Inactive-A DOS/Rovnix.gg virus removal help

Status
Not open for further replies.
M

McGixxer

Posts: 14   +1
I really hope I followed all the instruction correctly. However, I was unable to get DDS to create a log no matter how many times I re-read how to shut everything down that should prevent it from running. So I ran a scan with ZHPDiag instead.

This Virus pops up in Microsoft Security Essentials and can not be removed by it, even when it tells you that it can by rebooting the computer and running it in offline mode.

Malwarebytes log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.04.14.09
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]
4/14/2014 9:35:56 PM
mbam-log-2014-04-14 (21-35-56).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 306785
Time elapsed: 12 minute(s), 26 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
Last edited:
DDS log (attach.txt)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/8/2009 5:38:49 PM
System Uptime: 4/14/2014 9:07:09 PM (1 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | CPU | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 148.634 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp LaserJet 4200
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4200
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 600 M602
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: HP LaserJet 600 M602
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
==== System Restore Points ===================
.
RP1341: 3/10/2014 10:08:36 AM - Configured Microsoft Office Home and Student 2007
RP1342: 3/10/2014 4:55:41 PM - Windows Update
RP1343: 3/11/2014 10:43:43 AM - Configured Microsoft Office Home and Student 2007
RP1344: 3/11/2014 4:04:06 PM - Configured Microsoft Office Home and Student 2007
RP1345: 3/11/2014 4:22:09 PM - Configured Microsoft Office Home and Student 2007
RP1346: 3/11/2014 5:02:14 PM - Windows Update
RP1347: 3/13/2014 8:40:56 AM - Windows Update
RP1348: 3/13/2014 4:51:08 PM - Windows Update
RP1349: 3/14/2014 11:23:17 AM - Windows Update
RP1350: 3/17/2014 8:06:59 AM - Windows Update
RP1351: 3/17/2014 5:03:50 PM - Windows Update
RP1352: 3/18/2014 8:10:33 AM - Windows Update
RP1353: 3/18/2014 5:07:12 PM - Windows Update
RP1354: 3/19/2014 2:09:10 PM - Restore Operation
RP1355: 3/19/2014 3:34:08 PM - Windows Update
RP1356: 3/19/2014 4:38:24 PM - Windows Update
RP1357: 3/20/2014 4:32:50 PM - Configured Microsoft Office Home and Student 2007
RP1358: 3/20/2014 4:47:38 PM - Windows Update
RP1359: 3/21/2014 5:05:26 PM - Windows Update
RP1360: 3/24/2014 5:01:33 PM - Windows Update
RP1361: 3/25/2014 5:12:03 PM - Windows Update
RP1362: 3/26/2014 4:49:05 PM - Windows Update
RP1363: 3/27/2014 4:44:42 PM - Windows Update
RP1364: 3/28/2014 4:46:30 PM - Windows Update
RP1365: 3/31/2014 5:03:01 PM - Windows Update
RP1366: 4/1/2014 9:16:02 AM - Configured Microsoft Office Home and Student 2007
RP1367: 4/1/2014 5:12:02 PM - Windows Update
RP1368: 4/2/2014 4:59:24 PM - Windows Update
RP1369: 4/3/2014 8:37:05 AM - Windows Update
RP1370: 4/3/2014 5:01:09 PM - Windows Update
RP1371: 4/4/2014 2:12:01 PM - Windows Update
RP1372: 4/8/2014 8:16:14 AM - Windows Update
RP1373: 4/8/2014 3:26:09 PM - Configured Microsoft Office Home and Student 2007
RP1374: 4/8/2014 3:32:46 PM - Configured Microsoft Office Home and Student 2007
RP1375: 4/8/2014 5:01:39 PM - Windows Update
RP1377: 4/9/2014 8:50:01 AM - Installed Rapport
RP1378: 4/10/2014 8:20:39 AM - Windows Update
RP1379: 4/11/2014 3:00:21 AM - Windows Update
RP1380: 4/11/2014 8:14:30 AM - Windows Update
RP1381: 4/11/2014 9:47:16 AM - Restore Operation
RP1382: 4/11/2014 11:23:14 AM - Windows Update
RP1384: 4/11/2014 3:06:25 PM - Installed Rapport
RP1386: 4/12/2014 11:49:29 PM - Windows Update
RP1387: 4/13/2014 12:07:46 AM - Windows Update
RP1385: 4/13/2014 12:08:28 AM - Windows Update
RP1388: 4/13/2014 2:05:28 AM - Removed Rapport
RP1389: 4/13/2014 2:21:19 AM - Removed Rapport
RP1390: 4/13/2014 2:31:18 AM - Removed Rapport
RP1391: 4/13/2014 2:40:33 AM - Removed Rapport
.
==== Image File Execution Options =============
.
.
==== Installed Programs ======================
.
.
==== End Of File ===========================
 
~ Report of ZHPDiag v2014.4.13.25 - Nicolas Coolman (4/13/2014)
~ Launched by Owner (4/14/2014 10:47:00 PM)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by user

---\\ Internet browsers
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v34.0.1847.116
OBIE: Safari v5.34.57.2
---\\ Windows product information
~ Langage: Anglais
Windows 7 Home Premium, 32-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System protection software
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client v4.5.0216.0
Windows Defender W7
---\\ System optimization software
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 12 ActiveX
Adobe Reader X
---\\ Information on the system
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2940.0 MB (74% free)
System Restore: Activé (Enable)
System drive C: has 149 GB (51%) free of 288 GB
---\\ Connection to the system mode
~ Computer Name: OWNER-PC
~ User Name: Owner
~ All Users Names: Owner, HomeGroupUser$, Guest, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Owner\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Owner\AppData\Roaming\
~ %Desktop% : C:\Users\Owner\Desktop\
~ %Favorites% : C:\Users\Owner\Favorites\
~ %LocalAppData% : C:\Users\Owner\AppData\Local\
~ %StartMenu% : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 149 Go of 288 Go)
D: CD-ROM drive (Not Inserted)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 50 Legitimates Filtered in 00mn AMs
---\\ Search Generic System Files
[MD5.2AF58D15EDC06EC6FDACCE1F19482BBF] - (.Microsoft Corporation - Windows Explorer.) (.2/25/2011 - 11:33:07 PM.) -- C:\Windows\Explorer.exe [2614784]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Start-Up Application.) (.7/13/2009 - 7:14:45 PM.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.C5B6468422DB1C8AA36C32CBB0197E5E] - (.Microsoft Corporation - Internet Extensions for Win32.) (.2/21/2013 - 9:38:00 PM.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Windows Logon Application.) (.10/28/2009 - 12:17:59 AM.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Software Licensing Library.) (.7/13/2009 - 7:16:15 PM.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.4/24/2011 - 8:35:40 PM.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/13/2009 - 7:26:15 PM.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.7/13/2009 - 5:11:15 PM.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.7/13/2009 - 5:11:26 PM.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.4/26/2011 - 8:33:46 PM.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.7/13/2009 - 5:50:56 PM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042 Port Driver.) (.7/13/2009 - 5:11:24 PM.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.7/13/2009 - 5:54:29 PM.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.5/3/2011 - 8:43:41 PM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.7/13/2009 - 5:12:21 PM.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.A8F59428E9F361C7AC42A94AC1560BC9] - (.Microsoft Corporation - NT File System Driver.) (.4/12/2013 - 7:58:11 AM.) -- C:\Windows\system32\Drivers\ntfs.sys [1210728]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Parallel Port Driver.) (.7/13/2009 - 5:45:35 PM.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.7/13/2009 - 5:54:34 PM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.7/13/2009 - 5:53:41 PM.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.7/13/2009 - 5:12:11 PM.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.59F06B4968E58BC83DFC56CA4517960E] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.9/6/2012 - 10:48:29 AM.) -- C:\Windows\system32\Drivers\volsnap.sys [245616]
~ Generic Processes: Scanned in 00mn AMs
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/285
~ Mes musiques (My Musics) : 1/24
~ Mes Videos (My Videos) : 2/3
~ Mes Favoris (My Favorites) : 1/409
~ Mes Documents (My Documents) : 3/202
~ Mon Bureau (My Desktop) : 3/41
~ Menu demarrer (Programs) : 1/24
~ Hidden Files: Scanned in 01mn AMs
---\\ Process running
[MD5.1AAD47F9113C168837E73C9E19256F28] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1451304] [PID.3204]
[MD5.C08EEB50B0CA00F7D272AE94B1531F7D] - (.TOSHIBA - No Comment.) -- C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2513472] [PID.3160]
[MD5.64BD7D1730E938E571B4375208B7C0BD] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.2840]
[MD5.967DCD9F36AAEA34FE859C9B82E6A4B9] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248] [PID.536]
[MD5.886C16114E2C2F8F91710B334692803C] - (.TOSHIBA CORPORATION - ConfigFree Task Tray Menu.) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [304496] [PID.3716]
[MD5.8A07221789D46B2EA7DFCA2BC807572A] - (.TOSHIBA CORPORATION - ConfigFree Switch Manager Process.) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe [62848] [PID.4344]
[MD5.37CC821DE64DEB7513D65BCA5AE297FD] - (.TOSHIBA Corporation - TosSENotify.exe.) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1021272] [PID.5056]
[MD5.08FECDE82830FA31E186E071D87CE86A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8212992] [PID.8044]
~ Processes Running: Scanned in 01mn AMs
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www.bing.com
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.msn.com
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Google Chrome Extension Folder
~ Google Lines Browser: 11 Legitimates Filtered in 00mn AMs
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@ei.TotalRecipeSearch_14.com/Plugin] - (...) -- C:\Program Files\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISB.dll (.not file.)
P2 - FPN: [HKLM] [@google.com/npPicasa2,version=2.0.0] - (...) -- C:\Program Files\Picasa2\npPicasa2.dll (.not file.)
P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.1] - (.No owner - Provides additional functionality on Facebook. See <a href="http://www.) -- C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll =>.Facebook
~ Firefox Browser: 20 Legitimates Filtered in 00mn AMs
---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} . (.No owner - Provides additional functionality on Facebook. See <a href="http://www.) (No version) -- (.not file.) =>.Facebook
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.No owner - Provides additional functionality on Facebook. See <a href="http://www.) (No version) -- (.not file.) =>.Facebook
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0
~ IE Browser: 15 Legitimates Filtered in 00mn AMs
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>;*.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn AMs
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn AMs
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn AMs
~ Nombre de lignes (Lines number): 1
---\\ Browser Helper Objects (O2)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask
~ BHO: 8 Legitimates Filtered in 00mn AMs
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: Ask Toolbar - [HKLM]{D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan key
~ Toolbar: Scanned in 00mn AMs
---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: DYMO Label.lnk . (.DYMO Corporation - DYMO Label Software.) -- C:\Program Files\DYMO Label\Dymolbl.exe
O4 - GS\Desktop [Public]: DYMO Stamps.lnk . (.Endicia Internet Postage - DYMO Printable Postage.) -- C:\Program Files\DYMO Stamps\DYMO Stamps.exe
O4 - GS\Desktop [Public]: QuickBooks Pro 2012.lnk . (.Intuit Inc. - QuickBooks Application.) -- C:\Program Files\Intuit\QuickBooks 2009\QBW32Pro.exe
O4 - GS\Desktop [Public]: QuickFile Florida.lnk . (...) -- C:\Program Files\QuickQuoteA2k2 Runtime\Office10\runaccess.exe
O4 - GS\Desktop [Public]: Recovery Disc Creator.lnk . (.Toshiba Information Equipment(Hangzhou)Co., - TRDC Launcher for Vista.) -- C:\Program Files\Toshiba\Toshiba Recovery Disc Creator\TRDCLcher.exe
O4 - GS\Program [Public]: I.R.I.S. OCR Registration.lnk . (.I.R.I.S. Image Recognition Integarted Syste - Registration Wizard.) -- C:\Program Files\HP\Digital Imaging\DocProc\regipe.exe
O4 - GS\Program [Public]: QuickBooks Financial Center.lnk . (...) -- C:\Program Files\Intuit\QuickBooksFinancialCenter\intro.html
O4 - GS\Program [Public]: Safari.lnk . (...) -- C:\Windows\Installer\{FA4C2D53-205F-4245-9717-F3761154824D}\SafariIco.exe
O4 - GS\Program [Public]: Streamline Bridge.lnk . (...) -- C:\Program Files\Streamline Bridge\Streamline Bridge.exe
O4 - GS\Program [Public]: Transfer Manager.NET.lnk . (.IVANS - IVANS Transfer Manager User Interface..) -- C:\IVANS\TM.NET\TransMan.exe
O4 - GS\Program [Public]: Windows 7 Upgrade Advisor.lnk . (.Microsoft Corporation - Windows 7 Upgrade Advisor.) -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor\WindowsUpgradeAdvisor.exe
O4 - GS\QuickLaunch [Owner]: Apple Safari.lnk . (...) -- C:\Windows\Installer\{FA4C2D53-205F-4245-9717-F3761154824D}\SafariIco.exe
O4 - GS\QuickLaunch [Owner]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Owner]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Owner]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Owner]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Owner]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Owner]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Owner]: Auto - Shortcut.lnk . (...) -- C:\Users\Owner\Favorites\Auto
O4 - GS\Desktop [Owner]: Flood Ins sites - Shortcut.lnk . (...) -- C:\Users\Owner\Favorites\Flood Ins sites
O4 - GS\Desktop [Owner]: Homeowner Quote file - Shortcut.lnk . (...) -- C:\Users\Owner\Favorites\Homeowner Quote file
O4 - GS\Desktop [Owner]: triathlondominator - Shortcut.lnk . (...) -- C:\Users\Owner\Downloads\triathlondominator.zip
O4 - GS\Desktop [Owner]: Windows Update.lnk . (.Microsoft Corporation - Windows Update Application Launcher.) -- C:\Windows\system32\wuapp.exe
~ Global Startup: 82 Legitimates Filtered in 02mn AMs
---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [Public]: Intuit Data Protect.lnk . (.Intuit Inc. - Intuit Data Protect.) -- C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TosSENotify] . (.TOSHIBA Corporation - No Comment.) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [TWebCamera] . (.TOSHIBA - No Comment.) -- C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [Intuit SyncManager] . (.Intuit Inc. All rights reserved. - IntuitSyncManager.) -- C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
~ Application: Scanned in 00mn AMs
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn AMs
---\\ Site in Trusted Zone (O15)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.qqsolutions.com
~ IE Zone Confiance: Scanned in 02mn AMs
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B5000AA-FF92-48A3-A5FD-27C3B6EDA01C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC29B1CE-4902-4E90-8D00-37F4E4249330}: DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC29B1CE-4902-4E90-8D00-37F4E4249330}: DhcpDomain = McGixxer.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{6B5000AA-FF92-48A3-A5FD-27C3B6EDA01C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{DC29B1CE-4902-4E90-8D00-37F4E4249330}: DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{DC29B1CE-4902-4E90-8D00-37F4E4249330}: DhcpDomain = McGixxer.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{6B5000AA-FF92-48A3-A5FD-27C3B6EDA01C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{DC29B1CE-4902-4E90-8D00-37F4E4249330}: DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{DC29B1CE-4902-4E90-8D00-37F4E4249330}: DhcpDomain = McGixxer.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
~ Domain: Scanned in 00mn AMs
---\\ Extra protocols (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn AMs
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: !SASWinLogon . (...) -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (.not file.)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn AMs
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: QBCFMonitorService (QBCFMonitorService) . (.Intuit - QuickBooks Company File Monitoring Service.) - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: QBIDPService (QBVSS) . (.Intuit Inc. - QBIDPService.) - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
~ Services: 18 Legitimates Filtered in 05mn AMs
---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Windows\web\wallpaper\TOSHIBA-3.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Windows\web\wallpaper\TOSHIBA-3.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn AMs
---\\ Task Planned Automatically (039)
[MD5.B0EC253506BEE5CC1B004CD0E7A698E9] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe [135368] =>Toolbar.Ask
[MD5.1CA0892FF3307DB86486D8FDB1E0698B] [APT] [{CFD08AE2-57B0-43E9-AE71-5E7B12D19BB9}] (...) -- C:\QuickFL\Install.exe [135168]
~ Scheduled Task: 13 Legitimates Filtered in 04mn AMs
 
---\\ Software installed (O42)
O42 - Logiciel: AL3 Download Client - (...) [HKLM] -- {D84DF348-966B-4DDD-BE3A-128BC9129505}
O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE} =>Toolbar.Ask
O42 - Logiciel: Ask Toolbar Updater - (.Ask.com.) [HKCU] -- {79A765E1-C399-405B-85AF-466F52E918B0} =>Toolbar.Ask
O42 - Logiciel: Cycling-Secrets v1.0 - (.Catad83.) [HKLM] -- Cycling-Secrets_is1
O42 - Logiciel: DYMO Stamps - (.Endicia Internet Postage.) [HKLM] -- DYMO Stamps
O42 - Logiciel: DYMO Stamps - (.Endicia Internet Postage.) [HKLM] -- DYMO Stamps.exe
O42 - Logiciel: MeadCo ScriptX (v7.1.0.60 (x86)) - (.Mead & Co Ltd..) [HKLM] -- {BC15EFA7-97B7-43A3-A293-5117EC3C1A86}
O42 - Logiciel: Mr Smooth v1.0 - (.Swim Smooth.) [HKLM] -- Mr Smooth_is1
O42 - Logiciel: MrSmooth - (.Swim Smooth (Swim Smooth UK).) [HKLM] -- {AF81A6CC-F27F-2E0C-8B9A-5F6DA8687E0E}
O42 - Logiciel: Progressive Downloader Plus - (.Progressive Insurance.) [HKCU] -- cf8ca50d45e159d3
O42 - Logiciel: QuickBooks - (.Intuit Inc..) [HKLM] -- {25E202D1-D8E7-46AF-B4B0-157D9993A93E}
O42 - Logiciel: QuickBooks Financial Center - (.Intuit Inc..) [HKLM] -- {890EF3F8-742F-46BD-9E8E-084B3A1F4364}
O42 - Logiciel: QuickBooks Pro 2012 - (.Intuit Inc..) [HKLM] -- {22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}
O42 - Logiciel: QuickFile Florida - (.QuickQuote.) [HKLM] -- QuickFile Florida
O42 - Logiciel: Shop to Win 4 - (...) [HKLM] -- Shop to Win 4 =>Adware.ShopToWin
O42 - Logiciel: TEAM-UP Download - (.Connective Technologies, Inc..) [HKCU] -- TEAM-UP Download
O42 - Logiciel: Total Access Memo 2003 Runtime - (...) [HKLM] -- Total Access Memo 2003 Runtime
O42 - Logiciel: Transfer Manager.NET - (...) [HKLM] -- {287CDCFB-36A4-44A4-9B49-26A95C85B4AD}
~ Logic: 35 Legitimates Filtered in 01mn AMs
---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN]
[HKCU\Software\Ask.com]
[HKCU\Software\Endicia]
[HKCU\Software\GNworks]
[HKCU\Software\KZF6cA]
[HKCU\Software\MeadCo]
[HKCU\Software\QuickBooks PDF Converter 3.0]
[HKCU\Software\QuickBooks PDF Converter]
[HKCU\Software\QuickQuote DO NOT DELETE]
[HKCU\Software\Wal-Mart]
[HKLM\Software\APN]
[HKLM\Software\AskToolbar]
[HKLM\Software\Cyclist]
[HKLM\Software\Endicia]
[HKLM\Software\IVANS]
[HKLM\Software\KZF6cA]
[HKLM\Software\MeadCo]
[HKLM\Software\QuickQuote]
[HKLM\Software\Symbience]
[HKLM\Software\TotalRecipeSearch_14EI]
~ Key Software: 381 Legitimates Filtered in 01mn AMs
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 10/22/2012 - 3:54:46 PM - [3.489] ----D C:\Program Files\Ask.com
O43 - CFD: 3/4/2011 - 4:42:08 PM - [7.027] ----D C:\Program Files\Cycling Secrets
O43 - CFD: 2/25/2014 - 5:31:24 PM - [15.299] ----D C:\Program Files\DYMO Label
O43 - CFD: 4/26/2012 - 4:03:04 PM - [9.240] ----D C:\Program Files\DYMO Stamps
O43 - CFD: 3/28/2013 - 4:43:26 PM - [0.285] ----D C:\Program Files\MeadCo ScriptX
O43 - CFD: 4/15/2011 - 3:03:16 PM - [163.417] ----D C:\Program Files\Midland LifeSolutions
O43 - CFD: 1/17/2012 - 4:38:22 PM - [44.415] ----D C:\Program Files\Mr Smooth
O43 - CFD: 1/17/2012 - 4:38:54 PM - [28.933] ----D C:\Program Files\MrSmooth
O43 - CFD: 11/8/2009 - 6:02:25 PM - [34.633] ----D C:\Program Files\QuickQuote
O43 - CFD: 11/8/2009 - 6:02:27 PM - [18.856] ----D C:\Program Files\QuickQuoteA2k2 Runtime
O43 - CFD: 10/22/2012 - 3:54:36 PM - [0.100] ----D C:\Program Files\Smart PC Cleaner =>Rogue.SmartPCCleaner
O43 - CFD: 5/11/2011 - 9:15:11 AM - [0.615] ----D C:\Program Files\Symbience
O43 - CFD: 3/28/2013 - 4:43:27 PM - [6.820] ----D C:\Program Files\Common Files\MeadCo ScriptX
O43 - CFD: 12/20/2011 - 4:55:58 PM - [0] ----D C:\ProgramData\Bomgar-SCC-4EF10069
O43 - CFD: 11/8/2009 - 6:04:09 PM - [0.255] ----D C:\ProgramData\Partner
O43 - CFD: 2/7/2013 - 9:46:36 AM - [0.034] ----D C:\ProgramData\ProgressiveInsurance
O43 - CFD: 10/19/2012 - 11:50:29 AM - [0] ----D C:\Users\Owner\AppData\Roaming\DefaultTab =>Adware.Bandoo
O43 - CFD: 3/16/2010 - 11:14:23 AM - [0.015] ----D C:\Users\Owner\AppData\Roaming\DYMO Stamps
O43 - CFD: 12/19/2011 - 11:28:56 AM - [0] ----D C:\Users\Owner\AppData\Roaming\Idelni
O43 - CFD: 1/17/2012 - 4:41:11 PM - [0.000] ----D C:\Users\Owner\AppData\Roaming\MrSmooth.1F1C2CE6230412E7752D206B573506D8446D8E6A.1
O43 - CFD: 10/18/2012 - 2:44:09 PM - [0] ----D C:\Users\Owner\AppData\Roaming\Smart PC Cleaner =>Rogue.SmartPCCleaner
O43 - CFD: 6/22/2012 - 8:32:44 AM - [0] ----D C:\Users\Owner\AppData\Roaming\Tutysy
O43 - CFD: 1/6/2014 - 4:32:51 PM - [0.222] ----D C:\Users\Owner\AppData\Local\GNworks
O43 - CFD: 3/20/2014 - 1:02:45 PM - [0] ----D C:\Users\Owner\AppData\Local\IAC
O43 - CFD: 3/4/2011 - 4:42:05 PM - [5.369] ----D C:\Users\Owner\AppData\Local\lptmp1284 =>Adware.Incredibar
O43 - CFD: 2/7/2013 - 9:45:38 AM - [0.000] ----D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Progressive Insurance
O43 - CFD: 11/24/2009 - 1:18:23 PM - [0.002] ----D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TEAM-UP Download
~ 1181 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 1475 Legitimates Filtered in 50mn AMs
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.316DF50A505C84138DA4551BB65BA937] - 4/11/2014 - 10:22:45 AM ---A- . (...) -- C:\Windows\System32\GDIPFONTCACHEV1.DAT [129296]
O44 - LFC:[MD5.8EC7C02DF8508F9336F9837E33681440] - 4/14/2014 - 4:48:31 PM ---A- . (...) -- C:\Windows\System32\rpcnetp.dll [17408]
O44 - LFC:[MD5.F9B8748B14F1FDCFEC0E78254ED849D7] - 4/14/2014 - 8:08:12 PM ---A- . (...) -- C:\Windows\System32\rpcnetp.exe [17408]
O44 - LFC:[MD5.697681D23913D175B4DA2849C4F97DE0] - 4/14/2014 - 9:47:19 PM ---A- . (...) -- C:\Windows\win.ini [275]
~ Files: 19 Legitimates Filtered in 02mn AMs
---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
~ ShellExecuteHooks: Scanned in 00mn AMs
---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\GNworks Update [Key] . (...) -- :\Users\Owner\AppData\Local\GNworks\ep0lvraa.dll (.not file.)
O53 - SMSR:HKLM\...\startupreg\QUICKDOWNLOAD [Key] . (.QuickQuote - QuickDownload for QuickFile.) -- C:\QuickFL\QuickDownload\QuickDownload.exe
~ SMSR Keys: 15 Legitimates Filtered in 00mn AMs
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 18 Legitimates Filtered in 00mn AMs
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 7/13/2009 - 7:20:28 PM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.40725D93E5B7806F824715C3211CEDB1] - 7/3/2009 - 11:45:03 AM RSHA- . (...) -- C:\Windows\System32\Drivers\fbd.sys [13]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 7/13/2009 - 4:54:14 PM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.CB5D13966F74D7F000724A907F614193] - 5/17/2011 - 3:44:44 PM ---A- . (.http://libusb-win32.sourceforge.net - LibUSB-Win32 - Kernel Driver.) -- C:\Windows\System32\Drivers\libusb0.sys [35776]
O58 - SDL:[MD5.35045BC673E74FE0E8AA89BC16D50FBB] - 12/17/2008 - 8:48:36 PM ---A- . (.01 Communique Laboratory Inc. - RDesktop video mirror driver.) -- C:\Windows\System32\Drivers\rdsdrvdm.sys [27648]
O58 - SDL:[MD5.0D60B8C10A2C5E8DD620B3FDEB1CDA64] - 4/23/2007 - 11:50:50 AM ---A- . (.Windows (R) Codename Longhorn DDK provider - Realtek Utility I/O Driver.) -- C:\Windows\System32\Drivers\RtlProt.sys [25896]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 7/13/2009 - 7:19:04 PM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.483EBB6E4E5883180F3555BD70F9CFA2] - 7/3/2009 - 11:44:37 AM RSHA- . (...) -- C:\Windows\System32\Drivers\taishop.sys [4]
O58 - SDL:[MD5.6E421CCC57059B0186C6259CA3B6DFC9] - 12/13/2012 - 1:50:38 PM ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [45056]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 7/13/2009 - 3:40:41 PM ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 7/13/2009 - 3:40:44 PM ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 7/13/2009 - 3:40:40 PM ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 7/13/2009 - 3:40:43 PM ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 7/13/2009 - 3:40:43 PM ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 7/13/2009 - 3:40:23 PM ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 7/13/2009 - 3:40:31 PM ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 7/13/2009 - 3:40:35 PM ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 7/13/2009 - 3:40:39 PM ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 7/13/2009 - 3:40:27 PM ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 7/13/2009 - 3:40:11 PM ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 7/13/2009 - 3:40:15 PM ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 7/13/2009 - 3:40:17 PM ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 7/13/2009 - 3:40:19 PM ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 7/13/2009 - 3:40:13 PM ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 18 Legitimates Filtered in 04mn AMs
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn AMs
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn AMs
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <Safari.exe> <Safari>[HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files\Safari\Safari.exe
~ Keys: Scanned in 00mn AMs
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {2EF7CAFC-C3FD-4487-882E-879E5DE88ED1} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask
O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {75C98131-54C0-4002-B3A9-391BC15BA6E3} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {AD161361-68EB-41ED-8FC6-02F123AB7811} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {EE82F532-66A2-4785-A208-6C8060CD3F56} - (Yahoo! Search) - http://search.yahoo.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {E7301C61-00BC-4E42-B058-93A08E3B5BC6} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {E7301C61-00BC-4E42-B058-93A08E3B5BC6} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn AMs
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.59CA06DE9201457DBA4401016440A88B] [SPRF][8/18/2010] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.EDE73F719C7DB22B8EB1E535963C6134] [SPRF][9/18/2013] (...) -- C:\Users\Owner\AppData\Roaming\wklnhst.dat [4424]
~ Files: 4 Legitimates Filtered in 00mn AMs
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "UDP Query User{AC99B712-7A19-4F3B-B35A-4E776F83CA76}C:\users\owner\documents\ctmweb24863-44902[1]\ctmweb.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\owner\documents\ctmweb24863-44902[1]\ctmweb.exe (.not file.)
O87 - FAEL: "TCP Query User{5DDE23C5-21A1-40D7-A200-F719DE233DF0}C:\users\owner\documents\ctmweb24863-44902[1]\ctmweb.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\owner\documents\ctmweb24863-44902[1]\ctmweb.exe (.not file.)
O87 - FAEL: "UDP Query User{5A14633B-6825-4487-B1B7-A519B94A466B}C:\users\owner\appdata\local\temp\temp1_ctmweb24863-44902[1].zip\ctmweb.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\owner\appdata\local\temp\temp1_ctmweb24863-44902[1].zip\ctmweb.exe (.not file.)
O87 - FAEL: "TCP Query User{4AD48A11-6358-4361-95EB-CBB39C9FAB15}C:\users\owner\appdata\local\temp\temp1_ctmweb24863-44902[1].zip\ctmweb.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\owner\appdata\local\temp\temp1_ctmweb24863-44902[1].zip\ctmweb.exe (.not file.)
O87 - FAEL: "{5BD8D2DA-FF44-496B-AB8D-D22002810D1F}" |In - None - P17 - TRUE | .(...) -- D:\setup\hpznui01.exe (.not file.)
O87 - FAEL: "{0535378D-A0FA-4F09-86B1-0FE1CC9E51BA}" |In - Private - P6 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\7zS7906.tmp\SymNRT.exe (.not file.)
O87 - FAEL: "{F41BA4B3-8952-4CEA-B33B-7D5441726757}" |In - Private - P17 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\7zS7906.tmp\SymNRT.exe (.not file.)
O87 - FAEL: "{0C0920E4-DE45-47D7-BD44-D0964944AF46}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\migD2CD.tmp\migwiz.exe (.not file.)
O87 - FAEL: "{64AEA52C-817A-4006-B592-4371566D83DD}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\migD2CD.tmp\migwiz.exe (.not file.)
O87 - FAEL: "{F2A66A9B-E2B9-462F-BA78-E5916A2FBAB0}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\mig1539.tmp\migwiz.exe (.not file.)
O87 - FAEL: "{36A7B2D9-8963-4740-97FF-A91DE2D730EC}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\mig1539.tmp\migwiz.exe (.not file.)
O87 - FAEL: "{71B4641F-DB20-4FE9-8D10-1C5F57814726}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\mig26CA.tmp\migwiz.exe (.not file.)
O87 - FAEL: "{1439BC5B-48DE-493C-9E6B-0F225540F66D}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\mig26CA.tmp\migwiz.exe (.not file.)
O87 - FAEL: "{0E7D93F9-993C-4D2A-864E-E7420F9FB744}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\mig6AE8.tmp\migwiz.exe (.not file.)
O87 - FAEL: "{6259A0DE-CC78-4FCB-8CA3-C1A3E9776F41}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\mig6AE8.tmp\migwiz.exe (.not file.)
~ Firewall: 240 Legitimates Filtered in 01mn AMs
---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "07A917B4A41Fc5f4095B43B6427BFF1F" . (.Windows 7 Upgrade Advisor.) -- C:\Windows\Installer\{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}\WuaIcon
O90 - PUC: "15CEC5CCF6CBA6841BAABE8254159ABE" . (.Bing Bar.) -- C:\Windows\Installer\{CC5CEC51-BC6F-486A-B1AA-EB284551A9EB}\icon_installer_ico =>Toolbar.Bing
O90 - PUC: "7AFE51CB7B793A342A391571CEC3A168" . (.MeadCo ScriptX (v7.1.0.60 (x86)).) -- C:\Windows\Installer\{BC15EFA7-97B7-43A3-A293-5117EC3C1A86}\scriptx.ico
O90 - PUC: "8F3FE098F247DB64E9E880B4A3F13446" . (.QuickBooks Financial Center.) -- C:\Windows\Installer\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}\ARPPRODUCTICON.exe
O90 - PUC: "A28B4D68DEBAA244EB686953B7074FEF" . (.Ask Toolbar.) -- c:\program files\ask.com\fv_4fd8.ico =>Toolbar.Ask
~ Update Products: 186 Legitimates Filtered in 00mn AMs
---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.0698B8D780313EC9D0193A830EFEFA45] [WIS][9/23/2010] (.Midland National - Blank Project Template.) -- C:\Windows\Installer\16e169d.msi [413696]
[MD5.4F27D023E0866265CC6F94D5AC1CC915] [WIS][1/17/2012] (.Swim Smooth (Swim Smooth UK) - MrSmooth.) -- C:\Windows\Installer\19ad4ec.msi [20992]
[MD5.CDA6735D856716E986CC696C529500A3] [WIS][8/11/2009] (.Xobni, Inc. - Xobni Core DLL Installer.) -- C:\Windows\Installer\1b78765.msi [110080]
[MD5.86AB4434F55A5CF91518A6A409686C5C] [WIS][1/17/2013] (.Mead & Co Ltd. - MeadCo ScriptX (v7.1.0.60 (x86)).) -- C:\Windows\Installer\1c7220d.msi [3289088]
[MD5.0952E366FA5A3F55C764671E26751C1B] [WIS][6/28/2013] (.FINIS Inc. - Streamline Bridge.) -- C:\Windows\Installer\1ea99b.msi [30208]
[MD5.A37F36438EEB1CB7C1B99F1D33A5F6A5] [WIS][8/21/2013] (.Trusteer - Rapport.) -- C:\Windows\Installer\22c4d.msi [27512832]
[MD5.EA0A7CBE9AC324AB6C3AE3A534A87F1F] [WIS][5/3/2009] (.Corel Corporation - Blank Project Template.) -- C:\Windows\Installer\3468c.msi [7713792]
[MD5.31CD01FA948F6FBE9037F795E0636D34] [WIS][5/3/2009] (.Intuit Inc. - QuickBooks Financial Center.) -- C:\Windows\Installer\39549.msi [1591808]
[MD5.C53594D201D7D297B404E2DEB2C461BA] [WIS][6/16/2009] (.Realtek - Blank Project Template.) -- C:\Windows\Installer\3afe2.msi [5738496]
[MD5.25C4A5F7A8708BAD15A64E5B8DF333CD] [WIS][8/13/2012] (.Ask.com - Blank Project Template.) -- C:\Windows\Installer\dc1fb9.msi [3809280]
[MD5.5084B956DCCD3E1E0289B6809D79EC64] [WIS][9/10/2009] (.MPM - MPM.) -- C:\Windows\Installer\e35644.msi [144384]
[MD5.559583F3F0F090A5A192DE092222E7C4] [WIS][3/14/2012] (.Intuit Inc. - QuickBooks.) -- C:\Windows\Installer\e4372a.msi [49439284]
~ WIS: 194 Legitimates Filtered in 25mn AMs
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\dealioToolbarInstall_RASAPI32 =>PUP.Dealio
HKLM\SOFTWARE\Microsoft\Tracing\dealioToolbarInstall_RASMANCS =>PUP.Dealio
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_D370CDE96771667E_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_D370CDE96771667E_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32 =>Adware.SearchSettings
HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS =>Adware.SearchSettings
~ BTK: 367 Legitimates Filtered in 00mn AMs
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google
[HKCR\CLSID\{4C82B29E-294C-394A-B6F4-8BD92BEEF1BA}] (Intuit.SBD.ERDownloader.ExchangeRateDownloaderException) =>PUP.SoftwareEngine
[HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
[HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] (Ask Toolbar) =>Toolbar.Ask
~ BCK: 7524 Legitimates Filtered in 12mn AMs
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 4/11/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 2/15/2011 183560 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\BBSvc.exe =>Toolbar.Bing
SS - | Demand 4/16/2010 246520 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
SS - | Auto 2/4/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 2/4/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 10/23/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 11/14/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
SS - | Demand 10/19/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 3/14/2012 61440 | (QBFCService) . (.Intuit Inc..) - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
SS - | Demand 7/13/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Disabled 8/11/2009 39424 | (XobniService) . (.Xobni Corporation.) - C:\Program Files\Xobni\XobniService.exe
SR - | Auto 3/18/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SR - | Auto 12/18/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 3/27/2009 14336 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agrsmsvc.exe
SR - | Auto 9/7/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 8/30/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 4/16/2009 20544 | (camsvc) . (.TOSHIBA.) - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
SR - | Auto 8/10/2009 185712 | (cfWiMAXService) . (.TOSHIBA CORPORATION.) - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
SR - | Auto 3/10/2009 46448 | (ConfigFree Service) . (.TOSHIBA CORPORATION.) - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
SR - | Demand 7/13/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 7/13/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 7/13/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 10/19/2006 61440 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 3/11/2014 22216 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 7/13/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 7/13/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 6/5/2012 45056 | (QBCFMonitorService) . (.Intuit.) - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
SR - | Auto 3/14/2012 1248256 | (QBVSS) . (.Intuit Inc..) - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
SR - | Auto 1/5/2014 69792 | (rpcnet) . (.Absolute Software Corp..) - C:\Windows\system32\rpcnet.exe
SR - | Auto 2/19/2009 57344 | (RSELSVC) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
SR - | Auto 2/14/2011 249648 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\BingBar\SeaPort.exe =>Toolbar.Bing
SR - | Auto 4/1/2009 62776 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =>.Toshiba Corporation
SR - | Auto 7/28/2009 128344 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe
SR - | Auto 4/14/2009 176128 | (TOSHIBA eco Utility Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TECO\TecoService.exe =>.Toshiba Corporation
SR - | Demand 8/3/2009 111960 | (TOSHIBA HDD SSD Alert Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
SR - | Auto 4/9/2009 656752 | (TPCHSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
SR - | Auto 7/13/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 13mn AMs
---\\ Scan Additionnel (O88)
Database Version : 13044 - (4/13/2014)
Clés trouvées (Keys found) : 51
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 9
Fichiers trouvés (Files found) : 6
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Ask^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] =>Toolbar.Ask^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}] =>Toolbar.Ask^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Shop to Win 4] =>Adware.ShopToWin^
[HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}] =>Toolbar.Ask
[HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask
[HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Toolbar.Ask
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd] =>Toolbar.Ask
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
[HKCU\Software\APN] =>Toolbar.Ask
[HKLM\Software\APN] =>Toolbar.Ask
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater] =>Toolbar.Ask
[HKCU\Software\Ask.com] =>Toolbar.AskBar
[HKCU\Software\AppDataLow\Software\AskToolbar] =>Toolbar.AskTBar
[HKLM\Software\AskToolbar] =>Toolbar.AskTBar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Tracing\apnstub_RASAPI32] =>Toolbar.Ask
[HKLM\Software\Microsoft\Tracing\apnstub_RASMANCS] =>Toolbar.Ask
[HKLM\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32] =>Toolbar.Ask
[HKLM\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs] =>Toolbar.Ask
[HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector
[HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.Ask^
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{00000000-6E41-4FD3-8538-502F5495E5FC} =>Adware.ShopperReports
C:\Program Files\Smart PC Cleaner =>Rogue.SmartPCCleaner^
C:\Users\Owner\AppData\Roaming\DefaultTab =>Adware.Bandoo^
C:\Users\Owner\AppData\Roaming\Smart PC Cleaner =>Rogue.SmartPCCleaner^
C:\Users\Owner\AppData\Local\lptmp1284 =>Adware.Incredibar^
C:\Program Files\Ask.com =>Toolbar.AskBar
C:\ProgramData\Partner =>Spyware.Partner
C:\Users\Owner\AppData\LocalLow\AskToolbar =>Toolbar.AskTBar
C:\Users\Owner\AppData\LocalLow\FunWebProducts =>Adware.MyWebSearch
C:\Users\Owner\AppData\LocalLow\MyWebSearch =>Adware.MyWebSearch
C:\Program Files\Ask.com\UpdateTask.exe =>Toolbar.Ask^
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google^
[HKCR\CLSID\{4C82B29E-294C-394A-B6F4-8BD92BEEF1BA}] (Intuit.SBD.ERDownloader.ExchangeRateDownloaderException) =>PUP.SoftwareEngine^
[HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
[HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] (Ask Toolbar) =>Toolbar.Ask^
~ Additionnel Scan: 479529 Items scanned in 34mn AMs
---\\ Summary of the detections found on your workstation
http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
http://nicolascoolman.webs.com/apps/blog/show/32151568-adware-shoptowin =>Adware.ShopToWin
http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
http://nicolascoolman.webs.com/apps/blog/show/26898222-adware-incredibar =>Adware.Incredibar
http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio
http://nicolascoolman.webs.com/apps/blog/show/27529295-adware-searchsettings =>Adware.SearchSettings
http://nicolascoolman.webs.com/apps/blog/show/29758660-pup-softwareengine =>PUP.SoftwareEngine
http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector =>PUP.BProtector
http://nicolascoolman.webs.com/apps/blog/show/28193283-spyware-partner =>Spyware.Partner
~ MSI: 10 link(s) detected in 00mn AMs
~ 2666 Legitimates filtered by white list
End of the scan (697 lines in 49mn AMs)(0)
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
I hope that's everything, because I sure don't want to waste time or make things harder for anyone kind enough to help complete strangers with a problem. But If I have done something wrong, please let me know and I will try my hardest to get it correct. I'm at my wits end with this virus, I've been trying to remove it for 3 days with no luck.
 
TDDS Log Part 1
23:25:31.0123 0x0e34 TDSS rootkit removing tool 3.0.0.31 Apr 11 2014 08:55:10
23:25:31.0887 0x0e34 ============================================================
23:25:31.0887 0x0e34 Current date / time: 2014/04/14 23:25:31.0887
23:25:31.0887 0x0e34 SystemInfo:
23:25:31.0887 0x0e34
23:25:31.0887 0x0e34 OS Version: 6.1.7600 ServicePack: 0.0
23:25:31.0887 0x0e34 Product type: Workstation
23:25:31.0887 0x0e34 ComputerName: OWNER-PC
23:25:31.0887 0x0e34 UserName: Owner
23:25:31.0887 0x0e34 Windows directory: C:\Windows
23:25:31.0887 0x0e34 System windows directory: C:\Windows
23:25:31.0887 0x0e34 Processor architecture: Intel x86
23:25:31.0887 0x0e34 Number of processors: 2
23:25:31.0887 0x0e34 Page size: 0x1000
23:25:31.0887 0x0e34 Boot type: Normal boot
23:25:31.0887 0x0e34 ============================================================
23:25:31.0903 0x0e34 BG loaded
23:25:32.0121 0x0e34 System UUID: {77C2BDAB-12BF-08F4-08A4-CA075466D6F2}
23:25:33.0759 0x0e34 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:25:33.0822 0x0e34 ============================================================
23:25:33.0822 0x0e34 \Device\Harddisk0\DR0:
23:25:33.0869 0x0e34 MBR partitions:
23:25:33.0869 0x0e34 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23F93800
23:25:33.0869 0x0e34 ============================================================
23:25:33.0915 0x0e34 C: <-> \Device\Harddisk0\DR0\Partition1
23:25:33.0915 0x0e34 ============================================================
23:25:33.0915 0x0e34 Initialize success
23:25:33.0915 0x0e34 ============================================================
23:26:22.0485 0x0f14 ============================================================
23:26:22.0485 0x0f14 Scan started
23:26:22.0485 0x0f14 Mode: Manual;
23:26:22.0485 0x0f14 ============================================================
23:26:22.0485 0x0f14 KSN ping started
23:26:24.0966 0x0f14 KSN ping finished: true
23:26:32.0127 0x0f14 ================ Scan system memory ========================
23:26:32.0127 0x0f14 Scan was interrupted by user!
23:26:32.0486 0x0f14 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.5.216.0 ), 0x60000 ( disabled : updated )
23:26:32.0486 0x0f14 Win FW state via NFP2: enabled
23:26:35.0107 0x0f14 ============================================================
23:26:35.0107 0x0f14 Scan finished
23:26:35.0107 0x0f14 ============================================================
23:26:35.0107 0x0c20 Detected object count: 0
23:26:35.0107 0x0c20 Actual detected object count: 0
23:26:44.0373 0x060c ============================================================
23:26:44.0373 0x060c Scan started
23:26:44.0373 0x060c Mode: Manual;
23:26:44.0373 0x060c ============================================================
23:26:44.0373 0x060c KSN ping started
23:26:46.0947 0x060c KSN ping finished: true
23:26:48.0039 0x060c ================ Scan system memory ========================
23:26:48.0039 0x060c System memory - ok
23:26:48.0039 0x060c ================ Scan services =============================
23:26:48.0476 0x060c [ 6D2ACA41739BFE8CB86EE8E85F29697D, 74A4F53C8309A8E5E94CDE4D440DD5308566185E6D8D98FD08E70A25BD728C91 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
23:26:48.0476 0x060c 1394ohci - ok
23:26:49.0194 0x060c [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
23:26:49.0194 0x060c ACDaemon - ok
23:26:49.0272 0x060c [ F0E07D144C8685B8774BC32FC8DA4DF0, 39816ED2623CA9ABE2B2EDCDB2F8481634742F00FEEF7E324F34D2BAAD668A67 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
23:26:49.0287 0x060c ACPI - ok
23:26:49.0381 0x060c [ 98D81CA942D19F7D9153B095162AC013, ACE5C073323176621F3312AA9B1EE1A3382F8CDD590D90DC57B34035FD6BC281 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
23:26:49.0396 0x060c AcpiPmi - ok
23:26:50.0114 0x060c [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:26:50.0114 0x060c AdobeARMservice - ok
23:26:50.0551 0x060c [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:26:50.0551 0x060c AdobeFlashPlayerUpdateSvc - ok
23:26:50.0644 0x060c [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:26:50.0676 0x060c adp94xx - ok
23:26:50.0754 0x060c [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:26:50.0754 0x060c adpahci - ok
23:26:50.0800 0x060c [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:26:50.0816 0x060c adpu320 - ok
23:26:50.0894 0x060c [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:26:50.0910 0x060c AeLookupSvc - ok
23:26:51.0081 0x060c [ 0DB7A48388D54D154EBEC120461A0FCD, 567B65F96ADE0E8252B7D8CE7F254CB8054C3AE4BC3577C394EFDEF8D8A61427 ] AFD C:\Windows\system32\drivers\afd.sys
23:26:51.0081 0x060c AFD - ok
23:26:51.0222 0x060c [ 6416F9B6B220F0A890525C38235AFAD7, C2A643E1BA75CD00C1C7F62475A7122AA95530A835AE62CF0FD9EADFA07B7EBD ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
23:26:51.0222 0x060c AgereModemAudio - ok
23:26:51.0284 0x060c [ 07758C2196A62F207F77556311E7459A, E63C4BE29CA03907FC8E23D65D1D6CF517D22AA7F5C341E42777101AF1CAB2D9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
23:26:51.0315 0x060c AgereSoftModem - ok
23:26:51.0705 0x060c [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
23:26:51.0705 0x060c agp440 - ok
23:26:52.0126 0x060c [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
23:26:52.0142 0x060c aic78xx - ok
23:26:52.0329 0x060c [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
23:26:52.0345 0x060c ALG - ok
23:26:52.0454 0x060c [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
23:26:52.0470 0x060c aliide - ok
23:26:52.0610 0x060c [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
23:26:52.0610 0x060c amdagp - ok
23:26:52.0657 0x060c [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
23:26:52.0657 0x060c amdide - ok
23:26:52.0766 0x060c [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:26:52.0766 0x060c AmdK8 - ok
23:26:52.0813 0x060c [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:26:52.0813 0x060c AmdPPM - ok
23:26:53.0078 0x060c [ 19CE906B4CDC11FC4FEF5745F33A63B6, 27BF91DB1FDC81CFCF0E0DCFD3C4AD51FCFB778D36F1E83105C2AFCF6851A4DF ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:26:53.0078 0x060c amdsata - ok
23:26:53.0265 0x060c [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:26:53.0265 0x060c amdsbs - ok
23:26:53.0296 0x060c [ 869E67D66BE326A5A9159FBA8746FA70, 8F493A340F19FB39B5BD24EF8603812BECE7770544AB91817FF67236448569CB ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:26:53.0296 0x060c amdxata - ok
23:26:53.0328 0x060c [ FEB834C02CE1E84B6A38F953CA067706, E5A7F8B632ABFBD1283C3D44FB02449814EDB653B204E1720DAA780A6D64FD01 ] AppID C:\Windows\system32\drivers\appid.sys
23:26:53.0328 0x060c AppID - ok
23:26:53.0421 0x060c [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:26:53.0421 0x060c AppIDSvc - ok
23:26:53.0437 0x060c [ 7DEAD9E3F65DCB2794F2711003BBF650, F541C30EEFD1BDB70F361B878B6E51DC728873695DD137148CE531FBACCDA21B ] Appinfo C:\Windows\System32\appinfo.dll
23:26:53.0437 0x060c Appinfo - ok
23:26:53.0608 0x060c [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:26:53.0608 0x060c Apple Mobile Device - ok
23:26:53.0874 0x060c [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
23:26:53.0874 0x060c arc - ok
23:26:53.0952 0x060c [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:26:53.0952 0x060c arcsas - ok
23:26:54.0435 0x060c [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:26:54.0529 0x060c aspnet_state - ok
23:26:54.0560 0x060c [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:26:54.0560 0x060c AsyncMac - ok
23:26:54.0638 0x060c [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\DRIVERS\atapi.sys
23:26:54.0638 0x060c atapi - ok
23:26:54.0763 0x060c [ 510C873BFA135AA829F4180352772734, BC528D840EB338B0C5D11801C63D8EADD40AF8043DC77ACB4B42E8D20767538F ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:26:54.0778 0x060c AudioEndpointBuilder - ok
23:26:54.0825 0x060c [ 510C873BFA135AA829F4180352772734, BC528D840EB338B0C5D11801C63D8EADD40AF8043DC77ACB4B42E8D20767538F ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:26:54.0841 0x060c Audiosrv - ok
23:26:54.0903 0x060c [ DD6A431B43E34B91A767D1CE33728175, 8BFF6474C9DFBEC96FA7B2789EF9B17C7910B52DBCF70CDA1F0C698CFA5EFB6E ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:26:54.0919 0x060c AxInstSV - ok
23:26:54.0997 0x060c [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
23:26:55.0028 0x060c b06bdrv - ok
23:26:55.0153 0x060c [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
23:26:55.0168 0x060c b57nd60x - ok
23:26:55.0418 0x060c [ 66E66FD5A83C8BBFB791D14246D84015, D1814B71DE284C9806962341888FE0641B2740190AF63FA05FF0EC594F105916 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
23:26:55.0418 0x060c BBSvc - ok
23:26:55.0527 0x060c [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
23:26:55.0527 0x060c BDESVC - ok
23:26:55.0652 0x060c [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
23:26:55.0652 0x060c Beep - ok
23:26:55.0730 0x060c [ 85AC71C045CEB054ED48A7841AAE0C11, BA0C0CC50E5C49838116AC9A12A7CF1A683601FD08D3CF6EC06620C51C0806FF ] BFE C:\Windows\System32\bfe.dll
23:26:55.0746 0x060c BFE - ok
23:26:55.0839 0x060c [ 53F476476F55A27F580661BDE09C4EC4, 90DFBF97F011CFF41D2CFA2E33978BC746A7E693AC75EED1436130C4F10B4E67 ] BITS C:\Windows\system32\qmgr.dll
23:26:55.0902 0x060c BITS - ok
23:26:55.0933 0x060c [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:26:55.0933 0x060c blbdrive - ok
23:26:56.0073 0x060c [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:26:56.0089 0x060c Bonjour Service - ok
23:26:56.0151 0x060c [ 9A5C671B7FBAE4865149BB11F59B91B2, BE1D5901CB8EF20E34F711D6451BDFBCA4BD65AFAD6028964C5CE1673D94FBAD ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:26:56.0151 0x060c bowser - ok
23:26:56.0214 0x060c [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:26:56.0214 0x060c BrFiltLo - ok
23:26:56.0229 0x060c [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:26:56.0229 0x060c BrFiltUp - ok
23:26:56.0323 0x060c [ A0E691DC6589D4D2CBE373171D1A49E5, 66BAED3EF7AFE0FB4304FC97ABE2BB106ADE1A956F89DCB52E70F30239461D05 ] Browser C:\Windows\System32\browser.dll
23:26:56.0323 0x060c Browser - ok
23:26:56.0370 0x060c [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:26:56.0385 0x060c Brserid - ok
23:26:56.0463 0x060c [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:26:56.0463 0x060c BrSerWdm - ok
23:26:56.0588 0x060c [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:26:56.0588 0x060c BrUsbMdm - ok
23:26:56.0604 0x060c [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:26:56.0604 0x060c BrUsbSer - ok
23:26:56.0635 0x060c [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:26:56.0635 0x060c BTHMODEM - ok
23:26:56.0682 0x060c [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
23:26:56.0697 0x060c bthserv - ok
23:26:56.0947 0x060c [ F1140ED3A1E1D6824A63F27AFD9EEF32, AF40AA352857A4161B500C404B88DEBD41E0A06640393B57CD5FD14E325BBE97 ] camsvc C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
23:26:56.0947 0x060c camsvc - ok
23:26:57.0150 0x060c catchme - ok
23:26:57.0228 0x060c [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:26:57.0228 0x060c cdfs - ok
23:26:57.0306 0x060c [ BA6E70AA0E6091BC39DE29477D866A77, A17A68BDA46995F75FB1C2C593A81CD3B2BFE290CEAA45FA2380DDF5537A23C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:26:57.0306 0x060c cdrom - ok
23:26:57.0399 0x060c [ 628A9E30EC5E18DD5DE6BE4DBDC12198, DDA43DCCB195440D6BD5752BD00D984F45BD6D23DBE2A656C33E3CD1E5D17AD7 ] CertPropSvc C:\Windows\System32\certprop.dll
23:26:57.0399 0x060c CertPropSvc - ok
23:26:57.0540 0x060c [ 1F8A319D29394F9CE1B7AE020DF2EBBF, 624D2A19751D50566C4D3292CA627ADE78C2BE5807B37A0C370EF7FE4FE62048 ] cfWiMAXService C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
23:26:57.0555 0x060c cfWiMAXService - ok
23:26:57.0618 0x060c [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:26:57.0618 0x060c circlass - ok
23:26:57.0711 0x060c [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
23:26:57.0711 0x060c CLFS - ok
23:26:57.0898 0x060c [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:26:57.0914 0x060c clr_optimization_v2.0.50727_32 - ok
23:26:58.0086 0x060c [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:26:58.0273 0x060c clr_optimization_v4.0.30319_32 - ok
23:26:58.0304 0x060c [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:26:58.0304 0x060c CmBatt - ok
23:26:58.0382 0x060c [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
23:26:58.0382 0x060c cmdide - ok
23:26:58.0491 0x060c [ DB5E008B3744DD60C8498CBBF2A1CFA6, 1D851BF2433A953B32438A911D194C9DB42A52CD6E8DA296CA3C8DD2CCA83381 ] CNG C:\Windows\system32\Drivers\cng.sys
23:26:58.0522 0x060c CNG - ok
23:26:58.0585 0x060c [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:26:58.0585 0x060c Compbatt - ok
23:26:58.0647 0x060c [ F1724BA27E97D627F808FB0BA77A28A6, F7D69082EEFEC0FB8B309F6AEE282D4A5DFC1A40851ED65904AA9582C5DEA5AB ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:26:58.0647 0x060c CompositeBus - ok
23:26:58.0694 0x060c COMSysApp - ok
23:26:58.0756 0x060c [ CAB0EEAF5295FC96DDD3E19DCE27E131, 87BCAC18D920153322D325AA5B93BB0B447577D67261FDCC01C5B60643CEA792 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
23:26:58.0756 0x060c ConfigFree Service - ok
23:26:58.0850 0x060c [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:26:58.0850 0x060c crcdisk - ok
23:26:58.0928 0x060c [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED, 579D206CF49FB78C2D9BA29A9C57489B7875242EB618019CB7B8D336C70A09E6 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:26:58.0928 0x060c CryptSvc - ok
23:26:59.0006 0x060c [ 33E7AB50F87F97ABD9057205E27CB182, CD5139E2ED2652E5EE5E31F43B0EE06971A4490943238C0BA1BA36C02963C245 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
23:26:59.0022 0x060c dc3d - ok
23:26:59.0084 0x060c [ B82CD39E336973359D7C9BF911E8E84F, 45DB8F1E88FC25A81D2F3C2F8A8CDB6B34C44950B038E24FB71DCDD9823DB22A ] DcomLaunch C:\Windows\system32\rpcss.dll
23:26:59.0100 0x060c DcomLaunch - ok
23:26:59.0146 0x060c [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
23:26:59.0162 0x060c defragsvc - ok
23:26:59.0240 0x060c [ 83D1ECEA8FAAE75604C0FA49AC7AD996, 0EB4F374CB91AFF12ABC7EFC7858BDB6E58B50FCE0ADA1711F90FF592059DA40 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:26:59.0256 0x060c DfsC - ok
23:26:59.0396 0x060c [ C56495FBD770712367CAD35E5DE72DA6, 9D5456A2E208F542F0B6C951EFCABA2A10919777C4287D7298A28F543D5BAC32 ] Dhcp C:\Windows\system32\dhcpcore.dll
23:26:59.0396 0x060c Dhcp - ok
23:26:59.0458 0x060c [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
23:26:59.0458 0x060c discache - ok
23:26:59.0521 0x060c [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:26:59.0521 0x060c Disk - ok
23:26:59.0568 0x060c [ B15BE77A2BACF9C3177D27518AFE26A9, FBF02038C2EC0262B401FCBD348C48DF184AD76E95643E3D6ED32C02E90D8FC9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:26:59.0583 0x060c Dnscache - ok
23:26:59.0677 0x060c [ 4408C85C21EEA48EB0CE486BAEEF0502, 67EA726F4053665D94D7790EC89616EA0698A7548073A9211E3F75937B4384BE ] dot3svc C:\Windows\System32\dot3svc.dll
23:26:59.0677 0x060c dot3svc - ok
23:26:59.0786 0x060c [ B5E479EB83707DD698F66953E922042C, 82891A4699F180A20EB25A0EC49A7E008B007A374BAA3279483AC1C95D125FE8 ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
23:26:59.0786 0x060c Dot4 - ok
23:26:59.0817 0x060c [ C25FEA07A8E7767E8B89AB96A3B96519, 29850207B9FC908AC976C1E0899222538733A0D1C5F9F5EAB2E798A053201431 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:26:59.0817 0x060c Dot4Print - ok
23:26:59.0895 0x060c [ 9F7DE667C505CE6500BECDD8E11644D7, AA9C589980684429DBAF882AB9A197A6894F23B0CB629C7AF3E27B34B61CB6C1 ] Dot4Scan C:\Windows\system32\DRIVERS\Dot4Scan.sys
23:26:59.0911 0x060c Dot4Scan - ok
23:26:59.0942 0x060c [ CF491FF38D62143203C065260567E2F7, 4315FD8FC88CF627EBE469A2DF0F280B17C95D3004FC7A93D6F8E47F0D91A037 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
23:26:59.0942 0x060c dot4usb - ok
23:27:00.0067 0x060c [ 7FA81C6E11CAA594ADB52084DA73A1E5, 9ED1C585D9CA091E75E4A2A1E5B923B104EBDC5FC9D12154DE909C583E4D0CAE ] DPS C:\Windows\system32\dps.dll
23:27:00.0067 0x060c DPS - ok
23:27:00.0176 0x060c [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:27:00.0176 0x060c drmkaud - ok
23:27:00.0270 0x060c [ 1679A4669326CB1A67CC95658D273234, 57429EC10744956635CAE0742320D7C03B3EEA0CB1F5769AEF21C054C0B5E498 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:27:00.0285 0x060c DXGKrnl - ok
23:27:00.0379 0x060c [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
23:27:00.0379 0x060c EapHost - ok
23:27:00.0597 0x060c [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
23:27:00.0769 0x060c ebdrv - ok
23:27:00.0831 0x060c [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] EFS C:\Windows\System32\lsass.exe
23:27:00.0847 0x060c EFS - ok
23:27:01.0018 0x060c [ 1697C39978CD69F6FBC15302EDCECE1F, E496FAE102EE33EBD35AC745E8647976DB9F91EF78E54EB962FF2D04D45B561A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:27:01.0112 0x060c ehRecvr - ok
23:27:01.0174 0x060c [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
23:27:01.0174 0x060c ehSched - ok
23:27:01.0268 0x060c [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:27:01.0299 0x060c elxstor - ok
23:27:01.0346 0x060c [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
23:27:01.0346 0x060c ErrDev - ok
23:27:01.0455 0x060c [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
23:27:01.0471 0x060c EventSystem - ok
23:27:01.0502 0x060c [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
23:27:01.0502 0x060c exfat - ok
23:27:01.0611 0x060c [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:27:01.0611 0x060c fastfat - ok
23:27:01.0705 0x060c [ F7EA23CC5E6BF2181F3F399D54F6EFC1, 4659A2EDC5D5171668FB20BED7B56466A674876888519D6F524F7456EBD11263 ] Fax C:\Windows\system32\fxssvc.exe
23:27:01.0720 0x060c Fax - ok
23:27:01.0767 0x060c [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:27:01.0767 0x060c fdc - ok
23:27:01.0892 0x060c [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
23:27:01.0892 0x060c fdPHost - ok
23:27:01.0954 0x060c [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
23:27:01.0954 0x060c FDResPub - ok
23:27:02.0001 0x060c [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:27:02.0017 0x060c FileInfo - ok
23:27:02.0032 0x060c [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:27:02.0032 0x060c Filetrace - ok
23:27:02.0079 0x060c [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:27:02.0079 0x060c flpydisk - ok
23:27:02.0126 0x060c [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:27:02.0126 0x060c FltMgr - ok
23:27:02.0204 0x060c [ 7FE4995528A7529A761875151EE3D512, 63F062A8E6AA9AEF39A46E94ADD548C72B4E21C1090DE9CBDCFB3F4489637BAF ] FontCache C:\Windows\system32\FntCache.dll
23:27:02.0251 0x060c FontCache - ok
23:27:02.0360 0x060c [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:27:02.0485 0x060c FontCache3.0.0.0 - ok
23:27:02.0485 0x060c [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:27:02.0485 0x060c FsDepends - ok
23:27:02.0656 0x060c [ B0082808A6856A252F7CDD939892CE50, 3A069239629C4F54049A2CFC6642AC5102ECEAA74470BAA9DDB1AB108D1060EE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
23:27:02.0688 0x060c fssfltr - ok
23:27:02.0922 0x060c [ 28DDEEEC44E988657B732CF404D504CB, 47F83018E5449CDCED3DD447991788EBAAC92C418D4513FBA9408C45E9AB8E7E ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
23:27:03.0078 0x060c fsssvc - ok
23:27:03.0109 0x060c [ 500A9814FD9446A8126858A5A7F7D273, FB9607A43B8DDA87A449A3BFEBDC035F00BA7B5D9CC56AD5F310732A38F56A46 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:27:03.0109 0x060c Fs_Rec - ok
23:27:03.0187 0x060c [ 4732E596BB1C50D9F9188C5074EE7782, 465E47C6AFA53B7CAFED5C61A5D832E7B3A1A33F82E1F11A472B84CD24D2ED55 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:27:03.0202 0x060c fvevol - ok
23:27:03.0280 0x060c [ CBC22823628544735625B280665E434E, 6B5A3FE469CACE241F3332E6E6B3D0ACB3C2EB3DF0297C744F5A155992F0B411 ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys
23:27:03.0280 0x060c FwLnk - ok
23:27:03.0374 0x060c [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:27:03.0390 0x060c gagp30kx - ok
23:27:03.0546 0x060c [ 67CF4C2E7477B9A01DF07E38AF293414, 97DE62637E66D8FA5DDE5247270030C362326D073824A3D1CF6056B5CB5C72CB ] GameConsoleService C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
23:27:03.0624 0x060c GameConsoleService - ok
23:27:03.0702 0x060c [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:27:03.0702 0x060c GEARAspiWDM - ok
23:27:03.0764 0x060c [ 8BA3C04702BF8F927AB36AE8313CA4EE, 3B6460C8134AA9D6E4FB978201B35FE9B67DD5BBB6C8D9625F3097DDA30C2893 ] gpsvc C:\Windows\System32\gpsvc.dll
23:27:03.0780 0x060c gpsvc - ok
23:27:03.0842 0x060c [ 6003BC70F1A8307262BD3C941BDA0B7E, E820EB4B7099687831A67D37F6004A58968D3B89BF7F964848191455E4DA3AF0 ] grmnusb C:\Windows\system32\drivers\grmnusb.sys
23:27:03.0842 0x060c grmnusb - ok
23:27:04.0014 0x060c [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:27:04.0014 0x060c gupdate - ok
23:27:04.0092 0x060c [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:27:04.0092 0x060c gupdatem - ok
23:27:04.0123 0x060c [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:27:04.0123 0x060c gusvc - ok
23:27:04.0170 0x060c [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:27:04.0170 0x060c hcw85cir - ok
23:27:04.0232 0x060c [ 3530CAD25DEBA7DC7DE8BB51632CBC5F, 6706B8AD211A4B89B6571ACD227412026EAD87D71456B3EC6E7DD8FA15B997BE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:27:04.0248 0x060c HdAudAddService - ok
23:27:04.0294 0x060c [ 717A2207FD6F13AD3E664C7D5A43C7BF, BF28A6F00B64FA0E801493E3289CFFD5E313E724DF7B5AB521C9E37A20890DCF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:27:04.0294 0x060c HDAudBus - ok
23:27:04.0341 0x060c [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:27:04.0341 0x060c HidBatt - ok
23:27:04.0388 0x060c [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:27:04.0404 0x060c HidBth - ok
23:27:04.0560 0x060c [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:27:04.0560 0x060c HidIr - ok
23:27:04.0684 0x060c [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\System32\hidserv.dll
23:27:04.0684 0x060c hidserv - ok
23:27:04.0778 0x060c [ 25072FB35AC90B25F9E4E3BACF774102, EBCE089947CC5A251A517CB91E81FCB948B18405FBACA04C874D4A48AF88676D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:27:04.0778 0x060c HidUsb - ok
23:27:04.0872 0x060c [ 741C2A45CA8407E374AABA3E330B7872, FCF31C46297CFDF8240F0E783A61C8463FEDB1EF7A676AB89DFF0EAE9F3534B4 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:27:04.0887 0x060c hkmsvc - ok
23:27:04.0903 0x060c [ A768CA158BB06782A2835B907F4873C3, EFF736C6BA38FB8FC8807286AB273E7274F505E8E59D952E8563DF77C412C5AE ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:27:04.0903 0x060c HomeGroupListener - ok
23:27:04.0950 0x060c [ FB08DEC5EF43D0C66D83B8E9694E7549, 9C9ECE9E90F524791FC5DCE797BAE39605F966592126FF058BA3FA0BEFD07BEB ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:27:04.0950 0x060c HomeGroupProvider - ok
23:27:05.0074 0x060c [ 08457D8F8149757C70CEA59C71EC5D27, DC89AB78F423950E1C1A6B64CE46E6395AA8F43456A70BE1D3A517F568068BA5 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
23:27:05.0090 0x060c hpqcxs08 - ok
23:27:05.0121 0x060c [ 75CC8C5146A3FB76221A7606628778D5, 2FDD943E22E38083639DF61335DEFE9C38685158D8BF0528834C1B657DC1DE6F ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
23:27:05.0137 0x060c hpqddsvc - ok
23:27:05.0168 0x060c [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
23:27:05.0168 0x060c HpSAMD - ok
23:27:05.0308 0x060c [ 83DB5DD8BE71CBA5447FBD7A48FDBEDA, D9F31BA67F96EB424AAA91C1CC23A74A74099F7AB0ABBBDE3B46A34C1481DFE6 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
23:27:05.0340 0x060c HPSLPSVC - ok
23:27:05.0419 0x060c [ C531C7FD9E8B62021112787C4E2C5A5A, 09205E2A5BFB6C623B312B8AC82F7F7CA8A922B1D9A0E3952BD3BA47BBE1F18C ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:27:05.0434 0x060c HTTP - ok
23:27:05.0481 0x060c [ 8305F33CDE89AD6C7A0763ED0B5A8D42, A7CA4978DC1FF6105EA39124DF854F0B1FD478476B871ED0E018AF3AE2165282 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:27:05.0481 0x060c hwpolicy - ok
23:27:05.0512 0x060c [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:27:05.0512 0x060c i8042prt - ok
23:27:05.0606 0x060c [ 01446278D4563B3013C92830AE6CBB26, 68DB91660E46945CAD5AB9767A603D1B750899A0737C538551F01892E755F0ED ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
23:27:05.0606 0x060c iaStor - ok
23:27:05.0684 0x060c [ 71F1A494FEDF4B33C02C4A6A28D6D9E9, 3AF6B8220E5081C79951979FE59E980C0309C826E201AE286D3B42CD2BA8145F ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:27:05.0699 0x060c iaStorV - ok
23:27:05.0871 0x060c [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
23:27:05.0871 0x060c IDriverT - ok
23:27:05.0965 0x060c [ 5AF815EB5BC9802E5A064E2BA62BFC0C, DC8CED05F623D30C57E8A7A382A219B4266C9C766ABF8A8D71783EACB8607B82 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:27:06.0043 0x060c idsvc - ok
23:27:06.0448 0x060c [ 8266AE06DF974E5BA047B3E9E9E70B3F, 44E5A8EED802A1DDF3CCDB478A88A3AB3CF009F449FB11E0F94A28498342B4E2 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
23:27:06.0635 0x060c igfx - ok
23:27:06.0745 0x060c [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:27:06.0745 0x060c iirsp - ok
23:27:06.0838 0x060c [ FAC0EE6562B121B1399D6E855583F7A5, 034C9EE9232EB2CE64297EC4BCBEB5DA443ED9176C436CC754EF84FFB4AD4B08 ] IKEEXT C:\Windows\System32\ikeext.dll
23:27:06.0854 0x060c IKEEXT - ok
23:27:07.0057 0x060c [ E4A2E810CB2607C9C159C0DFB0BD4C88, 9F84636D1096BD5EFEDC295D289241CCF3BE77C643C83F3C0F105791042D6A08 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:27:07.0119 0x060c IntcAzAudAddService - ok
23:27:07.0166 0x060c [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
23:27:07.0166 0x060c intelide - ok
23:27:07.0244 0x060c [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:27:07.0244 0x060c intelppm - ok
23:27:07.0291 0x060c [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:27:07.0291 0x060c IPBusEnum - ok
23:27:07.0322 0x060c [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:27:07.0337 0x060c IpFilterDriver - ok
23:27:07.0384 0x060c [ 477397B432A256A50EE7E4339EB9EA14, 3722938E69D16962F773F39669E9B90279DC9527BBC63564B33C89DAFD283497 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:27:07.0400 0x060c iphlpsvc - ok
 
23:27:07.0415 0x060c [ E4454B6C37D7FFD5649611F6496308A7, 5B2AA8C06076C9A1FF944E5EA07C29BA7FABEBB38E6BFB388ED46933EAC465FB ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:27:07.0431 0x060c IPMIDRV - ok
23:27:07.0462 0x060c [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:27:07.0462 0x060c IPNAT - ok
23:27:07.0540 0x060c [ B21735A057ED5C2811B45DFCE067F4CD, 69D99AB0E5DA580012B6FA634A2DE34A9080411A96C93B6B9A3DC31D4B30BAE3 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:27:07.0587 0x060c iPod Service - ok
23:27:07.0603 0x060c [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:27:07.0603 0x060c IRENUM - ok
23:27:07.0634 0x060c [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
23:27:07.0634 0x060c isapnp - ok
23:27:07.0696 0x060c [ ED46C223AE46C6866AB77CDC41C404B7, 1B2A4A3FF0E5F8F02717F20983D57612D62DFF809064A7E524700E7254BB7DB3 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:27:07.0696 0x060c iScsiPrt - ok
23:27:07.0743 0x060c [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:27:07.0743 0x060c kbdclass - ok
23:27:07.0759 0x060c [ 3D9F0EBF350EDCFD6498057301455964, B3CB5F0C045B06C86E683F3C67DC0D4E37AF16E20B189B05C926A5A7011438FB ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:27:07.0759 0x060c kbdhid - ok
23:27:07.0774 0x060c [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] KeyIso C:\Windows\system32\lsass.exe
23:27:07.0774 0x060c KeyIso - ok
23:27:07.0883 0x060c [ 52FC17C8589F11747D01D3CF592673D0, 0D432F14DF6A0964947FADF4AFBCC195946A68230DC17FA610CC000BB0C921A7 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:27:07.0899 0x060c KSecDD - ok
23:27:07.0946 0x060c [ 3E5474B03568CFAB834DA3C38E8C9EFA, 1223B99AD86905C34BC95C61DA894F36567F4A23EA7E32E955133C5B2FD558DB ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:27:07.0961 0x060c KSecPkg - ok
23:27:08.0008 0x060c [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
23:27:08.0024 0x060c KtmRm - ok
23:27:08.0071 0x060c [ 8F6BF790D3168224C16F2AF68A84438C, CEEA0E38B746163A4110E157DAB50CC35A689A5BBC9B3691F2B9D3AE49B0D95E ] LanmanServer C:\Windows\System32\srvsvc.dll
23:27:08.0086 0x060c LanmanServer - ok
23:27:08.0117 0x060c [ B9891F885DCF1F0513A51CB58493CB1F, C883D243E1E7B7AEA031FB90FE4FCEED631F835DC95F9D9D60BC554E6EC358C2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:27:08.0117 0x060c LanmanWorkstation - ok
23:27:08.0180 0x060c [ CB5D13966F74D7F000724A907F614193, 720374DE3C3E930B3C679DEF41A7073477F0C9C3156A0400F2F23672CCFCC981 ] libusb0 C:\Windows\system32\DRIVERS\libusb0.sys
23:27:08.0180 0x060c libusb0 - ok
23:27:08.0242 0x060c [ 6E5DAC168D1FF9843E84A59D51D31107, A847CFEB0D18E7865D483C74560DF67772DCB8EC22DB0F5910F3A68BFA9F3DCD ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
23:27:08.0242 0x060c LightScribeService - ok
23:27:08.0305 0x060c [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:27:08.0305 0x060c lltdio - ok
23:27:08.0367 0x060c [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:27:08.0367 0x060c lltdsvc - ok
23:27:08.0383 0x060c [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:27:08.0383 0x060c lmhosts - ok
23:27:08.0429 0x060c [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:27:08.0429 0x060c LSI_FC - ok
23:27:08.0476 0x060c [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:27:08.0476 0x060c LSI_SAS - ok
23:27:08.0523 0x060c [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:27:08.0523 0x060c LSI_SAS2 - ok
23:27:08.0554 0x060c [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:27:08.0554 0x060c LSI_SCSI - ok
23:27:08.0585 0x060c [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
23:27:08.0585 0x060c luafv - ok
23:27:08.0632 0x060c [ E2B0887816ED336685954E3D8FDAA51D, 4DCB08ADC6A89DCA68D1285734B283B567888EF72249F6BBA73A63D1BD462466 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:27:08.0632 0x060c Mcx2Svc - ok
23:27:08.0663 0x060c [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:27:08.0679 0x060c megasas - ok
23:27:08.0710 0x060c [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:27:08.0726 0x060c MegaSR - ok
23:27:08.0773 0x060c [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
23:27:08.0773 0x060c MMCSS - ok
23:27:08.0819 0x060c [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
23:27:08.0819 0x060c Modem - ok
23:27:08.0882 0x060c [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:27:08.0897 0x060c monitor - ok
23:27:08.0944 0x060c [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:27:08.0944 0x060c mouclass - ok
23:27:08.0975 0x060c [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:27:08.0991 0x060c mouhid - ok
23:27:09.0007 0x060c [ 921C18727C5920D6C0300736646931C2, 19ACE502982E9C5B0134676102EAEE96675C9CA237E410DB36C389D6B4078301 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:27:09.0007 0x060c mountmgr - ok
23:27:09.0100 0x060c [ 8072A7BB35D92CC621AC2605EEF79BC4, 68F61BE84A5032CEC24F04C90DACA1AE78F3744016389BE2345256B26E44E09A ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
23:27:09.0100 0x060c MpFilter - ok
23:27:09.0147 0x060c [ 2AF5997438C55FB79D33D015C30E1974, E8F048A02FEB400C133D0BFC1659921E73B59549E3F7D2A13929901B87A1901F ] mpio C:\Windows\system32\DRIVERS\mpio.sys
23:27:09.0163 0x060c mpio - ok
23:27:09.0209 0x060c [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:27:09.0209 0x060c mpsdrv - ok
23:27:09.0272 0x060c [ 5CD996CECF45CBC3E8D109C86B82D69E, ABE40DA4DA555D3D5054BE28BF82E775D90DCB9E31409DC95FABF2F016B17700 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:27:09.0287 0x060c MpsSvc - ok
23:27:09.0319 0x060c [ B1BE47008D20E43DA3ADC37C24CDB89D, 6E8555E84B42E5098227B35EA5ABADF2CD3AC247B37CB9E9304FF67064EBE59B ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:27:09.0334 0x060c MRxDAV - ok
23:27:09.0412 0x060c [ CA7570E42522E24324A12161DB14EC02, E4DA5EDC7CBCC9E601543071A49347A0AA3EB4EAC205E342A1F2768FD785D08F ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:27:09.0412 0x060c mrxsmb - ok
23:27:09.0475 0x060c [ F965C3AB2B2AE5C378F4562486E35051, 5FFDD5531B98FF0EA19A901C4EE1CE6043C245A4BE5533A495E331B5834D696B ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:27:09.0490 0x060c mrxsmb10 - ok
23:27:09.0521 0x060c [ 25C38264A3C72594DD21D355D70D7A5D, DCEF2DEBB1859FED6FC7A19D13A841B6B6CA10577E12F116D0EB2D2B8C72A4A1 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:27:09.0521 0x060c mrxsmb20 - ok
23:27:09.0568 0x060c [ 4326D168944123F38DD3B2D9C37A0B12, 322AE93418BE3BA6B3E11C86431EC3F4B23CADC3B968B92978A08A7C0D0D8902 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
23:27:09.0584 0x060c msahci - ok
23:27:09.0599 0x060c [ 455029C7174A2DBB03DBA8A0D8BDDD9A, 614D71978B024109ADD9A7A74F74ABD5FAA1C36A2E859AF288398EAE7CD76DF2 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
23:27:09.0599 0x060c msdsm - ok
23:27:09.0631 0x060c [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
23:27:09.0631 0x060c MSDTC - ok
23:27:09.0662 0x060c [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:27:09.0662 0x060c Msfs - ok
23:27:09.0677 0x060c [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:27:09.0677 0x060c mshidkmdf - ok
23:27:09.0693 0x060c [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
23:27:09.0693 0x060c msisadrv - ok
23:27:09.0755 0x060c [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:27:09.0755 0x060c MSiSCSI - ok
23:27:09.0771 0x060c msiserver - ok
23:27:09.0818 0x060c [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:27:09.0818 0x060c MSKSSRV - ok
23:27:09.0880 0x060c [ 1EE3643D1AA747222427F63353611AD7, 18465E375485DF4E980121449077D5BA87C25C5FA8D86F40DA3B7BE153306766 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
23:27:09.0880 0x060c MsMpSvc - ok
23:27:09.0911 0x060c [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:27:09.0927 0x060c MSPCLOCK - ok
23:27:09.0943 0x060c [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:27:09.0943 0x060c MSPQM - ok
23:27:09.0974 0x060c [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:27:09.0974 0x060c MsRPC - ok
23:27:10.0036 0x060c [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:27:10.0036 0x060c mssmbios - ok
23:27:10.0067 0x060c [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:27:10.0067 0x060c MSTEE - ok
23:27:10.0067 0x060c [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:27:10.0083 0x060c MTConfig - ok
23:27:10.0099 0x060c [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
23:27:10.0099 0x060c Mup - ok
23:27:10.0161 0x060c [ 80284F1985C70C86F0B5F86DA2DFE1DF, 424A5BBC28C72DA0DBABEB9E423B8C409754CD1BA3DFC9E174BF22D8BCE1BE63 ] napagent C:\Windows\system32\qagentRT.dll
23:27:10.0161 0x060c napagent - ok
23:27:10.0208 0x060c [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:27:10.0223 0x060c NativeWifiP - ok
23:27:10.0286 0x060c [ 23759D175A0A9BAAF04D05047BC135A8, 2C8C553B4E1ED3A644F619F16BCEDD5A3C6D74A17E6E75A3E740E06B1D636348 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:27:10.0364 0x060c NDIS - ok
23:27:10.0395 0x060c [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:27:10.0395 0x060c NdisCap - ok
23:27:10.0426 0x060c [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:27:10.0426 0x060c NdisTapi - ok
23:27:10.0457 0x060c [ B30AE7F2B6D7E343B0DF32E6C08FCE75, 39BBBF7AF886732CB9ED3E6C06DA4318554089F3BEA74C74328FE1C6EF68E70B ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:27:10.0457 0x060c Ndisuio - ok
23:27:10.0473 0x060c [ 267C415EADCBE53C9CA873DEE39CF3A4, BAA8626BDA7B68176B19A99FBBD40FB2A774C8F44B56F9FFB99A1F5C16A1C555 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:27:10.0473 0x060c NdisWan - ok
23:27:10.0489 0x060c [ AF7E7C63DCEF3F8772726F86039D6EB4, 1CFDED48E8844138864786DBF9D5519162A6DB28F885A781934E8AFBD52EAC50 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:27:10.0489 0x060c NDProxy - ok
23:27:10.0535 0x060c [ 69C503C004F49AEE8B8E3067CC047BA7, 0E7A2FB0CC7669E6400EDA4D2220BBB1A85CF3D3529739DA5AE2C073FFA08313 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
23:27:10.0535 0x060c Net Driver HPZ12 - ok
23:27:10.0598 0x060c [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:27:10.0598 0x060c NetBIOS - ok
23:27:10.0629 0x060c [ DD52A733BF4CA5AF84562A5E2F963B91, 5CEB9664CED3D120F5408A12035748728710D41090A289CF66023CED4C838A1F ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:27:10.0629 0x060c NetBT - ok
23:27:10.0660 0x060c [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] Netlogon C:\Windows\system32\lsass.exe
23:27:10.0676 0x060c Netlogon - ok
23:27:10.0738 0x060c [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
23:27:10.0754 0x060c Netman - ok
23:27:10.0832 0x060c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:27:10.0879 0x060c NetMsmqActivator - ok
23:27:10.0894 0x060c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:27:10.0894 0x060c NetPipeActivator - ok
23:27:10.0972 0x060c [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
23:27:10.0988 0x060c netprofm - ok
23:27:11.0019 0x060c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:27:11.0019 0x060c NetTcpActivator - ok
23:27:11.0035 0x060c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:27:11.0035 0x060c NetTcpPortSharing - ok
23:27:11.0097 0x060c [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:27:11.0097 0x060c nfrd960 - ok
23:27:11.0175 0x060c [ FCBC2F48430EB0D7150A6521C0B84ACA, EEFB975E2D1121EE9E93702F2CA2938C99C6B2273616C85816BA15E857E8D4FF ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:27:11.0175 0x060c NisDrv - ok
23:27:11.0237 0x060c [ E4AA07F8BCBCB66EF115C443CD45C7A2, 3B538D9E376F12FC8589BA500BB5E859337CF1856D0E4AA66E2E3B5E301DAEC5 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
23:27:11.0253 0x060c NisSrv - ok
23:27:11.0315 0x060c [ 2226496E34BD40734946A054B1CD657F, 98392D98C9213822268971432BB55047ABD8B4EBD42483FA69BF50FB8FAD64A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:27:11.0315 0x060c NlaSvc - ok
23:27:11.0409 0x060c [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:27:11.0409 0x060c Npfs - ok
23:27:11.0471 0x060c [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
23:27:11.0471 0x060c nsi - ok
23:27:11.0487 0x060c [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:27:11.0487 0x060c nsiproxy - ok
23:27:11.0581 0x060c [ A8F59428E9F361C7AC42A94AC1560BC9, 5B056375C8D21E7AE9E2EAC2EF62F5A2D6D0DBB52DD2FC34F9CC35F55C6766A6 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:27:11.0627 0x060c Ntfs - ok
23:27:11.0659 0x060c [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
23:27:11.0659 0x060c Null - ok
23:27:11.0674 0x060c [ F1B0BED906F97E16F6D0C3629D2F21C6, 563DE1AF0BE884264FD0D17AAA92EA32A2EACDF1E6C56D038773919D731E110C ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:27:11.0690 0x060c nvraid - ok
23:27:11.0721 0x060c [ 4520B63899E867F354EE012D34E11536, BDFF1033609834F44B0EDBE8B360FD7977D027034C469862385736AEFE8832B7 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:27:11.0721 0x060c nvstor - ok
23:27:11.0752 0x060c [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
23:27:11.0752 0x060c nv_agp - ok
23:27:11.0846 0x060c [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:27:11.0877 0x060c odserv - ok
23:27:11.0908 0x060c [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
23:27:11.0908 0x060c ohci1394 - ok
23:27:11.0939 0x060c [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:27:11.0939 0x060c ose - ok
23:27:12.0189 0x060c [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:27:12.0423 0x060c osppsvc - ok
23:27:12.0501 0x060c [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:27:12.0517 0x060c p2pimsvc - ok
23:27:12.0563 0x060c [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
23:27:12.0579 0x060c p2psvc - ok
23:27:12.0610 0x060c [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:27:12.0610 0x060c Parport - ok
23:27:12.0751 0x060c [ 66D3415C159741ADE7038A277EFFF99F, D9853845FE495A546328986718074373EAB0F59538CFE7E604B1A94C8CBE7140 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:27:12.0751 0x060c partmgr - ok
23:27:12.0797 0x060c [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
23:27:12.0813 0x060c Parvdm - ok
23:27:12.0844 0x060c [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:27:12.0844 0x060c PcaSvc - ok
23:27:12.0875 0x060c [ C858CB77C577780ECC456A892E7E7D0F, 21AE545B736739DE5A7B02CF227516BA6D02B1AAAECD8CC516CCF9F1FD710BCF ] pci C:\Windows\system32\DRIVERS\pci.sys
23:27:12.0875 0x060c pci - ok
23:27:12.0907 0x060c [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\DRIVERS\pciide.sys
23:27:12.0907 0x060c pciide - ok
23:27:12.0938 0x060c [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:27:12.0938 0x060c pcmcia - ok
23:27:12.0953 0x060c [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
23:27:12.0953 0x060c pcw - ok
23:27:13.0000 0x060c [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:27:13.0016 0x060c PEAUTH - ok
23:27:13.0094 0x060c [ 28F7FFFF50C474CF8BE16A2CACC7CE42, E17F79BD51BED437A02F2E48A73E1DB668D8173996C2193DE15643FE2251E8E7 ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
23:27:13.0094 0x060c PGEffect - ok
23:27:13.0203 0x060c [ 9C1BFF7910C89A1D12E57343475840CB, 62E00E1278BD263B2AC8CB803C31F2818C54DB143C49470FAD07731E04BD2DE3 ] pla C:\Windows\system32\pla.dll
23:27:13.0297 0x060c pla - ok
23:27:13.0343 0x060c [ 71DEF5EC79774C798342D0EA16E41780, 5B5A365E57A7ACE3C4EDA1D891BD613879B284831E8253FDE498E40B2091E3B6 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:27:13.0359 0x060c PlugPlay - ok
23:27:13.0421 0x060c [ 12B4549D515CB26BB8D375038017CA65, B09ED2BED994D2B04862BBF62EF56F110235D3489D3B1762432F22A3A8F97BB8 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
23:27:13.0421 0x060c Pml Driver HPZ12 - ok
23:27:13.0453 0x060c [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:27:13.0453 0x060c PNRPAutoReg - ok
23:27:13.0515 0x060c [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:27:13.0515 0x060c PNRPsvc - ok
23:27:13.0577 0x060c [ 48E1B75C6DC0232FD92BAAE4BD344721, 5BA4EB5A60725836D8085EABF87F51160BA57E318A0C4378410217911A393CE7 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:27:13.0577 0x060c PolicyAgent - ok
23:27:13.0624 0x060c [ DBFF83F709A91049621C1D35DD45C92C, 0A722A44F431CAB5EA77FF5F25EB6975C2111B605564FF9FB59751067E7CD3A7 ] Power C:\Windows\system32\umpo.dll
23:27:13.0640 0x060c Power - ok
23:27:13.0687 0x060c [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:27:13.0687 0x060c PptpMiniport - ok
23:27:13.0702 0x060c [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:27:13.0718 0x060c Processor - ok
23:27:13.0796 0x060c [ AEA3BDBDBA667AA6F678CB38907E4F5E, AB698DCA117F8D5F22F9CD8D7884147BAB4E0C055B8A487BC035C18ED1634752 ] ProfSvc C:\Windows\system32\profsvc.dll
23:27:13.0796 0x060c ProfSvc - ok
23:27:13.0827 0x060c [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] ProtectedStorage C:\Windows\system32\lsass.exe
23:27:13.0827 0x060c ProtectedStorage - ok
23:27:13.0889 0x060c [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:27:13.0889 0x060c Psched - ok
23:27:13.0921 0x060c [ 49452BFCEC22F36A7A9B9C2181BC3042, C01A2005E9897B142FF9BC6155770F70C19725C425E48D14239195E81E2E42D0 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
23:27:13.0921 0x060c PxHelp20 - ok
23:27:13.0983 0x060c [ 291E76C02C0994E4E6F1F97A4BCF6C0E, A0EB0354E41C7EAEE50128EA57336A62D332F7745AE9E9F0207C4CE8764C31A1 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
23:27:13.0983 0x060c QBCFMonitorService - ok
23:27:14.0045 0x060c [ 6BEE1814470DC12FA20C53DFC3C97EBB, 91E8C22E54A090966E9B96395392B2C03A32DB1AF8DB2289E2EA9460F0A76C0F ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
23:27:14.0061 0x060c QBFCService - ok
23:27:14.0170 0x060c [ 1F3EB5363F467AAD7CA467AE26D0E8C4, 9D0B39C0EB09918590190650A711A639F7186B60B2770C0CEE3DFE0DE60CABE9 ] QBVSS C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
23:27:14.0201 0x060c QBVSS - ok
23:27:14.0326 0x060c [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:27:14.0389 0x060c ql2300 - ok
23:27:14.0451 0x060c [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:27:14.0451 0x060c ql40xx - ok
23:27:14.0513 0x060c [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
23:27:14.0513 0x060c QWAVE - ok
23:27:14.0560 0x060c [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:27:14.0560 0x060c QWAVEdrv - ok
23:27:14.0607 0x060c [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:27:14.0607 0x060c RasAcd - ok
23:27:14.0701 0x060c [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:27:14.0701 0x060c RasAgileVpn - ok
23:27:14.0732 0x060c [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
23:27:14.0747 0x060c RasAuto - ok
23:27:14.0794 0x060c [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:27:14.0794 0x060c Rasl2tp - ok
23:27:14.0810 0x060c [ 0CE66EC736B7FC526D78F7624C7D2A94, D70B45AA413691CF84B24E966EBA1689955E54BDDA206380CAB7CD50F56D5CEB ] RasMan C:\Windows\System32\rasmans.dll
23:27:14.0825 0x060c RasMan - ok
23:27:14.0841 0x060c [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:27:14.0841 0x060c RasPppoe - ok
23:27:14.0903 0x060c [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:27:14.0903 0x060c RasSstp - ok
23:27:14.0935 0x060c [ 835D7E81BF517A3B72384BDCC85E1CE6, DC855AF17150C1B27926293115C01B5E1FD00FABCE18AFAEAB3DC68BDE4C908B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:27:14.0935 0x060c rdbss - ok
23:27:14.0981 0x060c [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:27:14.0981 0x060c rdpbus - ok
23:27:15.0013 0x060c [ 1E016846895B15A99F9A176A05029075, 78AE674B6E7D3A69099B24AC07E06563A4C867F9DCD8548E4DAAE6FC5ACA4E29 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:27:15.0013 0x060c RDPCDD - ok
23:27:15.0044 0x060c [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:27:15.0044 0x060c RDPENCDD - ok
23:27:15.0091 0x060c [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:27:15.0091 0x060c RDPREFMP - ok
23:27:15.0153 0x060c [ C5B8D47A4688DE9D335204EA757C2240, 2F646466120911B0CA0E331B4959A470E18DFD51C8FAAB69BE0461C31D52DBBE ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:27:15.0169 0x060c RDPWD - ok
23:27:15.0231 0x060c [ 35045BC673E74FE0E8AA89BC16D50FBB, E433CE2809E9E0BE3131D477B1CC3A96416DC3BB8CCE4774F56C3E72FCCC3A72 ] rdsdrvdm C:\Windows\system32\DRIVERS\rdsdrvdm.sys
23:27:15.0231 0x060c rdsdrvdm - ok
23:27:15.0309 0x060c [ 4EA225BF1CF05E158853F30A99CA29A7, F211480F13E2FE36C31110AE67ABE74E9D572D3A36BEEDE29E14ECBD8C246878 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:27:15.0309 0x060c rdyboost - ok
23:27:15.0403 0x060c [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:27:15.0403 0x060c RemoteAccess - ok
23:27:15.0481 0x060c [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:27:15.0481 0x060c RemoteRegistry - ok
23:27:15.0512 0x060c [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:27:15.0512 0x060c RpcEptMapper - ok
23:27:15.0543 0x060c [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
23:27:15.0559 0x060c RpcLocator - ok
23:27:15.0637 0x060c [ 675C575444AAFD56B4E8A99EF8A570CD, 22B068C69B4FA360601250E003DCBB96FED30966A4D01D29ACAE7A6687C25B6D ] rpcnet C:\Windows\system32\rpcnet.exe
23:27:15.0637 0x060c rpcnet - ok
 
Part 3

23:27:15.0683 0x060c [ B82CD39E336973359D7C9BF911E8E84F, 45DB8F1E88FC25A81D2F3C2F8A8CDB6B34C44950B038E24FB71DCDD9823DB22A ] RpcSs C:\Windows\system32\rpcss.dll
23:27:15.0699 0x060c RpcSs - ok
23:27:15.0902 0x060c RSELSVC - ok
23:27:15.0980 0x060c [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:27:15.0980 0x060c rspndr - ok
23:27:16.0089 0x060c [ EF8B2AFC3C0751C5E5A59983C8893260, F612ACAD35F6ECC6596003D052B240B7688016FD5D82978727DD408DF36104F3 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
23:27:16.0089 0x060c RSUSBSTOR - ok
23:27:16.0167 0x060c [ D5EDE44CA85899E0478208C8413C1C31, 341BACF35E24745134167CB5D03E24E9B61B083D06086DFDAC20F9F9F4603751 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
23:27:16.0167 0x060c RTL8167 - ok
23:27:16.0292 0x060c [ 470253597930E765DD08B30E723C1FA2, A39E48ED2130D3DB00010F3B8A2F688AA928A1E02064171FFD64F7F0BF402C59 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
23:27:16.0292 0x060c RTL8169 - ok
23:27:16.0401 0x060c [ 949F74CB383A1D5DA67AEA9CCD4A8B87, F3FE508A5EE5AE86351ECB8971651EF1B75CAC4B7CF68EEBE2846285DCAA2099 ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys
23:27:16.0417 0x060c RTL8187B - ok
23:27:17.0026 0x060c [ 0D60B8C10A2C5E8DD620B3FDEB1CDA64, CC7BBB3B177559190E425F33E00CDA153C87B47AFAA8330361BC6ADA26B2C97B ] RtlProt C:\Windows\system32\DRIVERS\rtlprot.sys
23:27:17.0026 0x060c RtlProt - ok
23:27:17.0198 0x060c RtsUIR - ok
23:27:17.0213 0x060c [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] SamSs C:\Windows\system32\lsass.exe
23:27:17.0213 0x060c SamSs - ok
23:27:17.0276 0x060c [ 34EE0C44B724E3E4CE2EFF29126DE5B5, D27AAF77CB8830893558A600E19CDBF9A6AA7D69DE4B34F317ED4AFD38E8CAFB ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
23:27:17.0276 0x060c sbp2port - ok
23:27:17.0400 0x060c [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:27:17.0400 0x060c SCardSvr - ok
23:27:17.0432 0x060c [ A95C54B2AC3CC9C73FCDF9E51A1D6B51, 8C0189A6AF9AEC46CBA4DA422C52B2D3E4858B2F2658DB6CA7996B5F368D2503 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:27:17.0432 0x060c scfilter - ok
23:27:17.0650 0x060c [ DF1E5C82E4D09CF8105CC644980C4803, 36BB8402B29466CF1AE5BD56ED6CF6FE47DE162ADF04D44E2BCEA168CB0BD4D4 ] Schedule C:\Windows\system32\schedsvc.dll
23:27:17.0744 0x060c Schedule - ok
23:27:17.0822 0x060c [ 628A9E30EC5E18DD5DE6BE4DBDC12198, DDA43DCCB195440D6BD5752BD00D984F45BD6D23DBE2A656C33E3CD1E5D17AD7 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:27:17.0822 0x060c SCPolicySvc - ok
23:27:17.0915 0x060c [ 5FD90ABDBFAEE85986802622CBB03446, 0A8D9DC09C2ACA9EAABED04737E9EBF6EFB92BB2B9E5F37F10BFDF47CBF7DEDB ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:27:17.0931 0x060c SDRSVC - ok
23:27:18.0071 0x060c [ CC781378E7EDA615D2CDCA3B17829FA4, 137BF83A2A3D69335AD031B8D73473526F782CB8917A34B3CD92F923E7660F2A ] SeaPort C:\Program Files\Microsoft\BingBar\SeaPort.EXE
23:27:18.0071 0x060c SeaPort - ok
23:27:18.0134 0x060c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:27:18.0134 0x060c secdrv - ok
23:27:18.0134 0x060c [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
23:27:18.0149 0x060c seclogon - ok
23:27:18.0243 0x060c [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\system32\sens.dll
23:27:18.0243 0x060c SENS - ok
23:27:18.0305 0x060c [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:27:18.0305 0x060c SensrSvc - ok
23:27:18.0321 0x060c [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:27:18.0321 0x060c Serenum - ok
23:27:18.0368 0x060c [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:27:18.0368 0x060c Serial - ok
23:27:18.0399 0x060c [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:27:18.0414 0x060c sermouse - ok
23:27:18.0477 0x060c [ 8F55CE568C543D5ADF45C409D16718FC, 64D45854A91B656C1AF36EB272FDC54E9B5FB0200CB93E20F7D997DDA109EF7F ] SessionEnv C:\Windows\system32\sessenv.dll
23:27:18.0477 0x060c SessionEnv - ok
23:27:18.0524 0x060c [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
23:27:18.0524 0x060c sffdisk - ok
23:27:18.0555 0x060c [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:27:18.0570 0x060c sffp_mmc - ok
23:27:18.0586 0x060c [ A0708BBD07D245C06FF9DE549CA47185, 6A95ACD63A3E7CE6065D0A8B5C182C5B3F4540B8345AB5DCCBD3AC77E9D6CEAC ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
23:27:18.0586 0x060c sffp_sd - ok
23:27:18.0602 0x060c [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:27:18.0602 0x060c sfloppy - ok
23:27:18.0664 0x060c [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:27:18.0664 0x060c SharedAccess - ok
23:27:18.0695 0x060c [ CD2E48FA5B29EE2B3B5858056D246EF2, B743F92D0121CF3D827753C85F1F5A14C2DAA1CAFD42C7810C3BECB853DB6175 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:27:18.0695 0x060c ShellHWDetection - ok
23:27:18.0742 0x060c [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
23:27:18.0742 0x060c sisagp - ok
23:27:18.0804 0x060c [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:27:18.0804 0x060c SiSRaid2 - ok
23:27:18.0851 0x060c [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:27:18.0851 0x060c SiSRaid4 - ok
23:27:18.0882 0x060c [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:27:18.0898 0x060c Smb - ok
23:27:18.0929 0x060c [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:27:18.0929 0x060c SNMPTRAP - ok
23:27:18.0929 0x060c [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
23:27:18.0945 0x060c spldr - ok
23:27:19.0038 0x060c [ E17323B0AA9FB3FF9945731D736EDA2F, 65837FC6329A4B2B042B0CDB04F139CA14C2BD1EE0CDB2C7705431E9D97D0597 ] Spooler C:\Windows\System32\spoolsv.exe
23:27:19.0038 0x060c Spooler - ok
23:27:19.0226 0x060c [ 4C287F9069FEDBD791178876EE9DE536, 6099E76FF6FBA002EBA2BA7BE4E3238D91332E077524D1DD402E0C9ADA22E852 ] sppsvc C:\Windows\system32\sppsvc.exe
23:27:19.0288 0x060c sppsvc - ok
23:27:19.0335 0x060c [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7, E7A8A5774C62DC12B56DC3E0A385ACA9069F3A5E6AC664AD0C383EF44DCF81B3 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:27:19.0350 0x060c sppuinotify - ok
23:27:19.0428 0x060c [ C4A027B8C0BD3FC0699F41FA5E9E0C87, A709BD7DDF0ACA5CF65B5A541FC6013FF86181138B86D1BF631E4BF5F4F2E266 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:27:19.0428 0x060c srv - ok
23:27:19.0491 0x060c [ 414BB592CAD8A79649D01F9D94318FB3, 093F52568B48E94B6C53F2E7F229416B8643DD9CEBB3E41601C64E932E3098F3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:27:19.0506 0x060c srv2 - ok
23:27:19.0569 0x060c [ FF207D67700AA18242AAF985D3E7D8F4, CFB36B6AA3D6915D23654FB11E848EC47DA8346F47151BE66967E51101FD4222 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:27:19.0569 0x060c srvnet - ok
23:27:19.0616 0x060c [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:27:19.0616 0x060c SSDPSRV - ok
23:27:19.0662 0x060c [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:27:19.0678 0x060c SstpSvc - ok
23:27:19.0725 0x060c [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:27:19.0725 0x060c stexstor - ok
23:27:19.0772 0x060c [ EDB05BD63148796F23EA78506404A538, 8EBF623D3DEB6CCAC75AAFCF8B23271029A28BE29D459088E40FBF109E80AA17 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
23:27:19.0787 0x060c StillCam - ok
23:27:19.0865 0x060c [ A22825E7BB7018E8AF3E229A5AF17221, 5C97557F8BC6ABBB5BE624AE41AAC22C3D845F76C3E930337A4C07B2381086D7 ] StiSvc C:\Windows\System32\wiaservc.dll
23:27:19.0881 0x060c StiSvc - ok
23:27:19.0912 0x060c [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:27:19.0928 0x060c swenum - ok
23:27:19.0990 0x060c [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
23:27:20.0006 0x060c swprv - ok
23:27:20.0052 0x060c [ 8FE2C9649FFE62143965F8D16B08BE28, 3E6C325CA62059859AE6902ED30C9AB09A8B0E889052AE4210A6A84EF7659FD0 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:27:20.0068 0x060c SynTP - ok
23:27:20.0162 0x060c [ 04105C8DA62353589C29BDAEB8D88BD8, CC7A3A779A143E09FE5C0AA6795A7B13496C4E121347949CB23F7946EE5E2DED ] SysMain C:\Windows\system32\sysmain.dll
23:27:20.0193 0x060c SysMain - ok
23:27:20.0208 0x060c [ FCFB6C552FBC0DA299799CBD50AD9FD4, A2A90829087B1A7F9B57D6F184EB4AE38D10B2986B0DC8D2ACA5EE9412CA3976 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:27:20.0224 0x060c TabletInputService - ok
23:27:20.0255 0x060c [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF, FF66CBA014F3F8B721088F5AB3D004C1711E7F587CC8D4AC3DCFB45CDB746800 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:27:20.0271 0x060c TapiSrv - ok
23:27:20.0286 0x060c [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
23:27:20.0302 0x060c TBS - ok
23:27:21.0488 0x060c [ BBCEAEFF1FD72A026F827CBB2F4AA8AD, D06B2B340BFF9AB71E2EC1B808079A43A09358495CB583840D79454D4BB1654E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:27:21.0534 0x060c Tcpip - ok
23:27:21.0581 0x060c [ BBCEAEFF1FD72A026F827CBB2F4AA8AD, D06B2B340BFF9AB71E2EC1B808079A43A09358495CB583840D79454D4BB1654E ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:27:21.0612 0x060c TCPIP6 - ok
23:27:21.0675 0x060c [ E64444523ADD154F86567C469BC0B17F, FBE8A1DC28C102068183754F6BF0D03F5D18FD24BEB7E4B57D1CFCEBB13B381F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:27:21.0675 0x060c tcpipreg - ok
23:27:21.0722 0x060c [ 4084EA00D50C858D6F9038F86AE2E2D0, FD7C34311B7F700C7C93B9A8A59D507C53ADF874651C6979979EDF5E21C32FD5 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
23:27:21.0722 0x060c tdcmdpst - ok
23:27:21.0737 0x060c [ 1875C1490D99E70E449E3AFAE9FCBADF, FFDF03826DAB748D51B53B648B632E79B3CD6238F684FDEA749B4D0F93BE5A77 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:27:21.0737 0x060c TDPIPE - ok
23:27:21.0784 0x060c [ 7156308896D34EA75A582F9A09E50C17, B5663B4035EE4D7957D2EDB4F9D3342806CB0E094D9661C6BD6AFC031160F176 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:27:21.0784 0x060c TDTCP - ok
23:27:21.0815 0x060c [ CB39E896A2A83702D1737BFD402B3542, FA77D98EA3606CA2FCEF0E0949FDE2C32A080B47CAFDE46CE903CA3CBFC5DF35 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:27:21.0815 0x060c tdx - ok
23:27:21.0846 0x060c [ C36F41EE20E6999DBF4B0425963268A5, 9DB789A17DF2C283D6E803EEA15F2BDFC56EE3BE342A5606DD5C179C3550ECA6 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:27:21.0846 0x060c TermDD - ok
23:27:21.0909 0x060c [ A01E50A04D7B1960B33E92B9080E6A94, 0512BF11F2FD62BDBD2B1AA34D509BE82AC374C37B925C8C0ED119C6331930FD ] TermService C:\Windows\System32\termsrv.dll
23:27:21.0940 0x060c TermService - ok
23:27:21.0971 0x060c [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
23:27:21.0971 0x060c Themes - ok
23:27:21.0987 0x060c [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
23:27:21.0987 0x060c THREADORDER - ok
23:27:22.0065 0x060c [ FB8448D1B0DA00D70C28ADF9282B31BB, 7342DE5FBCFE6D1B0E916030176A485E8BFD65CD52640807082294D146697DDC ] TMachInfo C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
23:27:22.0065 0x060c TMachInfo - ok
23:27:22.0127 0x060c [ FE65D33B7D4FF07DD1D29526A48DF810, E595370FD907734BC24263661C58F9AF7BDAEAE3BABED65A6C0EF837E17A7F68 ] TODDSrv C:\Windows\system32\TODDSrv.exe
23:27:22.0127 0x060c TODDSrv - ok
23:27:22.0205 0x060c [ 4D689051684EB542187395DC14F28A7F, 6A576E11396D33ED6A1D30CC9E60A2A4019E1C61684E7641A30DA1F84C27CFE4 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
23:27:22.0205 0x060c TOSHIBA eco Utility Service - ok
23:27:22.0236 0x060c [ 94ECABE1BA3559214FE6C3CE6C9677EB, A192E7059297FA18E0FF5B3249D5C367365998ABCFFFEF84B7FE6EDF28AC6103 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
23:27:22.0252 0x060c TOSHIBA HDD SSD Alert Service - ok
23:27:22.0299 0x060c [ 969377943FE7284609BABBAB4E06B93C, 401ABFF0F2157730F8188E1C02C947EB62E9E0BE87DF260C4BCE74F5E8C08A46 ] tos_sps32 C:\Windows\system32\DRIVERS\tos_sps32.sys
23:27:22.0314 0x060c tos_sps32 - ok
23:27:22.0392 0x060c [ 507759E00572524834940DAE5CAFF007, 727552F1B37B556049BE6C220C2C744AE84161F67AE839B73917DB5D3FC47088 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
23:27:22.0408 0x060c TPCHSrv - ok
23:27:22.0486 0x060c [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
23:27:22.0502 0x060c TrkWks - ok
23:27:22.0595 0x060c [ 41A4C781D2286208D397D72099304133, 447CAAD5589AA499EEE49FBA2CB53210359DB76AFF1DF2F0BD4D92A397037C1D ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:27:22.0611 0x060c TrustedInstaller - ok
23:27:22.0642 0x060c [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242, 9606DACB8CBDAF520282BE8C8F064535767405F138D9E9A215D2C59183E93CC1 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:27:22.0642 0x060c tssecsrv - ok
23:27:22.0689 0x060c [ 3E461D890A97F9D4C168F5FDA36E1D00, 82A8778F404F7AC5102802CF46F279F1E58AC74244665D06FD0C68A8BD887536 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:27:22.0689 0x060c tunnel - ok
23:27:22.0736 0x060c [ FC24015B4052600C324C43E3A79C0664, 908DFC8490079FB3178DEF9D3A712F22E4E39D65092401D1003925FCF65EE4DB ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
23:27:22.0751 0x060c TVALZ - ok
23:27:22.0798 0x060c [ 009AECD4C19209B09669A6615EA1E889, 58AEB6CEA36EB5B5A1F22392382773E812D22967C9A107FE03A43C899DBF6DD6 ] TVALZFL C:\Windows\system32\DRIVERS\TVALZFL.sys
23:27:22.0798 0x060c TVALZFL - ok
23:27:22.0845 0x060c [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:27:22.0860 0x060c uagp35 - ok
23:27:22.0923 0x060c [ 09CC3E16F8E5EE7168E01CF8FCBE061A, 81EEAC72A7C4D72666C743DEFF8096FDB465AA1FA8076C60D19CC192846F01CA ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:27:22.0923 0x060c udfs - ok
23:27:22.0970 0x060c [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:27:22.0970 0x060c UI0Detect - ok
23:27:23.0001 0x060c [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
23:27:23.0001 0x060c uliagpkx - ok
23:27:23.0048 0x060c [ 049B3A50B3D646BAEEEE9EEC9B0668DC, 5774438BBD0976424C20559E14BA2AC158D9FF5D4E1FDC1C9C9F4D7A5CE8C377 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:27:23.0048 0x060c umbus - ok
23:27:23.0094 0x060c [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:27:23.0094 0x060c UmPass - ok
23:27:23.0141 0x060c [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
23:27:23.0157 0x060c upnphost - ok
23:27:23.0219 0x060c [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
23:27:23.0219 0x060c USBAAPL - ok
23:27:23.0266 0x060c [ C31AE588E403042632DC796CF09E30B0, 3EA64F9637D6F0AFC9DA70775AC6598828CB289BC1F7B028B3CC22878A443F30 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:27:23.0266 0x060c usbccgp - ok
23:27:23.0266 0x060c USBCCID - ok
23:27:23.0297 0x060c [ 04EC7CEC62EC3B6D9354EEE93327FC82, 6CB41D8644618A5F701F6CA91FB65BB94AA83EA48992133B5262DC539B334B2E ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
23:27:23.0297 0x060c usbcir - ok
23:27:23.0344 0x060c [ E4C436D914768CE965D5E659BA7EEBD8, 4FE0B360D2FE4C8B1D3FA5BD9A0E24CA6C186CD99B72EA58F6B669FABB0B1269 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:27:23.0360 0x060c usbehci - ok
23:27:23.0406 0x060c [ BDCD7156EC37448F08633FD899823620, 557A6E8B1CD43213FCCB247DEC9EEBC12F263DA13CFF72DEE724E830F7F22C33 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:27:23.0422 0x060c usbhub - ok
23:27:23.0469 0x060c [ EB2D819A639015253C871CDA09D91D58, E65757F3D162F26012BF9E16ECA0688BBCAE633AFFD1CE07083A3306376A4E82 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:27:23.0469 0x060c usbohci - ok
23:27:23.0500 0x060c [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:27:23.0500 0x060c usbprint - ok
23:27:23.0562 0x060c [ 576096CCBC07E7C4EA4F5E6686D6888F, 8C643F43BD0017979548389C4DB36A1EE872CCF19C86FAE3752A4989173E28ED ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:27:23.0562 0x060c usbscan - ok
23:27:23.0578 0x060c [ 1C4287739A93594E57E2A9E6A3ED7353, FCA7D01D7A699B2C3514FD30D534C9ABA975D4AC2543546D94BEB224834BCA54 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:27:23.0578 0x060c USBSTOR - ok
23:27:23.0625 0x060c [ 22480BF4E5A09192E5E30BA4DDE79FA4, E5CB29CD419009AC0F641E50E8B0E0B7FF6AD68ADB48A959FFD07A37FCF7B9BE ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:27:23.0625 0x060c usbuhci - ok
23:27:23.0687 0x060c [ B5F6A992D996282B7FAE7048E50AF83A, CE8A3096DB78BD7E660A7B544AD3EE25AE747B3A63359D55B480B7FF1B6BEE8B ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
23:27:23.0703 0x060c usbvideo - ok
23:27:23.0734 0x060c [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
23:27:23.0734 0x060c UxSms - ok
23:27:23.0765 0x060c [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] VaultSvc C:\Windows\system32\lsass.exe
23:27:23.0765 0x060c VaultSvc - ok
23:27:23.0796 0x060c [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
23:27:23.0796 0x060c vdrvroot - ok
23:27:23.0843 0x060c [ 8C4E7C49D3641BC9E299E466A7F8867D, 4F2E742EFE2DE47EE187B3BCDFDCB525FE484B74700A226D7894F9633F957AFA ] vds C:\Windows\System32\vds.exe
23:27:23.0859 0x060c vds - ok
23:27:23.0890 0x060c [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:27:23.0890 0x060c vga - ok
23:27:23.0921 0x060c [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:27:23.0921 0x060c VgaSave - ok
23:27:23.0952 0x060c [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583, 33DF8F7C9A3176175113CA10D69FAF17A5412C055943F14DDC9923531FADB82D ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
23:27:23.0952 0x060c vhdmp - ok
23:27:23.0984 0x060c [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
23:27:23.0984 0x060c viaagp - ok
23:27:24.0015 0x060c [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
23:27:24.0015 0x060c ViaC7 - ok
23:27:24.0046 0x060c [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
23:27:24.0046 0x060c viaide - ok
23:27:24.0077 0x060c [ 384E5A2AA49934295171E499F86BA6F3, C79271F98506392422325C075144F45436F9979FE1E002B57F9426F3DA96CEF0 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
23:27:24.0077 0x060c volmgr - ok
23:27:24.0108 0x060c [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:27:24.0124 0x060c volmgrx - ok
23:27:24.0202 0x060c [ 59F06B4968E58BC83DFC56CA4517960E, F0ACE8D5F30B8C81E4FDE0CEBDBA71A212A3198ED09D92B2B40C48FBB243D3F5 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:27:24.0202 0x060c volsnap - ok
23:27:24.0280 0x060c [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:27:24.0280 0x060c vsmraid - ok
23:27:24.0374 0x060c [ 7EA2BCD94D9CFAF4C556F5CC94532A6C, 7CD6637BE0A08E3B0F9991D79751DCA8AEC9224B83301821DAA29C9F42B7A9E3 ] VSS C:\Windows\system32\vssvc.exe
23:27:24.0452 0x060c VSS - ok
23:27:24.0483 0x060c [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:27:24.0483 0x060c vwifibus - ok
23:27:24.0514 0x060c [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:27:24.0514 0x060c vwififlt - ok
23:27:24.0561 0x060c [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
23:27:24.0561 0x060c W32Time - ok
23:27:24.0592 0x060c [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:27:24.0592 0x060c WacomPen - ok
23:27:24.0639 0x060c [ 692A712062146E96D28BA0B7D75DE31B, B6D260272330E0C8EBFAD8F09212F48F1EFED42E6BD3F29A5780D0B691D55B34 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:27:24.0639 0x060c WANARP - ok
23:27:24.0654 0x060c [ 692A712062146E96D28BA0B7D75DE31B, B6D260272330E0C8EBFAD8F09212F48F1EFED42E6BD3F29A5780D0B691D55B34 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:27:24.0654 0x060c Wanarpv6 - ok
23:27:24.0779 0x060c [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:27:24.0826 0x060c WatAdminSvc - ok
23:27:24.0888 0x060c [ 7790B77FE1E5EE47DCC66247095BB4C9, FFB541F83CDE32E65007D41217C2F46CDDF68121E2846B638EAB620ACA940B05 ] wbengine C:\Windows\system32\wbengine.exe
23:27:24.0951 0x060c wbengine - ok
23:27:24.0982 0x060c [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:27:24.0998 0x060c WbioSrvc - ok
23:27:25.0044 0x060c [ 6D9B75275C3E3A5F51AEF81AFFADB2B6, 0805471A57DDF1974F3F7B36B0DD843731C608D10A1C00B01E6E9D0460098E1A ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:27:25.0076 0x060c wcncsvc - ok
23:27:25.0091 0x060c [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:27:25.0091 0x060c WcsPlugInService - ok
23:27:25.0122 0x060c [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:27:25.0138 0x060c Wd - ok
23:27:25.0200 0x060c [ A840213F1ACDCC175B4D1D5AAEAC0D7A, B20F7CAEEA790290072BC170EBEEADB4C19E1C40DB0B3FE0D4A640D0D82300D6 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:27:25.0232 0x060c Wdf01000 - ok
23:27:25.0263 0x060c [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:27:25.0263 0x060c WdiServiceHost - ok
23:27:25.0278 0x060c [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:27:25.0278 0x060c WdiSystemHost - ok
23:27:25.0341 0x060c [ BB5EC38F8D4600119B4720BC5D4211F1, F04F823A9FE77704F38D773C7350C71727C5E3309CD1EC754519C826A4599476 ] WebClient C:\Windows\System32\webclnt.dll
23:27:25.0341 0x060c WebClient - ok
23:27:25.0372 0x060c [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:27:25.0388 0x060c Wecsvc - ok
23:27:25.0419 0x060c [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:27:25.0419 0x060c wercplsupport - ok
23:27:25.0450 0x060c [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
23:27:25.0466 0x060c WerSvc - ok
23:27:25.0497 0x060c [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:27:25.0497 0x060c WfpLwf - ok
23:27:25.0528 0x060c [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:27:25.0528 0x060c WIMMount - ok
23:27:25.0637 0x060c [ 3FAE8F94296001C32EAB62CD7D82E0FD, 180FAECC426CF8F46700C855022E5865D528B1A20686F96D11080AB2FE2E0430 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:27:25.0668 0x060c WinDefend - ok
23:27:25.0684 0x060c WinHttpAutoProxySvc - ok
23:27:25.0793 0x060c [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:27:25.0793 0x060c Winmgmt - ok
23:27:25.0887 0x060c [ C4F5D3901D1B41D602DDC196E0B95B51, 20FF2A9DEE3ECBFB163DFA62A407E30ED49F609EF46936F286C2A08A24EA3E7C ] WinRM C:\Windows\system32\WsmSvc.dll
23:27:25.0949 0x060c WinRM - ok
23:27:26.0027 0x060c [ 30FC6E5448D0CBAAA95280EEEF7FEDAE, 04374450882504D9031951F4E9317E5A128EBA5A22A3555ACD28BC742861AF9C ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:27:26.0027 0x060c WinUsb - ok
23:27:26.0105 0x060c [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:27:26.0121 0x060c Wlansvc - ok
23:27:26.0246 0x060c [ 6067ACEF367E79914AF628FA1E9B5330, 491A705267B48C103E00B26BBD21FA8829DB03A88343CBC27264CEE5DE8C8DEF ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:27:26.0261 0x060c wlcrasvc - ok
23:27:26.0433 0x060c [ FB01D4AE207B9EFDBABFC55DC95C7E31, E0EFDBBE0BAC275230C8C1A053948C21BCF20B99B92E50939E95FFB9DC87F6BA ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:27:26.0480 0x060c wlidsvc - ok
23:27:26.0495 0x060c [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:27:26.0495 0x060c WmiAcpi - ok
23:27:26.0573 0x060c [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:27:26.0573 0x060c wmiApSrv - ok
23:27:26.0698 0x060c [ 77FBD400984CF72BA0FC4B3489D65F74, 9AA404F17177FEB43A9EA1A86061B452E7C4A93C873E61B68269047519CD433E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:27:26.0729 0x060c WMPNetworkSvc - ok
23:27:26.0792 0x060c [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:27:26.0792 0x060c WPCSvc - ok
23:27:26.0854 0x060c [ B7F658A2EBC07129538AD9AB35212637, 86774A760189E4B126C972A778F890C00C1C30EDD28044DD43B40644A8778B4D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:27:26.0870 0x060c WPDBusEnum - ok
23:27:26.0916 0x060c [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:27:26.0916 0x060c ws2ifsl - ok
23:27:26.0963 0x060c [ A661A76333057B383A06E65F0073222F, B25AEC2B668C61F2E1C6F7AD27706EE10F8B04F09B5D069784131A6B8B5DF570 ] wscsvc C:\Windows\system32\wscsvc.dll
23:27:26.0963 0x060c wscsvc - ok
23:27:26.0979 0x060c WSearch - ok
23:27:27.0104 0x060c [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
23:27:27.0150 0x060c wuauserv - ok
23:27:27.0197 0x060c [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:27:27.0197 0x060c WudfPf - ok
23:27:27.0244 0x060c [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:27:27.0244 0x060c WUDFRd - ok
23:27:27.0306 0x060c [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:27:27.0306 0x060c wudfsvc - ok
23:27:27.0353 0x060c [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc C:\Windows\System32\wwansvc.dll
23:27:27.0369 0x060c WwanSvc - ok
23:27:27.0462 0x060c [ 881B9164AA223AE22B5D35A6EE454094, A85B3059FDCBF969B3DADDEEA69ED3765F6A264D5EB0624092A154509FD0421F ] XobniService C:\Program Files\Xobni\XobniService.exe
23:27:27.0462 0x060c XobniService - ok
23:27:27.0494 0x060c ================ Scan global ===============================
23:27:27.0540 0x060c [ 9A595DF601070DA78C40481120DD2C06, 4C2D6216F212DE9346339ED29152962A39E4435E70F18DD655156727E70818F6 ] C:\Windows\system32\basesrv.dll
23:27:27.0587 0x060c [ 8531AAF69394EFB93BC653916C46D245, 0DD9319AB0E4A714EB51989B2458E46D77F4776DBAD9F65CFA55662BAFB82CD9 ] C:\Windows\system32\winsrv.dll
23:27:27.0603 0x060c [ 8531AAF69394EFB93BC653916C46D245, 0DD9319AB0E4A714EB51989B2458E46D77F4776DBAD9F65CFA55662BAFB82CD9 ] C:\Windows\system32\winsrv.dll
23:27:27.0650 0x060c [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
23:27:27.0712 0x060c [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
23:27:27.0712 0x060c [ Global ] - ok
23:27:27.0728 0x060c ================ Scan MBR ==================================
23:27:27.0743 0x060c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:27:28.0040 0x060c \Device\Harddisk0\DR0 - ok
23:27:28.0040 0x060c ================ Scan VBR ==================================
23:27:28.0055 0x060c [ AB0A3AA5E2E18EE56AD478CF925FAC5F ] \Device\Harddisk0\DR0\Partition1
23:27:28.0055 0x060c \Device\Harddisk0\DR0\Partition1 - ok
23:27:28.0071 0x060c Waiting for KSN requests completion. In queue: 107
23:27:29.0085 0x060c Waiting for KSN requests completion. In queue: 107
23:27:30.0099 0x060c Waiting for KSN requests completion. In queue: 107
23:27:31.0113 0x060c AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.5.216.0 ), 0x60000 ( disabled : updated )
23:27:31.0113 0x060c Win FW state via NFP2: enabled
23:27:33.0718 0x060c ============================================================
23:27:33.0718 0x060c Scan finished
23:27:33.0718 0x060c ============================================================
23:27:33.0734 0x02b0 Detected object count: 0
23:27:33.0734 0x02b0 Actual detected object count: 0
 
That looks clean.

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 04/14/2014 23:53:52
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 7 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IAT @explorer.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Windows\system32\apphelp.dll @ 0x751E5E25)
[Address] EAT @explorer.exe (BeginBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F809AE)
[Address] EAT @explorer.exe (BeginBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F749A1)
[Address] EAT @explorer.exe (BeginPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA0731)
[Address] EAT @explorer.exe (BufferedPaintClear) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F76395)
[Address] EAT @explorer.exe (BufferedPaintInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7940E)
[Address] EAT @explorer.exe (BufferedPaintRenderAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F808ED)
[Address] EAT @explorer.exe (BufferedPaintSetAlpha) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F8E6B3)
[Address] EAT @explorer.exe (BufferedPaintStopAllAnimations) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F8D395)
[Address] EAT @explorer.exe (BufferedPaintUnInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F794AB)
[Address] EAT @explorer.exe (CloseThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F76A18)
[Address] EAT @explorer.exe (DrawThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F73982)
[Address] EAT @explorer.exe (DrawThemeBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F8D9DA)
[Address] EAT @explorer.exe (DrawThemeEdge) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F93B52)
[Address] EAT @explorer.exe (DrawThemeIcon) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA35E7)
[Address] EAT @explorer.exe (DrawThemeParentBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F753E5)
[Address] EAT @explorer.exe (DrawThemeParentBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F751BF)
[Address] EAT @explorer.exe (DrawThemeText) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F74EA1)
[Address] EAT @explorer.exe (DrawThemeTextEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F763E6)
[Address] EAT @explorer.exe (EnableThemeDialogTexture) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7FCAF)
[Address] EAT @explorer.exe (EnableTheming) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA2FEB)
[Address] EAT @explorer.exe (EndBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F73F9A)
[Address] EAT @explorer.exe (EndBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F73F9A)
[Address] EAT @explorer.exe (EndPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA06CC)
[Address] EAT @explorer.exe (GetBufferedPaintBits) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F74BAF)
[Address] EAT @explorer.exe (GetBufferedPaintDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F804BC)
[Address] EAT @explorer.exe (GetBufferedPaintTargetDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F80473)
[Address] EAT @explorer.exe (GetBufferedPaintTargetRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA2E7F)
[Address] EAT @explorer.exe (GetCurrentThemeName) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F805DD)
[Address] EAT @explorer.exe (GetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F80FB1)
[Address] EAT @explorer.exe (GetThemeBackgroundContentRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7CD2E)
[Address] EAT @explorer.exe (GetThemeBackgroundExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7F8BF)
[Address] EAT @explorer.exe (GetThemeBackgroundRegion) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F8165D)
[Address] EAT @explorer.exe (GetThemeBitmap) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7BF93)
[Address] EAT @explorer.exe (GetThemeBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F77C1F)
[Address] EAT @explorer.exe (GetThemeColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7616C)
[Address] EAT @explorer.exe (GetThemeDocumentationProperty) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA2932)
[Address] EAT @explorer.exe (GetThemeEnumValue) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7616C)
[Address] EAT @explorer.exe (GetThemeFilename) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA2412)
[Address] EAT @explorer.exe (GetThemeFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7FF21)
[Address] EAT @explorer.exe (GetThemeInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7616C)
[Address] EAT @explorer.exe (GetThemeIntList) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA23B1)
[Address] EAT @explorer.exe (GetThemeMargins) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F786E9)
[Address] EAT @explorer.exe (GetThemeMetric) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F806E2)
[Address] EAT @explorer.exe (GetThemePartSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7CDB1)
[Address] EAT @explorer.exe (GetThemePosition) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA2350)
[Address] EAT @explorer.exe (GetThemePropertyOrigin) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F93FBB)
[Address] EAT @explorer.exe (GetThemeRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F83611)
[Address] EAT @explorer.exe (GetThemeStream) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F839D9)
[Address] EAT @explorer.exe (GetThemeString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA22E4)
[Address] EAT @explorer.exe (GetThemeSysBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA3172)
[Address] EAT @explorer.exe (GetThemeSysColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F93274)
[Address] EAT @explorer.exe (GetThemeSysColorBrush) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA301E)
[Address] EAT @explorer.exe (GetThemeSysFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA29C4)
[Address] EAT @explorer.exe (GetThemeSysInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA2BD3)
[Address] EAT @explorer.exe (GetThemeSysSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA320B)
[Address] EAT @explorer.exe (GetThemeSysString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA2B3F)
[Address] EAT @explorer.exe (GetThemeTextExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F72D57)
[Address] EAT @explorer.exe (GetThemeTextMetrics) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7F992)
[Address] EAT @explorer.exe (GetThemeTransitionDuration) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F81081)
[Address] EAT @explorer.exe (GetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7DF46)
[Address] EAT @explorer.exe (HitTestThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F83CE3)
[Address] EAT @explorer.exe (IsAppThemed) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7F869)
[Address] EAT @explorer.exe (IsCompositionActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F72E9A)
[Address] EAT @explorer.exe (IsThemeActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7F785)
[Address] EAT @explorer.exe (IsThemeBackgroundPartiallyTransparent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F760AB)
[Address] EAT @explorer.exe (IsThemeDialogTextureEnabled) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA312B)
[Address] EAT @explorer.exe (IsThemePartDefined) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F785B4)
[Address] EAT @explorer.exe (OpenThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F773D2)
[Address] EAT @explorer.exe (OpenThemeDataEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F93D43)
[Address] EAT @explorer.exe (SetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA3296)
[Address] EAT @explorer.exe (SetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F80134)
[Address] EAT @explorer.exe (SetWindowThemeAttribute) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F8CFE6)
[Address] EAT @explorer.exe (ThemeInitApiHook) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73F7B176)
[Address] EAT @explorer.exe (UpdatePanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FA068D)
[Address] EAT @iexplore.exe (BeginBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F809AE)
[Address] EAT @iexplore.exe (BeginBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F749A1)
[Address] EAT @iexplore.exe (BeginPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA0731)
[Address] EAT @iexplore.exe (BufferedPaintClear) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F76395)
[Address] EAT @iexplore.exe (BufferedPaintInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7940E)
[Address] EAT @iexplore.exe (BufferedPaintRenderAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F808ED)
[Address] EAT @iexplore.exe (BufferedPaintSetAlpha) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F8E6B3)
[Address] EAT @iexplore.exe (BufferedPaintStopAllAnimations) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F8D395)
[Address] EAT @iexplore.exe (BufferedPaintUnInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F794AB)
[Address] EAT @iexplore.exe (CloseThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F76A18)
[Address] EAT @iexplore.exe (DrawThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F73982)
[Address] EAT @iexplore.exe (DrawThemeBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F8D9DA)
[Address] EAT @iexplore.exe (DrawThemeEdge) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F93B52)
[Address] EAT @iexplore.exe (DrawThemeIcon) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA35E7)
[Address] EAT @iexplore.exe (DrawThemeParentBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F753E5)
[Address] EAT @iexplore.exe (DrawThemeParentBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F751BF)
[Address] EAT @iexplore.exe (DrawThemeText) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F74EA1)
[Address] EAT @iexplore.exe (DrawThemeTextEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F763E6)
[Address] EAT @iexplore.exe (EnableThemeDialogTexture) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7FCAF)
[Address] EAT @iexplore.exe (EnableTheming) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA2FEB)
[Address] EAT @iexplore.exe (EndBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F73F9A)
[Address] EAT @iexplore.exe (EndBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F73F9A)
[Address] EAT @iexplore.exe (EndPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA06CC)
[Address] EAT @iexplore.exe (GetBufferedPaintBits) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F74BAF)
[Address] EAT @iexplore.exe (GetBufferedPaintDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F804BC)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F80473)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA2E7F)
[Address] EAT @iexplore.exe (GetCurrentThemeName) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F805DD)
[Address] EAT @iexplore.exe (GetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F80FB1)
[Address] EAT @iexplore.exe (GetThemeBackgroundContentRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7CD2E)
[Address] EAT @iexplore.exe (GetThemeBackgroundExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7F8BF)
[Address] EAT @iexplore.exe (GetThemeBackgroundRegion) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F8165D)
[Address] EAT @iexplore.exe (GetThemeBitmap) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7BF93)
[Address] EAT @iexplore.exe (GetThemeBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F77C1F)
[Address] EAT @iexplore.exe (GetThemeColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7616C)
[Address] EAT @iexplore.exe (GetThemeDocumentationProperty) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA2932)
[Address] EAT @iexplore.exe (GetThemeEnumValue) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7616C)
[Address] EAT @iexplore.exe (GetThemeFilename) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA2412)
[Address] EAT @iexplore.exe (GetThemeFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7FF21)
[Address] EAT @iexplore.exe (GetThemeInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7616C)
[Address] EAT @iexplore.exe (GetThemeIntList) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA23B1)
[Address] EAT @iexplore.exe (GetThemeMargins) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F786E9)
[Address] EAT @iexplore.exe (GetThemeMetric) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F806E2)
[Address] EAT @iexplore.exe (GetThemePartSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7CDB1)
[Address] EAT @iexplore.exe (GetThemePosition) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA2350)
[Address] EAT @iexplore.exe (GetThemePropertyOrigin) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F93FBB)
[Address] EAT @iexplore.exe (GetThemeRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F83611)
[Address] EAT @iexplore.exe (GetThemeStream) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F839D9)
[Address] EAT @iexplore.exe (GetThemeString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA22E4)
[Address] EAT @iexplore.exe (GetThemeSysBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA3172)
[Address] EAT @iexplore.exe (GetThemeSysColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F93274)
[Address] EAT @iexplore.exe (GetThemeSysColorBrush) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA301E)
[Address] EAT @iexplore.exe (GetThemeSysFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA29C4)
[Address] EAT @iexplore.exe (GetThemeSysInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA2BD3)
[Address] EAT @iexplore.exe (GetThemeSysSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA320B)
[Address] EAT @iexplore.exe (GetThemeSysString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA2B3F)
[Address] EAT @iexplore.exe (GetThemeTextExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F72D57)
[Address] EAT @iexplore.exe (GetThemeTextMetrics) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7F992)
[Address] EAT @iexplore.exe (GetThemeTransitionDuration) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F81081)
[Address] EAT @iexplore.exe (GetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7DF46)
[Address] EAT @iexplore.exe (HitTestThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F83CE3)
[Address] EAT @iexplore.exe (IsAppThemed) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7F869)
[Address] EAT @iexplore.exe (IsCompositionActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F72E9A)
[Address] EAT @iexplore.exe (IsThemeActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7F785)
[Address] EAT @iexplore.exe (IsThemeBackgroundPartiallyTransparent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F760AB)
[Address] EAT @iexplore.exe (IsThemeDialogTextureEnabled) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA312B)
[Address] EAT @iexplore.exe (IsThemePartDefined) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F785B4)
[Address] EAT @iexplore.exe (OpenThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F773D2)
[Address] EAT @iexplore.exe (OpenThemeDataEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F93D43)
[Address] EAT @iexplore.exe (SetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA3296)
[Address] EAT @iexplore.exe (SetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F80134)
[Address] EAT @iexplore.exe (SetWindowThemeAttribute) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F8CFE6)
[Address] EAT @iexplore.exe (ThemeInitApiHook) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7B176)
[Address] EAT @iexplore.exe (UpdatePanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA068D)
[Address] EAT @iexplore.exe (BeginBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F809AE)
[Address] EAT @iexplore.exe (BeginBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F749A1)
[Address] EAT @iexplore.exe (BeginPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA0731)
[Address] EAT @iexplore.exe (BufferedPaintClear) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F76395)
[Address] EAT @iexplore.exe (BufferedPaintInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7940E)
[Address] EAT @iexplore.exe (BufferedPaintRenderAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F808ED)
[Address] EAT @iexplore.exe (BufferedPaintSetAlpha) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F8E6B3)
[Address] EAT @iexplore.exe (BufferedPaintStopAllAnimations) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F8D395)
[Address] EAT @iexplore.exe (BufferedPaintUnInit) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F794AB)
[Address] EAT @iexplore.exe (CloseThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F76A18)
[Address] EAT @iexplore.exe (DrawThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F73982)
[Address] EAT @iexplore.exe (DrawThemeBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F8D9DA)
[Address] EAT @iexplore.exe (DrawThemeEdge) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F93B52)
[Address] EAT @iexplore.exe (DrawThemeIcon) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA35E7)
[Address] EAT @iexplore.exe (DrawThemeParentBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F753E5)
[Address] EAT @iexplore.exe (DrawThemeParentBackgroundEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F751BF)
[Address] EAT @iexplore.exe (DrawThemeText) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F74EA1)
[Address] EAT @iexplore.exe (DrawThemeTextEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F763E6)
[Address] EAT @iexplore.exe (EnableThemeDialogTexture) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7FCAF)
[Address] EAT @iexplore.exe (EnableTheming) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA2FEB)
[Address] EAT @iexplore.exe (EndBufferedAnimation) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F73F9A)
[Address] EAT @iexplore.exe (EndBufferedPaint) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F73F9A)
[Address] EAT @iexplore.exe (EndPanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA06CC)
[Address] EAT @iexplore.exe (GetBufferedPaintBits) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F74BAF)
[Address] EAT @iexplore.exe (GetBufferedPaintDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F804BC)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetDC) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F80473)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA2E7F)
[Address] EAT @iexplore.exe (GetCurrentThemeName) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F805DD)
[Address] EAT @iexplore.exe (GetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F80FB1)
[Address] EAT @iexplore.exe (GetThemeBackgroundContentRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7CD2E)
[Address] EAT @iexplore.exe (GetThemeBackgroundExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7F8BF)
[Address] EAT @iexplore.exe (GetThemeBackgroundRegion) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F8165D)
[Address] EAT @iexplore.exe (GetThemeBitmap) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7BF93)
[Address] EAT @iexplore.exe (GetThemeBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F77C1F)
[Address] EAT @iexplore.exe (GetThemeColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7616C)
[Address] EAT @iexplore.exe (GetThemeDocumentationProperty) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA2932)
[Address] EAT @iexplore.exe (GetThemeEnumValue) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7616C)
[Address] EAT @iexplore.exe (GetThemeFilename) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA2412)
[Address] EAT @iexplore.exe (GetThemeFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7FF21)
[Address] EAT @iexplore.exe (GetThemeInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7616C)
[Address] EAT @iexplore.exe (GetThemeIntList) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA23B1)
[Address] EAT @iexplore.exe (GetThemeMargins) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F786E9)
[Address] EAT @iexplore.exe (GetThemeMetric) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F806E2)
[Address] EAT @iexplore.exe (GetThemePartSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7CDB1)
[Address] EAT @iexplore.exe (GetThemePosition) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA2350)
[Address] EAT @iexplore.exe (GetThemePropertyOrigin) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F93FBB)
[Address] EAT @iexplore.exe (GetThemeRect) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F83611)
[Address] EAT @iexplore.exe (GetThemeStream) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F839D9)
[Address] EAT @iexplore.exe (GetThemeString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA22E4)
[Address] EAT @iexplore.exe (GetThemeSysBool) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA3172)
[Address] EAT @iexplore.exe (GetThemeSysColor) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F93274)
[Address] EAT @iexplore.exe (GetThemeSysColorBrush) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA301E)
[Address] EAT @iexplore.exe (GetThemeSysFont) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA29C4)
[Address] EAT @iexplore.exe (GetThemeSysInt) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA2BD3)
[Address] EAT @iexplore.exe (GetThemeSysSize) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA320B)
[Address] EAT @iexplore.exe (GetThemeSysString) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA2B3F)
[Address] EAT @iexplore.exe (GetThemeTextExtent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F72D57)
[Address] EAT @iexplore.exe (GetThemeTextMetrics) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7F992)
[Address] EAT @iexplore.exe (GetThemeTransitionDuration) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F81081)
[Address] EAT @iexplore.exe (GetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7DF46)
[Address] EAT @iexplore.exe (HitTestThemeBackground) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F83CE3)
[Address] EAT @iexplore.exe (IsAppThemed) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7F869)
[Address] EAT @iexplore.exe (IsCompositionActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F72E9A)
[Address] EAT @iexplore.exe (IsThemeActive) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7F785)
[Address] EAT @iexplore.exe (IsThemeBackgroundPartiallyTransparent) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F760AB)
[Address] EAT @iexplore.exe (IsThemeDialogTextureEnabled) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA312B)
[Address] EAT @iexplore.exe (IsThemePartDefined) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F785B4)
[Address] EAT @iexplore.exe (OpenThemeData) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F773D2)
[Address] EAT @iexplore.exe (OpenThemeDataEx) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F93D43)
[Address] EAT @iexplore.exe (SetThemeAppProperties) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA3296)
[Address] EAT @iexplore.exe (SetWindowTheme) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F80134)
[Address] EAT @iexplore.exe (SetWindowThemeAttribute) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F8CFE6)
[Address] EAT @iexplore.exe (ThemeInitApiHook) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73F7B176)
[Address] EAT @iexplore.exe (UpdatePanningFeedback) : PROPSYS.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x73FA068D)
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BEVT-26ZCT0 +++++
--- User ---
[MBR] 62a03ea260bf44b62c0615f88e728e8c
[BSP] 335562380b98f5c4651527779a4b6055 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 294695 MB
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 606609408 | Size: 9049 MB
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) SanDisk U3 Cruzer Micro USB Device +++++
--- User ---
[MBR] 0f5a61d3103f5cc8aa13d1c06f08e539
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 245 | Size: 1950 MB
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
Finished : << RKreport[0]_D_04142014_235352.txt >>
RKreport[0]_S_04142014_235301.txt
 
Quick question! Should my Microsoft Security Essentials real time protection be on or off during all this? At the moment its on, and I'm waiting for the Mbytes Root Kit to finish at the moment
 
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2014.04.15.02
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]
4/15/2014 12:06:32 AM
mbar-log-2014-04-15 (00-06-32).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 302918
Time elapsed: 19 minute(s), 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7600 Windows 7 x86
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_30
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 3082801152, free: 1831952384
No address found
Downloaded database version: v2014.04.15.02
Downloaded database version: v2014.03.27.01
=======================================
Initializing...
------------ Kernel report ------------
04/15/2014 00:06:23
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\94844205.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps32.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\rtlprot.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\FwLnk.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt86win7.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\rdsdrvdm.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\RTL8187B.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\clbcatq.dll
\Windows\System32\user32.dll
\Windows\System32\msctf.dll
\Windows\System32\lpk.dll
\Windows\System32\shell32.dll
\Windows\System32\gdi32.dll
\Windows\System32\normaliz.dll
\Windows\System32\oleaut32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\kernel32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\setupapi.dll
\Windows\System32\ole32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\urlmon.dll
\Windows\System32\sechost.dll
\Windows\System32\Wldap32.dll
\Windows\System32\advapi32.dll
\Windows\System32\usp10.dll
\Windows\System32\psapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\wininet.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\imm32.dll
\Windows\System32\nsi.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR3
Upper Device Object: 0xffffffff8706bac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007f\
Lower Device Object: 0xffffffff88316520
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8700b8b8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff861f2028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8700b8b8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8700b4f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8700b8b8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff861f2028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 93C5EB0E
Partition information:
Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 3074048 Numsec = 603535360
Partition file system is NTFS
Partition is bootable
Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 606609408 Numsec = 18532352
Partition is not bootable
Hidden partition VBR is not infected.
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320072933376 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8706bac8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff881bb8c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8706bac8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff88316520, DeviceName: \Device\0000007f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0
Partition information:
Partition 0 type is Other (0xb)
Partition is ACTIVE.
Partition starts at LBA: 245 Numsec = 3995467
Partition file system is FAT32
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 2047678976 bytes
Sector size: 512 bytes
Done!
Scan finished
=======================================
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR3
Upper Device Object: 0xffffffff8706bac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007f\
Lower Device Object: 0xffffffff88316520
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8700b8b8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff861f2028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 93C5EB0E
Partition information:
Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 3074048 Numsec = 603535360
Partition file system is NTFS
Partition is bootable
Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 606609408 Numsec = 18532352
Partition is not bootable
Hidden partition VBR is not infected.
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320072933376 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0
Partition information:
Partition 0 type is Other (0xb)
Partition is ACTIVE.
Partition starts at LBA: 245 Numsec = 3995467
Partition file system is FAT32
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 2047678976 bytes
Sector size: 512 bytes
Done!
 
I'm not seeing too much so far.
What is the file name/location MSE is complaining about?

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Similar threads

midian182
Apple unveils M3 chips powering new MacBook Pros and iMac during Scary Fast Halloween...
Replies
7
Views
500
waclark
W
C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni

Latest posts

Back