Partition information:
    Partition 0 type is Other (0xb)
    Partition is ACTIVE.
    Partition starts at LBA: 245 Numsec = 3995467
    Partition file system is FAT32
    Partition is bootable
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 2047678976 bytes
    Sector size: 512 bytes
    Done!
  16. McGixxer

    McGixxer TS Rookie Topic Starter

    Restore point is made too
  17. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    I'm not seeing too much so far.
    What is the file name/location MSE is complaining about?

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  18. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Still with me?
  19. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    This topic is marked as abandoned and closed due to inactivity.

    This member will NOT be eligible to receive any more help in malware removal forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.