Jump to content

Change Mode

houston we have a problem


brownhornet
 Share

Recommended Posts

my buddy dropped off his computer earlier tonight,i ran a few scans and removed some programs and in the middle of removing a program i got this lovely pop-up......0211150014_resized.jpg i have heard of this hijack scam before so im not worried,please advise. BTW computer is not connected to the net.

Link to comment
Share on other sites

i created a rescue disk(USB) using Avast and did a boot scan and that ransomware screen is gone. also installed and scanned using MB. the first scan removed over 300 items the second scan only 33 i think,but i saved a log for you to look at. also the MB that i installed has yet to be updated since the computer is not on the net yet so im guessing there will be more crap on the computer

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/11/2015
Scan Time: 4:17:25 AM
Logfile: scan1.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.11.20.06
Rootkit Database: v2014.11.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Default

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349463
Time Elapsed: 16 min, 27 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
Trojan.Downloader.ED, C:\Users\Default.Default-PC\AppData\Roaming\PC Speed Maximizer\WIN6344.exe, 3448, Delete-on-Reboot, [7ac53904d7a5b482e21966d8c041a45c]

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 30
PUP.Optional.ArcadeCandy.A, C:\Users\Default.Default-PC\AppData\Local\ArcadeCandy, Delete-on-Reboot, [c7782c11ec90fc3a8b56000a2fd43cc4],
PUP.Optional.ArcadeCandy.A, C:\Users\Default.Default-PC\AppData\Local\ArcadeCandy\games@acandy.com, Quarantined, [c7782c11ec90fc3a8b56000a2fd43cc4],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\Retrogamer_2z, Delete-on-Reboot, [9ea1b588720ad165a0ede52c8f74c33d],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\Retrogamer_2z\bar, Delete-on-Reboot, [9ea1b588720ad165a0ede52c8f74c33d],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\Retrogamer_2z\bar\1.bin, Quarantined, [9ea1b588720ad165a0ede52c8f74c33d],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\Retrogamer_2z\bar\2.bin, Delete-on-Reboot, [9ea1b588720ad165a0ede52c8f74c33d],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\Retrogamer_2zEI, Delete-on-Reboot, [5ae5f944c4b883b3e3aa7899c93aa15f],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\Retrogamer_2zEI\Installr, Delete-on-Reboot, [5ae5f944c4b883b3e3aa7899c93aa15f],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\Retrogamer_2zEI\Installr\1.bin, Quarantined, [5ae5f944c4b883b3e3aa7899c93aa15f],
PUP.Optional.GiantSavings.A, C:\Users\Default.Default-PC\AppData\Local\Giant Savings, Quarantined, [b28d61dc6a1263d3b3e85eb9d82b56aa],
PUP.Optional.MindSpark.A, C:\Users\Default.Default-PC\AppData\LocalLow\Retrogamer_2z, Delete-on-Reboot, [4ff07fbe423a55e16deb5dbc49ba50b0],
PUP.Optional.MindSpark.A, C:\Users\Default.Default-PC\AppData\LocalLow\Retrogamer_2z\bar, Delete-on-Reboot, [4ff07fbe423a55e16deb5dbc49ba50b0],
PUP.Optional.MindSpark.A, C:\Users\Default.Default-PC\AppData\LocalLow\Retrogamer_2z\bar\Message, Quarantined, [4ff07fbe423a55e16deb5dbc49ba50b0],
PUP.Optional.MindSpark.A, C:\Users\Default.Default-PC\AppData\LocalLow\Retrogamer_2z\Shared, Quarantined, [4ff07fbe423a55e16deb5dbc49ba50b0],
PUP.Optional.MindSpark.A, C:\Users\Default.Default-PC\AppData\LocalLow\Retrogamer_2zEI, Delete-on-Reboot, [47f8f14c433979bd83d5d54423e08f71],
PUP.Optional.MindSpark.A, C:\Users\Default.Default-PC\AppData\LocalLow\Retrogamer_2zEI\Installr, Quarantined, [47f8f14c433979bd83d5d54423e08f71],
PUP.Optional.Babylon.A, C:\Users\Default.Default-PC\AppData\LocalLow\BabylonToolbar, Quarantined, [1e217ebfed8f171ff041d446689bbf41],
Trojan.Siredef.C, C:\$Recycle.Bin\S-1-5-18\$6a71de3469fd99c7b4590cd522ec619c\U, Quarantined, [9fa02a133c40a98d38f7ef12bd436d93],
Trojan.Siredef.C, C:\$Recycle.Bin\S-1-5-21-4263378259-964094001-1927029533-1000\$6a71de3469fd99c7b4590cd522ec619c\U, Quarantined, [b6893effa8d40c2a68c7946df50b9f61],
Trojan.Siredef.C, C:\$Recycle.Bin\S-1-5-18\$6a71de3469fd99c7b4590cd522ec619c\L, Quarantined, [63dc8fae3e3e96a01021738efb05d42c],
Trojan.Siredef.C, C:\$Recycle.Bin\S-1-5-21-4263378259-964094001-1927029533-1000\$6a71de3469fd99c7b4590cd522ec619c\L, Quarantined, [b7880d304d2f47ef5fd250b13bc5a759],
Trojan.Siredef.C, C:\$Recycle.Bin\S-1-5-18\$6a71de3469fd99c7b4590cd522ec619c, Quarantined, [83bceb52ea92b97d11218d74ec147e82],
Trojan.Siredef.C, C:\$Recycle.Bin\S-1-5-21-4263378259-964094001-1927029533-1000\$6a71de3469fd99c7b4590cd522ec619c, Quarantined, [5ce3e954a9d3a98da88ae41d11efb34d],
Trojan.0Access, C:\Users\Default.Default-PC\AppData\Local\Google\Desktop\Install\{6a71de34-69fd-99c7-b459-0cd522ec619c}\â¤â?¸â??, Delete-on-Reboot, [3d0262db2c50af87d4b825ddcf319e62],
Trojan.0Access, C:\Users\Default.Default-PC\AppData\Local\Google\Desktop\Install\{6a71de34-69fd-99c7-b459-0cd522ec619c}\â¤â?¸â??\â°¢â? â¨, Delete-on-Reboot, [3d0262db2c50af87d4b825ddcf319e62],
Trojan.0Access, C:\Users\Default.Default-PC\AppData\Local\Google\Desktop\Install\{6a71de34-69fd-99c7-b459-0cd522ec619c}\â¤â?¸â??\â°¢â? â¨\â?®ï¯¹à¹?, Delete-on-Reboot, [3d0262db2c50af87d4b825ddcf319e62],
Trojan.0Access, C:\Users\Default.Default-PC\AppData\Local\Google\Desktop\Install\{6a71de34-69fd-99c7-b459-0cd522ec619c}\â¤â?¸â??\â°¢â? â¨\â?®ï¯¹à¹?\{6a71de34-69fd-99c7-b459-0cd522ec619c}, Delete-on-Reboot, [3d0262db2c50af87d4b825ddcf319e62],
Trojan.0Access, C:\Users\Default.Default-PC\AppData\Local\Google\Desktop\Install\{6a71de34-69fd-99c7-b459-0cd522ec619c}\â¤â?¸â??\â°¢â? â¨\â?®ï¯¹à¹?\{6a71de34-69fd-99c7-b459-0cd522ec619c}\L, Quarantined, [3d0262db2c50af87d4b825ddcf319e62],
Trojan.0Access, C:\Users\Default.Default-PC\AppData\Local\Google\Desktop\Install\{6a71de34-69fd-99c7-b459-0cd522ec619c}\â¤â?¸â??\â°¢â? â¨\â?®ï¯¹à¹?\{6a71de34-69fd-99c7-b459-0cd522ec619c}\U, Quarantined, [3d0262db2c50af87d4b825ddcf319e62],
Trojan.0Access, C:\Users\Default.Default-PC\AppData\Local\Google\Desktop\Install\{6a71de34-69fd-99c7-b459-0cd522ec619c}, Delete-on-Reboot, [c27d86b733499d9998f5b052fa068779],

Files: 2
Trojan.Downloader.ED, C:\Users\Default.Default-PC\AppData\Roaming\PC Speed Maximizer\WIN6344.exe, Delete-on-Reboot, [7ac53904d7a5b482e21966d8c041a45c],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\Retrogamer_2z\bar\2.bin\2zbarsvc.exe, Delete-on-Reboot, [9ea1b588720ad165a0ede52c8f74c33d],

Physical Sectors: 0
(No malicious items detected)


(end)

Edited by brownhornet
Link to comment
Share on other sites

Let's try this:

 

xlK5Hdb.pngFarbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpgRun as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

     

Link to comment
Share on other sites

log files:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by Default (administrator) on DEFAULT-PC on 11-02-2015 11:40:24
Running from J:\
Loaded Profiles: Default (Available profiles: Default)
Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exec
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Motive Communications, Inc.) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [hpqSRMon] => [X]
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-02-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFUyWUMtOTRNQVEtUjRRVkctQUFBQzMtVFVKUVMtS1FPQ1g"&"inst=NzctNjUxODk2MDIwLUZMMTArMS1ERFQrODg5OC1ERDEwRisxLVNUMTBGQVBQKzEtR (the data entry has 149 more characters).
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4263378259-964094001-1927029533-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-25] (Google Inc.)
HKU\S-1-5-21-4263378259-964094001-1927029533-1000\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-04] (SUPERAntiSpyware)
HKU\S-1-5-21-4263378259-964094001-1927029533-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-4263378259-964094001-1927029533-1000\...\MountPoints2: {3dde84e4-80f9-11dd-9083-806e6f6e6963} - "E:\World of Warcraft Setup.exe"
HKU\S-1-5-21-4263378259-964094001-1927029533-1000\...\MountPoints2: {96be867e-b1e1-11e4-b064-806e6f6e6963} - J:\LaunchU3.exe -a
HKU\S-1-5-21-4263378259-964094001-1927029533-1000\...\MountPoints2: {fcde14bd-39c5-11e3-8cd2-002354031316} - J:\windows\AutoRun.exe {430A8AE3-8898-4DAB-8C5B-5E8ADA7D571E} 3.0.0.02 VID_19D2&PID_0358 {9B00E99F-83A4-40d4-B987-7EB04F722BB7}
Startup: C:\Users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4263378259-964094001-1927029533-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKU\S-1-5-21-4263378259-964094001-1927029533-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
SearchScopes: HKLM -> {8E697CAE-CCED-4561-814C-E9EA621CEF6E} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM-x32 -> {8E697CAE-CCED-4561-814C-E9EA621CEF6E} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4263378259-964094001-1927029533-1000 -> {8E697CAE-CCED-4561-814C-E9EA621CEF6E} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-4263378259-964094001-1927029533-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/SCRABBLE/Images/stg_drm.ocx
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/SCRABBLE/Images/armhelper.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
StartMenuInternet: IEXPLORE.EXE - %ProgramFiles(x86)%\Internet Explorer\iexplore.exe

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @Retrogamer_2z.com/Plugin -> C:\Program Files (x86)\Retrogamer_2z\bar\2.bin\NP2zStub.dll No File
FF Plugin-x32: @soe.sony.com/installer,version=1.0.3 -> C:\Windows\Downloaded Program Files\npsoe.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-4263378259-964094001-1927029533-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Default.Default-PC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-4263378259-964094001-1927029533-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Default.Default-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: RivalGaming - C:\Users\Default.Default-PC\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com [2012-07-08]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-05]
FF HKU\S-1-5-21-4263378259-964094001-1927029533-1000\...\Firefox\Extensions: [games@acandy.com] - C:\Users\Default.Default-PC\AppData\Local\ArcadeCandy\games@acandy.com

Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Default.Default-PC\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Retrogamer Plugin Stub) - C:\Program Files (x86)\Retrogamer_2z\bar\2.bin\NP2zStub.dll No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Default.Default-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Default.Default-PC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Default.Default-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Default.Default-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-18]
CHR Extension: (Adblock Plus) - C:\Users\Default.Default-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-03-18]
CHR Extension: (Google Search) - C:\Users\Default.Default-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-18]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Default.Default-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2012-05-01]
CHR Extension: (Google Wallet) - C:\Users\Default.Default-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Hover Zoom) - C:\Users\Default.Default-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2012-06-23]
CHR Extension: (Gmail) - C:\Users\Default.Default-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-02] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [303104 2008-02-14] (Motive Communications, Inc.) [File not signed]
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29262680 2009-05-27] (Microsoft Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-09-25] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 CAXHWBS3; C:\Windows\System32\DRIVERS\CAXHWBS3.sys [286208 2008-02-12] (Conexant Systems, Inc.)
R3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1481216 2008-02-12] (Conexant Systems, Inc.)
R3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-08-02] (Apple, Inc.) [File not signed]
S1 aaitnpec; \??\C:\Windows\system32\drivers\aaitnpec.sys [X]
S1 aakcbixx; \??\C:\Windows\system32\drivers\aakcbixx.sys [X]
S1 aakseyra; \??\C:\Windows\system32\drivers\aakseyra.sys [X]
S1 aaoyrtzl; \??\C:\Windows\system32\drivers\aaoyrtzl.sys [X]
S1 aauzykor; \??\C:\Windows\system32\drivers\aauzykor.sys [X]
S1 abakocns; \??\C:\Windows\system32\drivers\abakocns.sys [X]
S1 abawojvx; \??\C:\Windows\system32\drivers\abawojvx.sys [X]
S1 abgiubzh; \??\C:\Windows\system32\drivers\abgiubzh.sys [X]
S1 abvqpxnn; \??\C:\Windows\system32\drivers\abvqpxnn.sys [X]
S1 acalpwrh; \??\C:\Windows\system32\drivers\acalpwrh.sys [X]
S1 acduhfso; \??\C:\Windows\system32\drivers\acduhfso.sys [X]
S1 acgaroke; \??\C:\Windows\system32\drivers\acgaroke.sys [X]
S1 acroctxh; \??\C:\Windows\system32\drivers\acroctxh.sys [X]
S1 acsdjoil; \??\C:\Windows\system32\drivers\acsdjoil.sys [X]
S1 acslaxlr; \??\C:\Windows\system32\drivers\acslaxlr.sys [X]
S1 actmizpc; \??\C:\Windows\system32\drivers\actmizpc.sys [X]
S1 adblgpdu; \??\C:\Windows\system32\drivers\adblgpdu.sys [X]
S1 adirovea; \??\C:\Windows\system32\drivers\adirovea.sys [X]
S1 adklclte; \??\C:\Windows\system32\drivers\adklclte.sys [X]
S1 admpsidu; \??\C:\Windows\system32\drivers\admpsidu.sys [X]
S1 admskhgc; \??\C:\Windows\system32\drivers\admskhgc.sys [X]
S1 adpaoivq; \??\C:\Windows\system32\drivers\adpaoivq.sys [X]
S1 adrcvhju; \??\C:\Windows\system32\drivers\adrcvhju.sys [X]
S1 adzvbqnn; \??\C:\Windows\system32\drivers\adzvbqnn.sys [X]
S1 aebtcggm; \??\C:\Windows\system32\drivers\aebtcggm.sys [X]
S1 aedgprnm; \??\C:\Windows\system32\drivers\aedgprnm.sys [X]
S1 aehxulja; \??\C:\Windows\system32\drivers\aehxulja.sys [X]
S1 aepezbci; \??\C:\Windows\system32\drivers\aepezbci.sys [X]
S1 aevjwvxv; \??\C:\Windows\system32\drivers\aevjwvxv.sys [X]
S1 afcgctnw; \??\C:\Windows\system32\drivers\afcgctnw.sys [X]
S1 afigkgym; \??\C:\Windows\system32\drivers\afigkgym.sys [X]
S1 afktgyim; \??\C:\Windows\system32\drivers\afktgyim.sys [X]
S1 afoipuqm; \??\C:\Windows\system32\drivers\afoipuqm.sys [X]
S1 afzazczk; \??\C:\Windows\system32\drivers\afzazczk.sys [X]
S1 agjrlssq; \??\C:\Windows\system32\drivers\agjrlssq.sys [X]
S1 agsnomje; \??\C:\Windows\system32\drivers\agsnomje.sys [X]
S1 agszpvci; \??\C:\Windows\system32\drivers\agszpvci.sys [X]
S1 ahctjjgt; \??\C:\Windows\system32\drivers\ahctjjgt.sys [X]
S1 ahhgvfuv; \??\C:\Windows\system32\drivers\ahhgvfuv.sys [X]
S1 ahmhlscf; \??\C:\Windows\system32\drivers\ahmhlscf.sys [X]
S1 ahqfknnv; \??\C:\Windows\system32\drivers\ahqfknnv.sys [X]
S1 ahskicvg; \??\C:\Windows\system32\drivers\ahskicvg.sys [X]
S1 aiabwrod; \??\C:\Windows\system32\drivers\aiabwrod.sys [X]
S1 aiazorak; \??\C:\Windows\system32\drivers\aiazorak.sys [X]
S1 aijvtjrj; \??\C:\Windows\system32\drivers\aijvtjrj.sys [X]
S1 ainvzghc; \??\C:\Windows\system32\drivers\ainvzghc.sys [X]
S1 airxxmqq; \??\C:\Windows\system32\drivers\airxxmqq.sys [X]
S1 ajdcvehf; \??\C:\Windows\system32\drivers\ajdcvehf.sys [X]
S1 ajfzucoh; \??\C:\Windows\system32\drivers\ajfzucoh.sys [X]
S1 ajhpygmc; \??\C:\Windows\system32\drivers\ajhpygmc.sys [X]
S1 ajrgdhit; \??\C:\Windows\system32\drivers\ajrgdhit.sys [X]
S1 ajxfxxmw; \??\C:\Windows\system32\drivers\ajxfxxmw.sys [X]
S1 ajzipmun; \??\C:\Windows\system32\drivers\ajzipmun.sys [X]
S1 akcathmx; \??\C:\Windows\system32\drivers\akcathmx.sys [X]
S1 akdrjctj; \??\C:\Windows\system32\drivers\akdrjctj.sys [X]
S1 akeexlog; \??\C:\Windows\system32\drivers\akeexlog.sys [X]
S1 akiafucy; \??\C:\Windows\system32\drivers\akiafucy.sys [X]
S1 akmergnj; \??\C:\Windows\system32\drivers\akmergnj.sys [X]
S1 alcpgikt; \??\C:\Windows\system32\drivers\alcpgikt.sys [X]
S1 alffhwbk; \??\C:\Windows\system32\drivers\alffhwbk.sys [X]
S1 alhirycg; \??\C:\Windows\system32\drivers\alhirycg.sys [X]
S1 alklhxya; \??\C:\Windows\system32\drivers\alklhxya.sys [X]
S1 alkndprw; \??\C:\Windows\system32\drivers\alkndprw.sys [X]
S1 almtyzia; \??\C:\Windows\system32\drivers\almtyzia.sys [X]
S1 alzfnobt; \??\C:\Windows\system32\drivers\alzfnobt.sys [X]
S1 amafadqp; \??\C:\Windows\system32\drivers\amafadqp.sys [X]
S1 amaqvwrn; \??\C:\Windows\system32\drivers\amaqvwrn.sys [X]
S1 amhnvjni; \??\C:\Windows\system32\drivers\amhnvjni.sys [X]
S1 amjbvlry; \??\C:\Windows\system32\drivers\amjbvlry.sys [X]
S1 amjjrcjv; \??\C:\Windows\system32\drivers\amjjrcjv.sys [X]
S1 amwrbvga; \??\C:\Windows\system32\drivers\amwrbvga.sys [X]
S1 andjcdxw; \??\C:\Windows\system32\drivers\andjcdxw.sys [X]
S1 anxmweak; \??\C:\Windows\system32\drivers\anxmweak.sys [X]
S1 anyxqhik; \??\C:\Windows\system32\drivers\anyxqhik.sys [X]
S1 aoavmuzo; \??\C:\Windows\system32\drivers\aoavmuzo.sys [X]
S1 aofwaldl; \??\C:\Windows\system32\drivers\aofwaldl.sys [X]
S1 aojscjmu; \??\C:\Windows\system32\drivers\aojscjmu.sys [X]
S1 aolskbry; \??\C:\Windows\system32\drivers\aolskbry.sys [X]
S1 aoqkjfel; \??\C:\Windows\system32\drivers\aoqkjfel.sys [X]
S1 apdtihrl; \??\C:\Windows\system32\drivers\apdtihrl.sys [X]
S1 apowqhqr; \??\C:\Windows\system32\drivers\apowqhqr.sys [X]
S1 apqxliea; \??\C:\Windows\system32\drivers\apqxliea.sys [X]
S1 apyktdiy; \??\C:\Windows\system32\drivers\apyktdiy.sys [X]
S1 aqkgffsx; \??\C:\Windows\system32\drivers\aqkgffsx.sys [X]
S1 aroegcgd; \??\C:\Windows\system32\drivers\aroegcgd.sys [X]
S1 arpyctfi; \??\C:\Windows\system32\drivers\arpyctfi.sys [X]
S1 arvxqwne; \??\C:\Windows\system32\drivers\arvxqwne.sys [X]
S1 asdusdjy; \??\C:\Windows\system32\drivers\asdusdjy.sys [X]
S1 asrkmecj; \??\C:\Windows\system32\drivers\asrkmecj.sys [X]
S1 assaqghx; \??\C:\Windows\system32\drivers\assaqghx.sys [X]
S1 atdhoswd; \??\C:\Windows\system32\drivers\atdhoswd.sys [X]
S1 atjiojel; \??\C:\Windows\system32\drivers\atjiojel.sys [X]
S1 attazjui; \??\C:\Windows\system32\drivers\attazjui.sys [X]
S1 auilbkqj; \??\C:\Windows\system32\drivers\auilbkqj.sys [X]
S1 aukqqlhi; \??\C:\Windows\system32\drivers\aukqqlhi.sys [X]
S1 aukzhcxm; \??\C:\Windows\system32\drivers\aukzhcxm.sys [X]
S1 aushtvdh; \??\C:\Windows\system32\drivers\aushtvdh.sys [X]
S1 autlkbco; \??\C:\Windows\system32\drivers\autlkbco.sys [X]
S1 auwbqokw; \??\C:\Windows\system32\drivers\auwbqokw.sys [X]
S1 avbzfeta; \??\C:\Windows\system32\drivers\avbzfeta.sys [X]
S1 avhdxbfu; \??\C:\Windows\system32\drivers\avhdxbfu.sys [X]
S1 avjujbqz; \??\C:\Windows\system32\drivers\avjujbqz.sys [X]
S1 avkfwwfk; \??\C:\Windows\system32\drivers\avkfwwfk.sys [X]
S1 avwiqknu; \??\C:\Windows\system32\drivers\avwiqknu.sys [X]
S1 awbpzlys; \??\C:\Windows\system32\drivers\awbpzlys.sys [X]
S1 awdcehom; \??\C:\Windows\system32\drivers\awdcehom.sys [X]
S1 awtrxkoq; \??\C:\Windows\system32\drivers\awtrxkoq.sys [X]
S1 awvldegy; \??\C:\Windows\system32\drivers\awvldegy.sys [X]
S1 axbfxtpu; \??\C:\Windows\system32\drivers\axbfxtpu.sys [X]
S1 axlawvvm; \??\C:\Windows\system32\drivers\axlawvvm.sys [X]
S1 axwngkut; \??\C:\Windows\system32\drivers\axwngkut.sys [X]
S1 axznppkf; \??\C:\Windows\system32\drivers\axznppkf.sys [X]
S1 ayuqmrqr; \??\C:\Windows\system32\drivers\ayuqmrqr.sys [X]
S1 azhkfebi; \??\C:\Windows\system32\drivers\azhkfebi.sys [X]
S1 azizoxph; \??\C:\Windows\system32\drivers\azizoxph.sys [X]
S1 azmtuwjy; \??\C:\Windows\system32\drivers\azmtuwjy.sys [X]
S1 azxevlte; \??\C:\Windows\system32\drivers\azxevlte.sys [X]
S1 baehscip; \??\C:\Windows\system32\drivers\baehscip.sys [X]
S1 bagwvyih; \??\C:\Windows\system32\drivers\bagwvyih.sys [X]
S1 baibofaq; \??\C:\Windows\system32\drivers\baibofaq.sys [X]
S1 bakqucje; \??\C:\Windows\system32\drivers\bakqucje.sys [X]
S1 bavtfeup; \??\C:\Windows\system32\drivers\bavtfeup.sys [X]
S1 bazrcdlw; \??\C:\Windows\system32\drivers\bazrcdlw.sys [X]
S1 bbayhaqv; \??\C:\Windows\system32\drivers\bbayhaqv.sys [X]
S1 bbcbebbe; \??\C:\Windows\system32\drivers\bbcbebbe.sys [X]
S1 bbdryifq; \??\C:\Windows\system32\drivers\bbdryifq.sys [X]
S1 bbiscxre; \??\C:\Windows\system32\drivers\bbiscxre.sys [X]
S1 bbrpriot; \??\C:\Windows\system32\drivers\bbrpriot.sys [X]
S1 bbvkgijg; \??\C:\Windows\system32\drivers\bbvkgijg.sys [X]
S1 bbygoiua; \??\C:\Windows\system32\drivers\bbygoiua.sys [X]
S1 bcfdjwts; \??\C:\Windows\system32\drivers\bcfdjwts.sys [X]
S1 bcipjluv; \??\C:\Windows\system32\drivers\bcipjluv.sys [X]
S1 bclpsyqv; \??\C:\Windows\system32\drivers\bclpsyqv.sys [X]
S1 bcyagtdy; \??\C:\Windows\system32\drivers\bcyagtdy.sys [X]
S1 bczchigy; \??\C:\Windows\system32\drivers\bczchigy.sys [X]
S1 bczutmqv; \??\C:\Windows\system32\drivers\bczutmqv.sys [X]
S1 bdcxooeh; \??\C:\Windows\system32\drivers\bdcxooeh.sys [X]
S1 bdqscjnr; \??\C:\Windows\system32\drivers\bdqscjnr.sys [X]
S1 beohfqgd; \??\C:\Windows\system32\drivers\beohfqgd.sys [X]
S1 bewcvgbb; \??\C:\Windows\system32\drivers\bewcvgbb.sys [X]
S1 bewkjfqo; \??\C:\Windows\system32\drivers\bewkjfqo.sys [X]
S1 bewnmaxc; \??\C:\Windows\system32\drivers\bewnmaxc.sys [X]
S1 bfaqhzjc; \??\C:\Windows\system32\drivers\bfaqhzjc.sys [X]
S1 bfcketri; \??\C:\Windows\system32\drivers\bfcketri.sys [X]
S1 bfetyuby; \??\C:\Windows\system32\drivers\bfetyuby.sys [X]
S1 bfnvgwva; \??\C:\Windows\system32\drivers\bfnvgwva.sys [X]
S1 bfxvbsop; \??\C:\Windows\system32\drivers\bfxvbsop.sys [X]
S1 bgugefzf; \??\C:\Windows\system32\drivers\bgugefzf.sys [X]
S1 bgwnfedv; \??\C:\Windows\system32\drivers\bgwnfedv.sys [X]
S1 bhbvjnsq; \??\C:\Windows\system32\drivers\bhbvjnsq.sys [X]
S1 bhegrsug; \??\C:\Windows\system32\drivers\bhegrsug.sys [X]
S1 bhgxyjma; \??\C:\Windows\system32\drivers\bhgxyjma.sys [X]
S1 bhkmsaox; \??\C:\Windows\system32\drivers\bhkmsaox.sys [X]
S1 bhljvjzw; \??\C:\Windows\system32\drivers\bhljvjzw.sys [X]
S1 bhsiypit; \??\C:\Windows\system32\drivers\bhsiypit.sys [X]
S1 bhsomeom; \??\C:\Windows\system32\drivers\bhsomeom.sys [X]
S1 bhtpgvit; \??\C:\Windows\system32\drivers\bhtpgvit.sys [X]
S1 biejkzbr; \??\C:\Windows\system32\drivers\biejkzbr.sys [X]
S1 biroahmj; \??\C:\Windows\system32\drivers\biroahmj.sys [X]
S1 bistzwzb; \??\C:\Windows\system32\drivers\bistzwzb.sys [X]
S1 biyvljqb; \??\C:\Windows\system32\drivers\biyvljqb.sys [X]
S1 bjqodkku; \??\C:\Windows\system32\drivers\bjqodkku.sys [X]
S1 bjusgfxu; \??\C:\Windows\system32\drivers\bjusgfxu.sys [X]
S1 bkclqepx; \??\C:\Windows\system32\drivers\bkclqepx.sys [X]
S1 bkdujwyy; \??\C:\Windows\system32\drivers\bkdujwyy.sys [X]
S1 bkgdjwcp; \??\C:\Windows\system32\drivers\bkgdjwcp.sys [X]
S1 bkhmehtw; \??\C:\Windows\system32\drivers\bkhmehtw.sys [X]
S1 bkjhaxya; \??\C:\Windows\system32\drivers\bkjhaxya.sys [X]
S1 bkjxozfb; \??\C:\Windows\system32\drivers\bkjxozfb.sys [X]
S1 bkkciuto; \??\C:\Windows\system32\drivers\bkkciuto.sys [X]
S1 bknlwdga; \??\C:\Windows\system32\drivers\bknlwdga.sys [X]
S1 bknzzstl; \??\C:\Windows\system32\drivers\bknzzstl.sys [X]
S1 bkrzdotq; \??\C:\Windows\system32\drivers\bkrzdotq.sys [X]
S1 blbtocbg; \??\C:\Windows\system32\drivers\blbtocbg.sys [X]
S1 blckxzga; \??\C:\Windows\system32\drivers\blckxzga.sys [X]
S1 bldajpew; \??\C:\Windows\system32\drivers\bldajpew.sys [X]
S1 blpxfvrz; \??\C:\Windows\system32\drivers\blpxfvrz.sys [X]
S1 blrvjvpv; \??\C:\Windows\system32\drivers\blrvjvpv.sys [X]
S1 blwygwbq; \??\C:\Windows\system32\drivers\blwygwbq.sys [X]
S1 blxwpfon; \??\C:\Windows\system32\drivers\blxwpfon.sys [X]
S1 bmamnida; \??\C:\Windows\system32\drivers\bmamnida.sys [X]
S1 bmavyxgy; \??\C:\Windows\system32\drivers\bmavyxgy.sys [X]
S1 bmbixfti; \??\C:\Windows\system32\drivers\bmbixfti.sys [X]
S1 bmharneq; \??\C:\Windows\system32\drivers\bmharneq.sys [X]
S1 bmpejquj; \??\C:\Windows\system32\drivers\bmpejquj.sys [X]
S1 bnaykkue; \??\C:\Windows\system32\drivers\bnaykkue.sys [X]
S1 bnmyyflh; \??\C:\Windows\system32\drivers\bnmyyflh.sys [X]
S1 bnpjxdqu; \??\C:\Windows\system32\drivers\bnpjxdqu.sys [X]
S1 boddpjgg; \??\C:\Windows\system32\drivers\boddpjgg.sys [X]
S1 bofqlxsr; \??\C:\Windows\system32\drivers\bofqlxsr.sys [X]
S1 boktthuv; \??\C:\Windows\system32\drivers\boktthuv.sys [X]
S1 bonftweh; \??\C:\Windows\system32\drivers\bonftweh.sys [X]
S1 bonvzlmn; \??\C:\Windows\system32\drivers\bonvzlmn.sys [X]
S1 borxkjqt; \??\C:\Windows\system32\drivers\borxkjqt.sys [X]
S1 botzahpe; \??\C:\Windows\system32\drivers\botzahpe.sys [X]
S1 bouvqeur; \??\C:\Windows\system32\drivers\bouvqeur.sys [X]
S1 bpaqzkdj; \??\C:\Windows\system32\drivers\bpaqzkdj.sys [X]
S1 bpkwaztg; \??\C:\Windows\system32\drivers\bpkwaztg.sys [X]
S1 bpsxdmer; \??\C:\Windows\system32\drivers\bpsxdmer.sys [X]
S1 bptsxrxn; \??\C:\Windows\system32\drivers\bptsxrxn.sys [X]
S1 bpynvglv; \??\C:\Windows\system32\drivers\bpynvglv.sys [X]
S1 bqbvgvjs; \??\C:\Windows\system32\drivers\bqbvgvjs.sys [X]
S1 bqjqqouf; \??\C:\Windows\system32\drivers\bqjqqouf.sys [X]
S1 brcuilax; \??\C:\Windows\system32\drivers\brcuilax.sys [X]
S1 brjnvbmo; \??\C:\Windows\system32\drivers\brjnvbmo.sys [X]
S1 brnodiaq; \??\C:\Windows\system32\drivers\brnodiaq.sys [X]
S1 brrlhszm; \??\C:\Windows\system32\drivers\brrlhszm.sys [X]
S1 brwucpkc; \??\C:\Windows\system32\drivers\brwucpkc.sys [X]
S1 bsdtnekh; \??\C:\Windows\system32\drivers\bsdtnekh.sys [X]
S1 bseeuoax; \??\C:\Windows\system32\drivers\bseeuoax.sys [X]
S1 bsmzbvva; \??\C:\Windows\system32\drivers\bsmzbvva.sys [X]
S1 bsuocqqx; \??\C:\Windows\system32\drivers\bsuocqqx.sys [X]
S1 btawjfgj; \??\C:\Windows\system32\drivers\btawjfgj.sys [X]
S1 btiibvtv; \??\C:\Windows\system32\drivers\btiibvtv.sys [X]
S1 btrjvqbd; \??\C:\Windows\system32\drivers\btrjvqbd.sys [X]
S1 btshbyea; \??\C:\Windows\system32\drivers\btshbyea.sys [X]
S1 btzufyrs; \??\C:\Windows\system32\drivers\btzufyrs.sys [X]
S1 buixqics; \??\C:\Windows\system32\drivers\buixqics.sys [X]
S1 bumankug; \??\C:\Windows\system32\drivers\bumankug.sys [X]
S1 busymyoe; \??\C:\Windows\system32\drivers\busymyoe.sys [X]
S1 buvfilpg; \??\C:\Windows\system32\drivers\buvfilpg.sys [X]
S1 buxefsxj; \??\C:\Windows\system32\drivers\buxefsxj.sys [X]
S1 bvbqboky; \??\C:\Windows\system32\drivers\bvbqboky.sys [X]
S1 bvcckxzu; \??\C:\Windows\system32\drivers\bvcckxzu.sys [X]
S1 bvdyggqn; \??\C:\Windows\system32\drivers\bvdyggqn.sys [X]
S1 bvjjbrfx; \??\C:\Windows\system32\drivers\bvjjbrfx.sys [X]
S1 bvkelbcv; \??\C:\Windows\system32\drivers\bvkelbcv.sys [X]
S1 bvpakqyf; \??\C:\Windows\system32\drivers\bvpakqyf.sys [X]
S1 bvrwuggv; \??\C:\Windows\system32\drivers\bvrwuggv.sys [X]
S1 bvubgwks; \??\C:\Windows\system32\drivers\bvubgwks.sys [X]
S1 bvvjmhka; \??\C:\Windows\system32\drivers\bvvjmhka.sys [X]
S1 bvyfuzjg; \??\C:\Windows\system32\drivers\bvyfuzjg.sys [X]
S1 bvynbasd; \??\C:\Windows\system32\drivers\bvynbasd.sys [X]
S1 bwhqituh; \??\C:\Windows\system32\drivers\bwhqituh.sys [X]
S1 bwizgmqw; \??\C:\Windows\system32\drivers\bwizgmqw.sys [X]
S1 bwnypgva; \??\C:\Windows\system32\drivers\bwnypgva.sys [X]
S1 bxabqpqa; \??\C:\Windows\system32\drivers\bxabqpqa.sys [X]
S1 bxdipfzq; \??\C:\Windows\system32\drivers\bxdipfzq.sys [X]
S1 bxnsqvyc; \??\C:\Windows\system32\drivers\bxnsqvyc.sys [X]
S1 bxoexumr; \??\C:\Windows\system32\drivers\bxoexumr.sys [X]
S1 bxpdllfa; \??\C:\Windows\system32\drivers\bxpdllfa.sys [X]
S1 bxrdjymj; \??\C:\Windows\system32\drivers\bxrdjymj.sys [X]
S1 bynwggnk; \??\C:\Windows\system32\drivers\bynwggnk.sys [X]
S1 bywihiyk; \??\C:\Windows\system32\drivers\bywihiyk.sys [X]
S1 bzfwpzhs; \??\C:\Windows\system32\drivers\bzfwpzhs.sys [X]
S1 bzosbetv; \??\C:\Windows\system32\drivers\bzosbetv.sys [X]
S1 bzukxoke; \??\C:\Windows\system32\drivers\bzukxoke.sys [X]
S1 caanwrku; \??\C:\Windows\system32\drivers\caanwrku.sys [X]
S1 cabrfeei; \??\C:\Windows\system32\drivers\cabrfeei.sys [X]
S1 cagupbao; \??\C:\Windows\system32\drivers\cagupbao.sys [X]
S1 canuhhja; \??\C:\Windows\system32\drivers\canuhhja.sys [X]
S1 canyjqrl; \??\C:\Windows\system32\drivers\canyjqrl.sys [X]
S1 cbcdhgkv; \??\C:\Windows\system32\drivers\cbcdhgkv.sys [X]
S1 cbmsfugk; \??\C:\Windows\system32\drivers\cbmsfugk.sys [X]
S1 cbypivgj; \??\C:\Windows\system32\drivers\cbypivgj.sys [X]
S1 ccboksii; \??\C:\Windows\system32\drivers\ccboksii.sys [X]
S1 ccptpisn; \??\C:\Windows\system32\drivers\ccptpisn.sys [X]
S1 ccsbinfw; \??\C:\Windows\system32\drivers\ccsbinfw.sys [X]
S1 cctlylmk; \??\C:\Windows\system32\drivers\cctlylmk.sys [X]
S1 ccxkufuk; \??\C:\Windows\system32\drivers\ccxkufuk.sys [X]
S1 cdnikbxd; \??\C:\Windows\system32\drivers\cdnikbxd.sys [X]
S1 cdtktqnc; \??\C:\Windows\system32\drivers\cdtktqnc.sys [X]
S1 cdyfmhvr; \??\C:\Windows\system32\drivers\cdyfmhvr.sys [X]
S1 cedrglgs; \??\C:\Windows\system32\drivers\cedrglgs.sys [X]
S1 celcliji; \??\C:\Windows\system32\drivers\celcliji.sys [X]
S1 cerbephe; \??\C:\Windows\system32\drivers\cerbephe.sys [X]
S1 cevewasc; \??\C:\Windows\system32\drivers\cevewasc.sys [X]
S1 cfhsfkie; \??\C:\Windows\system32\drivers\cfhsfkie.sys [X]
S1 cfiihgti; \??\C:\Windows\system32\drivers\cfiihgti.sys [X]
S1 cftrkfvf; \??\C:\Windows\system32\drivers\cftrkfvf.sys [X]
S1 cfwcgwjb; \??\C:\Windows\system32\drivers\cfwcgwjb.sys [X]
S1 cgbanjaf; \??\C:\Windows\system32\drivers\cgbanjaf.sys [X]
S1 cgcsygmj; \??\C:\Windows\system32\drivers\cgcsygmj.sys [X]
S1 cgeywbjj; \??\C:\Windows\system32\drivers\cgeywbjj.sys [X]
S1 cggurdbm; \??\C:\Windows\system32\drivers\cggurdbm.sys [X]
S1 chhljxao; \??\C:\Windows\system32\drivers\chhljxao.sys [X]
S1 chkwxzos; \??\C:\Windows\system32\drivers\chkwxzos.sys [X]
S1 chlqenlk; \??\C:\Windows\system32\drivers\chlqenlk.sys [X]
S1 chuchyxb; \??\C:\Windows\system32\drivers\chuchyxb.sys [X]
S1 chwfzfwp; \??\C:\Windows\system32\drivers\chwfzfwp.sys [X]
S1 chxxrmsh; \??\C:\Windows\system32\drivers\chxxrmsh.sys [X]
S1 chyseiea; \??\C:\Windows\system32\drivers\chyseiea.sys [X]
S1 cidqhvrp; \??\C:\Windows\system32\drivers\cidqhvrp.sys [X]
S1 cifzuaqe; \??\C:\Windows\system32\drivers\cifzuaqe.sys [X]
S1 ciodkasc; \??\C:\Windows\system32\drivers\ciodkasc.sys [X]
S1 ciotjdko; \??\C:\Windows\system32\drivers\ciotjdko.sys [X]
S1 cixhbgdt; \??\C:\Windows\system32\drivers\cixhbgdt.sys [X]
S1 cjbgfxda; \??\C:\Windows\system32\drivers\cjbgfxda.sys [X]
S1 cjhemwsg; \??\C:\Windows\system32\drivers\cjhemwsg.sys [X]
S1 cjsjwhdj; \??\C:\Windows\system32\drivers\cjsjwhdj.sys [X]
S1 cjsspaop; \??\C:\Windows\system32\drivers\cjsspaop.sys [X]
S1 cjvjynss; \??\C:\Windows\system32\drivers\cjvjynss.sys [X]
S1 cjzbfqcy; \??\C:\Windows\system32\drivers\cjzbfqcy.sys [X]
S1 cjzxcqar; \??\C:\Windows\system32\drivers\cjzxcqar.sys [X]
S1 ckdkzhzw; \??\C:\Windows\system32\drivers\ckdkzhzw.sys [X]
S1 ckdrggin; \??\C:\Windows\system32\drivers\ckdrggin.sys [X]
S1 cknikwsm; \??\C:\Windows\system32\drivers\cknikwsm.sys [X]
S1 ckttrkrj; \??\C:\Windows\system32\drivers\ckttrkrj.sys [X]
S1 cktyoqxp; \??\C:\Windows\system32\drivers\cktyoqxp.sys [X]
S1 ckwpdcun; \??\C:\Windows\system32\drivers\ckwpdcun.sys [X]
S1 cldgwckn; \??\C:\Windows\system32\drivers\cldgwckn.sys [X]
S1 clfrmifj; \??\C:\Windows\system32\drivers\clfrmifj.sys [X]
S1 clozkggw; \??\C:\Windows\system32\drivers\clozkggw.sys [X]
S1 cmoavnhm; \??\C:\Windows\system32\drivers\cmoavnhm.sys [X]
S1 cmwdbavm; \??\C:\Windows\system32\drivers\cmwdbavm.sys [X]
S1 cmyvuwrn; \??\C:\Windows\system32\drivers\cmyvuwrn.sys [X]
S1 cnelwjer; \??\C:\Windows\system32\drivers\cnelwjer.sys [X]
S1 cngfjczd; \??\C:\Windows\system32\drivers\cngfjczd.sys [X]
S1 cnktuiow; \??\C:\Windows\system32\drivers\cnktuiow.sys [X]
S1 cnpitchx; \??\C:\Windows\system32\drivers\cnpitchx.sys [X]
S1 cnqyxsca; \??\C:\Windows\system32\drivers\cnqyxsca.sys [X]
S1 cnslpldr; \??\C:\Windows\system32\drivers\cnslpldr.sys [X]
S1 cnyfmfxv; \??\C:\Windows\system32\drivers\cnyfmfxv.sys [X]
S1 cohymzei; \??\C:\Windows\system32\drivers\cohymzei.sys [X]
S1 cojandpx; \??\C:\Windows\system32\drivers\cojandpx.sys [X]
S1 comscrfk; \??\C:\Windows\system32\drivers\comscrfk.sys [X]
S1 covzcmsn; \??\C:\Windows\system32\drivers\covzcmsn.sys [X]
S1 coyegumj; \??\C:\Windows\system32\drivers\coyegumj.sys [X]
S1 cpfqeqin; \??\C:\Windows\system32\drivers\cpfqeqin.sys [X]
S1 cpgcgwhl; \??\C:\Windows\system32\drivers\cpgcgwhl.sys [X]
S1 cpjlufzy; \??\C:\Windows\system32\drivers\cpjlufzy.sys [X]
S1 cpleevee; \??\C:\Windows\system32\drivers\cpleevee.sys [X]
S1 cpshnurd; \??\C:\Windows\system32\drivers\cpshnurd.sys [X]
S1 cptfldkp; \??\C:\Windows\system32\drivers\cptfldkp.sys [X]
S3 cpuz132; \??\C:\Users\DEFAUL~1.DEF\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
S1 cpzbmojt; \??\C:\Windows\system32\drivers\cpzbmojt.sys [X]
S1 cpzpdnue; \??\C:\Windows\system32\drivers\cpzpdnue.sys [X]
S1 cqighdfi; \??\C:\Windows\system32\drivers\cqighdfi.sys [X]
S1 cqmhgvsm; \??\C:\Windows\system32\drivers\cqmhgvsm.sys [X]
S1 cqxtmdlt; \??\C:\Windows\system32\drivers\cqxtmdlt.sys [X]
S1 craujtrs; \??\C:\Windows\system32\drivers\craujtrs.sys [X]
S1 crhhkfmc; \??\C:\Windows\system32\drivers\crhhkfmc.sys [X]
S1 crhrwrvq; \??\C:\Windows\system32\drivers\crhrwrvq.sys [X]
S1 crmnaecd; \??\C:\Windows\system32\drivers\crmnaecd.sys [X]
S1 crsjhzvd; \??\C:\Windows\system32\drivers\crsjhzvd.sys [X]
S1 crvbmypg; \??\C:\Windows\system32\drivers\crvbmypg.sys [X]
S1 crzmytzd; \??\C:\Windows\system32\drivers\crzmytzd.sys [X]
S1 cscdnkhs; \??\C:\Windows\system32\drivers\cscdnkhs.sys [X]
S1 csdaharw; \??\C:\Windows\system32\drivers\csdaharw.sys [X]
S1 csenaqal; \??\C:\Windows\system32\drivers\csenaqal.sys [X]
S1 csfkpcor; \??\C:\Windows\system32\drivers\csfkpcor.sys [X]
S1 csfpjayf; \??\C:\Windows\system32\drivers\csfpjayf.sys [X]
S1 cshhofbj; \??\C:\Windows\system32\drivers\cshhofbj.sys [X]
S1 csjutqru; \??\C:\Windows\system32\drivers\csjutqru.sys [X]
S1 cskdqplv; \??\C:\Windows\system32\drivers\cskdqplv.sys [X]
S1 cskgbdzf; \??\C:\Windows\system32\drivers\cskgbdzf.sys [X]
S1 cspwkqzk; \??\C:\Windows\system32\drivers\cspwkqzk.sys [X]
S1 csvudbfs; \??\C:\Windows\system32\drivers\csvudbfs.sys [X]
S1 ctcruwhk; \??\C:\Windows\system32\drivers\ctcruwhk.sys [X]
S1 ctjtixit; \??\C:\Windows\system32\drivers\ctjtixit.sys [X]
S1 ctlykang; \??\C:\Windows\system32\drivers\ctlykang.sys [X]
S1 ctnyfsaw; \??\C:\Windows\system32\drivers\ctnyfsaw.sys [X]
S1 ctobiukp; \??\C:\Windows\system32\drivers\ctobiukp.sys [X]
S1 ctvyhtyo; \??\C:\Windows\system32\drivers\ctvyhtyo.sys [X]
S1 ctzwqgpd; \??\C:\Windows\system32\drivers\ctzwqgpd.sys [X]
S1 cucibjzn; \??\C:\Windows\system32\drivers\cucibjzn.sys [X]
S1 cuglzawt; \??\C:\Windows\system32\drivers\cuglzawt.sys [X]
S1 cuqdgvif; \??\C:\Windows\system32\drivers\cuqdgvif.sys [X]
S1 cuyqswjp; \??\C:\Windows\system32\drivers\cuyqswjp.sys [X]
S1 cuysjifv; \??\C:\Windows\system32\drivers\cuysjifv.sys [X]
S1 cvirunid; \??\C:\Windows\system32\drivers\cvirunid.sys [X]
S1 cvmljqoq; \??\C:\Windows\system32\drivers\cvmljqoq.sys [X]
S1 cvouwsvu; \??\C:\Windows\system32\drivers\cvouwsvu.sys [X]
S1 cvoyojpy; \??\C:\Windows\system32\drivers\cvoyojpy.sys [X]
S1 cvrhwcjp; \??\C:\Windows\system32\drivers\cvrhwcjp.sys [X]
S1 cwjjjrnu; \??\C:\Windows\system32\drivers\cwjjjrnu.sys [X]
S1 cwzccnpy; \??\C:\Windows\system32\drivers\cwzccnpy.sys [X]
S1 cxgignxz; \??\C:\Windows\system32\drivers\cxgignxz.sys [X]
S1 cxjegubj; \??\C:\Windows\system32\drivers\cxjegubj.sys [X]
S1 cxkuayfb; \??\C:\Windows\system32\drivers\cxkuayfb.sys [X]
S1 cxnvbxsm; \??\C:\Windows\system32\drivers\cxnvbxsm.sys [X]
S1 cxwmvovd; \??\C:\Windows\system32\drivers\cxwmvovd.sys [X]
S1 cyelsrut; \??\C:\Windows\system32\drivers\cyelsrut.sys [X]
S1 cyelzlbf; \??\C:\Windows\system32\drivers\cyelzlbf.sys [X]
S1 cylwmkug; \??\C:\Windows\system32\drivers\cylwmkug.sys [X]
S1 cynibrwt; \??\C:\Windows\system32\drivers\cynibrwt.sys [X]
S1 cytpghkw; \??\C:\Windows\system32\drivers\cytpghkw.sys [X]
S1 cywakmoj; \??\C:\Windows\system32\drivers\cywakmoj.sys [X]
S1 cztkdxlc; \??\C:\Windows\system32\drivers\cztkdxlc.sys [X]
S1 czwevclv; \??\C:\Windows\system32\drivers\czwevclv.sys [X]
S1 dairguft; \??\C:\Windows\system32\drivers\dairguft.sys [X]
S1 dalnutqm; \??\C:\Windows\system32\drivers\dalnutqm.sys [X]
S1 daonjmun; \??\C:\Windows\system32\drivers\daonjmun.sys [X]
S1 dauyorsp; \??\C:\Windows\system32\drivers\dauyorsp.sys [X]
S1 dauytjwv; \??\C:\Windows\system32\drivers\dauytjwv.sys [X]
S1 davxytgm; \??\C:\Windows\system32\drivers\davxytgm.sys [X]
S1 dbbikocp; \??\C:\Windows\system32\drivers\dbbikocp.sys [X]
S1 dbfyzhyn; \??\C:\Windows\system32\drivers\dbfyzhyn.sys [X]
S1 dbgukjra; \??\C:\Windows\system32\drivers\dbgukjra.sys [X]
S1 dbgysluh; \??\C:\Windows\system32\drivers\dbgysluh.sys [X]
S1 dbiclijv; \??\C:\Windows\system32\drivers\dbiclijv.sys [X]
S1 dbkaldqv; \??\C:\Windows\system32\drivers\dbkaldqv.sys [X]
S1 dbmnelet; \??\C:\Windows\system32\drivers\dbmnelet.sys [X]
S1 dbrhjbfq; \??\C:\Windows\system32\drivers\dbrhjbfq.sys [X]
S1 dbvmkbrn; \??\C:\Windows\system32\drivers\dbvmkbrn.sys [X]
S1 dbwmqjos; \??\C:\Windows\system32\drivers\dbwmqjos.sys [X]
S1 dbwrwrtj; \??\C:\Windows\system32\drivers\dbwrwrtj.sys [X]
S1 dbyqkcij; \??\C:\Windows\system32\drivers\dbyqkcij.sys [X]
S1 dcaolrta; \??\C:\Windows\system32\drivers\dcaolrta.sys [X]
S1 dcfrdkxk; \??\C:\Windows\system32\drivers\dcfrdkxk.sys [X]
S1 dckftgyf; \??\C:\Windows\system32\drivers\dckftgyf.sys [X]
S1 dcluysia; \??\C:\Windows\system32\drivers\dcluysia.sys [X]
S1 dclwmwuf; \??\C:\Windows\system32\drivers\dclwmwuf.sys [X]
S1 dcmfbdie; \??\C:\Windows\system32\drivers\dcmfbdie.sys [X]
S1 dcnmcesz; \??\C:\Windows\system32\drivers\dcnmcesz.sys [X]
S1 dcpzhntd; \??\C:\Windows\system32\drivers\dcpzhntd.sys [X]
S1 dctjbbpz; \??\C:\Windows\system32\drivers\dctjbbpz.sys [X]
S1 dcufakot; \??\C:\Windows\system32\drivers\dcufakot.sys [X]
S1 ddcfmsaw; \??\C:\Windows\system32\drivers\ddcfmsaw.sys [X]
S1 ddcpmqnp; \??\C:\Windows\system32\drivers\ddcpmqnp.sys [X]
S1 dddnhkoz; \??\C:\Windows\system32\drivers\dddnhkoz.sys [X]
S1 ddhdvnle; \??\C:\Windows\system32\drivers\ddhdvnle.sys [X]
S1 ddixrbsq; \??\C:\Windows\system32\drivers\ddixrbsq.sys [X]
S1 ddmgtnot; \??\C:\Windows\system32\drivers\ddmgtnot.sys [X]
S1 ddpjvnea; \??\C:\Windows\system32\drivers\ddpjvnea.sys [X]
S1 ddpxrkzv; \??\C:\Windows\system32\drivers\ddpxrkzv.sys [X]
S1 ddvwncum; \??\C:\Windows\system32\drivers\ddvwncum.sys [X]
S1 ddxbdgdh; \??\C:\Windows\system32\drivers\ddxbdgdh.sys [X]
S1 ddxusosm; \??\C:\Windows\system32\drivers\ddxusosm.sys [X]
S1 debmligp; \??\C:\Windows\system32\drivers\debmligp.sys [X]
S1 decjtmrf; \??\C:\Windows\system32\drivers\decjtmrf.sys [X]
S1 declilzf; \??\C:\Windows\system32\drivers\declilzf.sys [X]
S1 deevmcnj; \??\C:\Windows\system32\drivers\deevmcnj.sys [X]
S1 deoahkdy; \??\C:\Windows\system32\drivers\deoahkdy.sys [X]
S1 deyhdncv; \??\C:\Windows\system32\drivers\deyhdncv.sys [X]
S1 dfeuhpab; \??\C:\Windows\system32\drivers\dfeuhpab.sys [X]
S1 dfpomhul; \??\C:\Windows\system32\drivers\dfpomhul.sys [X]
S1 dfptzamn; \??\C:\Windows\system32\drivers\dfptzamn.sys [X]
S1 dfuqpbop; \??\C:\Windows\system32\drivers\dfuqpbop.sys [X]
S1 dfxcstiw; \??\C:\Windows\system32\drivers\dfxcstiw.sys [X]
S1 dfzjbnuc; \??\C:\Windows\system32\drivers\dfzjbnuc.sys [X]
S1 dghplmoj; \??\C:\Windows\system32\drivers\dghplmoj.sys [X]
S1 dghqryec; \??\C:\Windows\system32\drivers\dghqryec.sys [X]
S1 dgohoypy; \??\C:\Windows\system32\drivers\dgohoypy.sys [X]
S1 dgvxexzy; \??\C:\Windows\system32\drivers\dgvxexzy.sys [X]
S1 dhoxzkni; \??\C:\Windows\system32\drivers\dhoxzkni.sys [X]
S1 dhrnauda; \??\C:\Windows\system32\drivers\dhrnauda.sys [X]
S1 ditoieer; \??\C:\Windows\system32\drivers\ditoieer.sys [X]
S1 djahgfpp; \??\C:\Windows\system32\drivers\djahgfpp.sys [X]
S1 djatpigv; \??\C:\Windows\system32\drivers\djatpigv.sys [X]
S1 djjvhebu; \??\C:\Windows\system32\drivers\djjvhebu.sys [X]
S1 djmoczrl; \??\C:\Windows\system32\drivers\djmoczrl.sys [X]
S1 djqfjhcq; \??\C:\Windows\system32\drivers\djqfjhcq.sys [X]
S1 djrgsexo; \??\C:\Windows\system32\drivers\djrgsexo.sys [X]
S1 djsyhcyj; \??\C:\Windows\system32\drivers\djsyhcyj.sys [X]
S1 dkahwsvz; \??\C:\Windows\system32\drivers\dkahwsvz.sys [X]
S1 dknmqdlm; \??\C:\Windows\system32\drivers\dknmqdlm.sys [X]
S1 dkvlcfgh; \??\C:\Windows\system32\drivers\dkvlcfgh.sys [X]
S1 dlkdussh; \??\C:\Windows\system32\drivers\dlkdussh.sys [X]
S1 dlmrlkjb; \??\C:\Windows\system32\drivers\dlmrlkjb.sys [X]
S1 dlmrzmjw; \??\C:\Windows\system32\drivers\dlmrzmjw.sys [X]
S1 dlzivkvw; \??\C:\Windows\system32\drivers\dlzivkvw.sys [X]
S1 dmilidhp; \??\C:\Windows\system32\drivers\dmilidhp.sys [X]
S1 dmiumunj; \??\C:\Windows\system32\drivers\dmiumunj.sys [X]
S1 dmlfpmnt; \??\C:\Windows\system32\drivers\dmlfpmnt.sys [X]
S1 dmnprcso; \??\C:\Windows\system32\drivers\dmnprcso.sys [X]
S1 dmubokla; \??\C:\Windows\system32\drivers\dmubokla.sys [X]
S1 dmvibfhd; \??\C:\Windows\system32\drivers\dmvibfhd.sys [X]
S1 dngznvqq; \??\C:\Windows\system32\drivers\dngznvqq.sys [X]
S1 dntfdfqd; \??\C:\Windows\system32\drivers\dntfdfqd.sys [X]
S1 dobdkaqx; \??\C:\Windows\system32\drivers\dobdkaqx.sys [X]
S1 dobhanom; \??\C:\Windows\system32\drivers\dobhanom.sys [X]
S1 doeghvwd; \??\C:\Windows\system32\drivers\doeghvwd.sys [X]
S1 doocyjce; \??\C:\Windows\system32\drivers\doocyjce.sys [X]
S1 dosvwsdw; \??\C:\Windows\system32\drivers\dosvwsdw.sys [X]
S1 dovithew; \??\C:\Windows\system32\drivers\dovithew.sys [X]
S1 doydjzzy; \??\C:\Windows\system32\drivers\doydjzzy.sys [X]
S1 dpaapelp; \??\C:\Windows\system32\drivers\dpaapelp.sys [X]
S1 dpfxoaiz; \??\C:\Windows\system32\drivers\dpfxoaiz.sys [X]
S1 dphqifqm; \??\C:\Windows\system32\drivers\dphqifqm.sys [X]
S1 dpzdbcup; \??\C:\Windows\system32\drivers\dpzdbcup.sys [X]
S1 dqlswqwx; \??\C:\Windows\system32\drivers\dqlswqwx.sys [X]
S1 dqphksbj; \??\C:\Windows\system32\drivers\dqphksbj.sys [X]
S1 dqylxcka; \??\C:\Windows\system32\drivers\dqylxcka.sys [X]
S1 draoehli; \??\C:\Windows\system32\drivers\draoehli.sys [X]
S1 drfeusov; \??\C:\Windows\system32\drivers\drfeusov.sys [X]
S1 drfwoclx; \??\C:\Windows\system32\drivers\drfwoclx.sys [X]
S1 drgfcuck; \??\C:\Windows\system32\drivers\drgfcuck.sys [X]
S1 drjhqgnk; \??\C:\Windows\system32\drivers\drjhqgnk.sys [X]
S1 dsbjsnid; \??\C:\Windows\system32\drivers\dsbjsnid.sys [X]
S1 dsdzyovv; \??\C:\Windows\system32\drivers\dsdzyovv.sys [X]
S1 dsjlynxq; \??\C:\Windows\system32\drivers\dsjlynxq.sys [X]
S1 dsmenwkn; \??\C:\Windows\system32\drivers\dsmenwkn.sys [X]
S1 dszlhsan; \??\C:\Windows\system32\drivers\dszlhsan.sys [X]
S1 dthkdgto; \??\C:\Windows\system32\drivers\dthkdgto.sys [X]
S1 dtmhgede; \??\C:\Windows\system32\drivers\dtmhgede.sys [X]
S1 dtsbczsi; \??\C:\Windows\system32\drivers\dtsbczsi.sys [X]
S1 dufwjylf; \??\C:\Windows\system32\drivers\dufwjylf.sys [X]
S1 dugmksgv; \??\C:\Windows\system32\drivers\dugmksgv.sys [X]
S1 dugtitcd; \??\C:\Windows\system32\drivers\dugtitcd.sys [X]
S1 duhjhdkc; \??\C:\Windows\system32\drivers\duhjhdkc.sys [X]
S1 dupiuuiz; \??\C:\Windows\system32\drivers\dupiuuiz.sys [X]
S1 duqtxnwv; \??\C:\Windows\system32\drivers\duqtxnwv.sys [X]
S1 dvbkwrrz; \??\C:\Windows\system32\drivers\dvbkwrrz.sys [X]
S1 dvikalhn; \??\C:\Windows\system32\drivers\dvikalhn.sys [X]
S1 dvrcfews; \??\C:\Windows\system32\drivers\dvrcfews.sys [X]
S1 dvwxiirc; \??\C:\Windows\system32\drivers\dvwxiirc.sys [X]
S1 dwemodoo; \??\C:\Windows\system32\drivers\dwemodoo.sys [X]
S1 dwfopklp; \??\C:\Windows\system32\drivers\dwfopklp.sys [X]
S1 dwhhjrzh; \??\C:\Windows\system32\drivers\dwhhjrzh.sys [X]
S1 dwjwogar; \??\C:\Windows\system32\drivers\dwjwogar.sys [X]
S1 dwlkstlu; \??\C:\Windows\system32\drivers\dwlkstlu.sys [X]
S1 dyfmruus; \??\C:\Windows\system32\drivers\dyfmruus.sys [X]
S1 dyqmeeaa; \??\C:\Windows\system32\drivers\dyqmeeaa.sys [X]
S1 dyywtbaf; \??\C:\Windows\system32\drivers\dyywtbaf.sys [X]
S1 dzcmgutk; \??\C:\Windows\system32\drivers\dzcmgutk.sys [X]
S1 dzijhkci; \??\C:\Windows\system32\drivers\dzijhkci.sys [X]
S1 dzpkacet; \??\C:\Windows\system32\drivers\dzpkacet.sys [X]
S1 dzuijpvq; \??\C:\Windows\system32\drivers\dzuijpvq.sys [X]
S1 dzxkiayh; \??\C:\Windows\system32\drivers\dzxkiayh.sys [X]
S1 eaaoazar; \??\C:\Windows\system32\drivers\eaaoazar.sys [X]
S1 eadfkbkd; \??\C:\Windows\system32\drivers\eadfkbkd.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 eaoqrvzq; \??\C:\Windows\system32\drivers\eaoqrvzq.sys [X]
S1 eatfcdzf; \??\C:\Windows\system32\drivers\eatfcdzf.sys [X]
S1 eayuckhv; \??\C:\Windows\system32\drivers\eayuckhv.sys [X]
S1 ebcgrzcr; \??\C:\Windows\system32\drivers\ebcgrzcr.sys [X]
S1 ebiqsjcw; \??\C:\Windows\system32\drivers\ebiqsjcw.sys [X]
S1 ebkkhwyl; \??\C:\Windows\system32\drivers\ebkkhwyl.sys [X]
S1 ebldktwn; \??\C:\Windows\system32\drivers\ebldktwn.sys [X]
S1 ebnhciqj; \??\C:\Windows\system32\drivers\ebnhciqj.sys [X]
S1 ebxlhpzc; \??\C:\Windows\system32\drivers\ebxlhpzc.sys [X]
S1 ecbzizpv; \??\C:\Windows\system32\drivers\ecbzizpv.sys [X]
S1 eccdvzoo; \??\C:\Windows\system32\drivers\eccdvzoo.sys [X]
S1 ecgjruyh; \??\C:\Windows\system32\drivers\ecgjruyh.sys [X]
S1 ecljnacv; \??\C:\Windows\system32\drivers\ecljnacv.sys [X]
S1 ecnrmwlm; \??\C:\Windows\system32\drivers\ecnrmwlm.sys [X]
S1 ecsbtbwm; \??\C:\Windows\system32\drivers\ecsbtbwm.sys [X]
S1 ectdjcai; \??\C:\Windows\system32\drivers\ectdjcai.sys [X]
S1 ecthxtxy; \??\C:\Windows\system32\drivers\ecthxtxy.sys [X]
S1 edcqjfhr; \??\C:\Windows\system32\drivers\edcqjfhr.sys [X]
S1 edhusxhv; \??\C:\Windows\system32\drivers\edhusxhv.sys [X]
S1 edosjinc; \??\C:\Windows\system32\drivers\edosjinc.sys [X]
S1 edsqzdai; \??\C:\Windows\system32\drivers\edsqzdai.sys [X]
S1 edwgluxa; \??\C:\Windows\system32\drivers\edwgluxa.sys [X]
S1 eedgqykx; \??\C:\Windows\system32\drivers\eedgqykx.sys [X]
S1 eehfqqmh; \??\C:\Windows\system32\drivers\eehfqqmh.sys [X]
S1 eezqkrmf; \??\C:\Windows\system32\drivers\eezqkrmf.sys [X]
S1 efkxvtgk; \??\C:\Windows\system32\drivers\efkxvtgk.sys [X]
S1 eflmydps; \??\C:\Windows\system32\drivers\eflmydps.sys [X]
S1 efrgspth; \??\C:\Windows\system32\drivers\efrgspth.sys [X]
S1 eftzkakq; \??\C:\Windows\system32\drivers\eftzkakq.sys [X]
S1 egdezkzs; \??\C:\Windows\system32\drivers\egdezkzs.sys [X]
S1 egdgbdys; \??\C:\Windows\system32\drivers\egdgbdys.sys [X]
S1 eglvqmit; \??\C:\Windows\system32\drivers\eglvqmit.sys [X]
S1 egtocauk; \??\C:\Windows\system32\drivers\egtocauk.sys [X]
S1 egyfgzzz; \??\C:\Windows\system32\drivers\egyfgzzz.sys [X]
S1 ehgaoqaw; \??\C:\Windows\system32\drivers\ehgaoqaw.sys [X]
S1 ehhwqeug; \??\C:\Windows\system32\drivers\ehhwqeug.sys [X]
S1 ehjwgkpn; \??\C:\Windows\system32\drivers\ehjwgkpn.sys [X]
S1 ehlxeouu; \??\C:\Windows\system32\drivers\ehlxeouu.sys [X]
S1 ehmyleqg; \??\C:\Windows\system32\drivers\ehmyleqg.sys [X]
S1 eiutgmkc; \??\C:\Windows\system32\drivers\eiutgmkc.sys [X]
S1 eiwvpqqd; \??\C:\Windows\system32\drivers\eiwvpqqd.sys [X]
S1 eizutpte; \??\C:\Windows\system32\drivers\eizutpte.sys [X]
S1 ejibddck; \??\C:\Windows\system32\drivers\ejibddck.sys [X]
S1 ejpowano; \??\C:\Windows\system32\drivers\ejpowano.sys [X]
S1 ekeygjri; \??\C:\Windows\system32\drivers\ekeygjri.sys [X]
S1 ekfxppjn; \??\C:\Windows\system32\drivers\ekfxppjn.sys [X]
S1 ekkwmkzc; \??\C:\Windows\system32\drivers\ekkwmkzc.sys [X]
S1 ekldcicy; \??\C:\Windows\system32\drivers\ekldcicy.sys [X]
S1 eldpilrl; \??\C:\Windows\system32\drivers\eldpilrl.sys [X]
S1 elghgene; \??\C:\Windows\system32\drivers\elghgene.sys [X]
S1 eljnfebh; \??\C:\Windows\system32\drivers\eljnfebh.sys [X]
S1 elqductc; \??\C:\Windows\system32\drivers\elqductc.sys [X]
S1 elwoougu; \??\C:\Windows\system32\drivers\elwoougu.sys [X]
S1 elwyujwg; \??\C:\Windows\system32\drivers\elwyujwg.sys [X]
S1 emdnfajd; \??\C:\Windows\system32\drivers\emdnfajd.sys [X]
S1 emkovjzg; \??\C:\Windows\system32\drivers\emkovjzg.sys [X]
S1 emoxzksr; \??\C:\Windows\system32\drivers\emoxzksr.sys [X]
S1 enehfdkp; \??\C:\Windows\system32\drivers\enehfdkp.sys [X]
S1 ensuxwpt; \??\C:\Windows\system32\drivers\ensuxwpt.sys [X]
S1 entsiucg; \??\C:\Windows\system32\drivers\entsiucg.sys [X]
S1 enyumixv; \??\C:\Windows\system32\drivers\enyumixv.sys [X]
S1 eoebjfsm; \??\C:\Windows\system32\drivers\eoebjfsm.sys [X]
S1 eoepzasu; \??\C:\Windows\system32\drivers\eoepzasu.sys [X]
S1 eofmnflc; \??\C:\Windows\system32\drivers\eofmnflc.sys [X]
S1 eonwcbje; \??\C:\Windows\system32\drivers\eonwcbje.sys [X]
S1 eooqmvnt; \??\C:\Windows\system32\drivers\eooqmvnt.sys [X]
S1 eooyvstq; \??\C:\Windows\system32\drivers\eooyvstq.sys [X]
S1 eoselnoq; \??\C:\Windows\system32\drivers\eoselnoq.sys [X]
S1 epaknpso; \??\C:\Windows\system32\drivers\epaknpso.sys [X]
S1 epqetrvd; \??\C:\Windows\system32\drivers\epqetrvd.sys [X]
S1 epxejdxo; \??\C:\Windows\system32\drivers\epxejdxo.sys [X]
S1 epzbnhpe; \??\C:\Windows\system32\drivers\epzbnhpe.sys [X]
S1 eqfcqlpz; \??\C:\Windows\system32\drivers\eqfcqlpz.sys [X]
S1 eqgildpv; \??\C:\Windows\system32\drivers\eqgildpv.sys [X]
S1 eqiiqrpx; \??\C:\Windows\system32\drivers\eqiiqrpx.sys [X]
S1 eqjtymsn; \??\C:\Windows\system32\drivers\eqjtymsn.sys [X]
S1 eqntdmqz; \??\C:\Windows\system32\drivers\eqntdmqz.sys [X]
S1 eqoexjua; \??\C:\Windows\system32\drivers\eqoexjua.sys [X]
S1 eqrhahtt; \??\C:\Windows\system32\drivers\eqrhahtt.sys [X]
S1 eqrvtklj; \??\C:\Windows\system32\drivers\eqrvtklj.sys [X]
S1 eqtlwytd; \??\C:\Windows\system32\drivers\eqtlwytd.sys [X]
S1 eqwigvqw; \??\C:\Windows\system32\drivers\eqwigvqw.sys [X]
S1 eraitjbc; \??\C:\Windows\system32\drivers\eraitjbc.sys [X]
S1 erdhqtic; \??\C:\Windows\system32\drivers\erdhqtic.sys [X]
S1 ericmpte; \??\C:\Windows\system32\drivers\ericmpte.sys [X]
S1 erljlxaz; \??\C:\Windows\system32\drivers\erljlxaz.sys [X]
S1 ermjkmgt; \??\C:\Windows\system32\drivers\ermjkmgt.sys [X]
S1 erujecug; \??\C:\Windows\system32\drivers\erujecug.sys [X]
S1 eskmeebb; \??\C:\Windows\system32\drivers\eskmeebb.sys [X]
S1 esnnkzaz; \??\C:\Windows\system32\drivers\esnnkzaz.sys [X]
S1 esrlqael; \??\C:\Windows\system32\drivers\esrlqael.sys [X]
S1 estbupjz; \??\C:\Windows\system32\drivers\estbupjz.sys [X]
S1 esyywzfq; \??\C:\Windows\system32\drivers\esyywzfq.sys [X]
S1 etecpobn; \??\C:\Windows\system32\drivers\etecpobn.sys [X]
S1 eticrjgy; \??\C:\Windows\system32\drivers\eticrjgy.sys [X]
S1 etkwcuzm; \??\C:\Windows\system32\drivers\etkwcuzm.sys [X]
S1 etvbakcr; \??\C:\Windows\system32\drivers\etvbakcr.sys [X]
S1 euhnmplh; \??\C:\Windows\system32\drivers\euhnmplh.sys [X]
S1 eujvfxmp; \??\C:\Windows\system32\drivers\eujvfxmp.sys [X]
S1 eunrshzd; \??\C:\Windows\system32\drivers\eunrshzd.sys [X]
S1 euuzkbhc; \??\C:\Windows\system32\drivers\euuzkbhc.sys [X]
S1 euznwgmd; \??\C:\Windows\system32\drivers\euznwgmd.sys [X]
S1 evcxpuut; \??\C:\Windows\system32\drivers\evcxpuut.sys [X]
S1 evijtapc; \??\C:\Windows\system32\drivers\evijtapc.sys [X]
S1 ewcphitz; \??\C:\Windows\system32\drivers\ewcphitz.sys [X]
S1 ewrxjntr; \??\C:\Windows\system32\drivers\ewrxjntr.sys [X]
S1 ewvbhwme; \??\C:\Windows\system32\drivers\ewvbhwme.sys [X]
S1 ewvqpyjg; \??\C:\Windows\system32\drivers\ewvqpyjg.sys [X]
S1 exoqbicn; \??\C:\Windows\system32\drivers\exoqbicn.sys [X]
S1 exynlxfd; \??\C:\Windows\system32\drivers\exynlxfd.sys [X]
S1 eyinpkru; \??\C:\Windows\system32\drivers\eyinpkru.sys [X]
S1 eyjfhijr; \??\C:\Windows\system32\drivers\eyjfhijr.sys [X]
S1 eyjrxehv; \??\C:\Windows\system32\drivers\eyjrxehv.sys [X]
S1 eylckuep; \??\C:\Windows\system32\drivers\eylckuep.sys [X]
S1 eyqzynpt; \??\C:\Windows\system32\drivers\eyqzynpt.sys [X]
S1 eythctap; \??\C:\Windows\system32\drivers\eythctap.sys [X]
S1 ezissthu; \??\C:\Windows\system32\drivers\ezissthu.sys [X]
S1 ezkxdfbw; \??\C:\Windows\system32\drivers\ezkxdfbw.sys [X]
S1 eznfqoqt; \??\C:\Windows\system32\drivers\eznfqoqt.sys [X]
S1 eztbktqw; \??\C:\Windows\system32\drivers\eztbktqw.sys [X]
S1 ezxgcdnd; \??\C:\Windows\system32\drivers\ezxgcdnd.sys [X]
S1 fadsktad; \??\C:\Windows\system32\drivers\fadsktad.sys [X]
S1 fafmemvm; \??\C:\Windows\system32\drivers\fafmemvm.sys [X]
S1 fajuhcka; \??\C:\Windows\system32\drivers\fajuhcka.sys [X]
S1 fakatdhf; \??\C:\Windows\system32\drivers\fakatdhf.sys [X]
S1 faoavkmf; \??\C:\Windows\system32\drivers\faoavkmf.sys [X]
S1 fawgrqwd; \??\C:\Windows\system32\drivers\fawgrqwd.sys [X]
S1 fbcjphhm; \??\C:\Windows\system32\drivers\fbcjphhm.sys [X]
S1 fbgdgesq; \??\C:\Windows\system32\drivers\fbgdgesq.sys [X]
S1 fbqulzpu; \??\C:\Windows\system32\drivers\fbqulzpu.sys [X]
S1 fbrmviki; \??\C:\Windows\system32\drivers\fbrmviki.sys [X]
S1 fbvcridf; \??\C:\Windows\system32\drivers\fbvcridf.sys [X]
S1 fbvvwgnb; \??\C:\Windows\system32\drivers\fbvvwgnb.sys [X]
S1 fbwhtfuc; \??\C:\Windows\system32\drivers\fbwhtfuc.sys [X]
S1 fcdbxpiu; \??\C:\Windows\system32\drivers\fcdbxpiu.sys [X]
S1 fcfdrfly; \??\C:\Windows\system32\drivers\fcfdrfly.sys [X]
S1 fcfmqjju; \??\C:\Windows\system32\drivers\fcfmqjju.sys [X]
S1 fchkvtdu; \??\C:\Windows\system32\drivers\fchkvtdu.sys [X]
S1 fcixuubo; \??\C:\Windows\system32\drivers\fcixuubo.sys [X]
S1 fcljiwwn; \??\C:\Windows\system32\drivers\fcljiwwn.sys [X]
S1 fcxuycwj; \??\C:\Windows\system32\drivers\fcxuycwj.sys [X]
S1 fdflbfrr; \??\C:\Windows\system32\drivers\fdflbfrr.sys [X]
S1 fdoyacfv; \??\C:\Windows\system32\drivers\fdoyacfv.sys [X]
S1 fdxoeesl; \??\C:\Windows\system32\drivers\fdxoeesl.sys [X]
S1 febylxdj; \??\C:\Windows\system32\drivers\febylxdj.sys [X]
S1 feczrkjr; \??\C:\Windows\system32\drivers\feczrkjr.sys [X]
S1 fegblocg; \??\C:\Windows\system32\drivers\fegblocg.sys [X]
S1 fehjuqxb; \??\C:\Windows\system32\drivers\fehjuqxb.sys [X]
S1 felmbjht; \??\C:\Windows\system32\drivers\fel

Link to comment
Share on other sites

log file #2

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015 02
Ran by Default at 2015-02-11 11:41:38
Running from J:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0.1 - Microsoft Corporation) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader 8.3.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arctic Combat (HKLM-x32\...\Steam App 212370) (Version: - )
ATI AVIVO64 Codecs (Version: 10.0.0.31111 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{345D5B2D-5EF9-2BB8-8225-65AD45C9AA19}) (Version: 3.0.710.0 - ATI Technologies, Inc.)
Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 3.5.2.0 - Auslogics Labs Pty Ltd)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brawl Busters (HKLM-x32\...\Steam App 109410) (Version: - )
BufferChm (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Bullet Run (HKLM-x32\...\Steam App 211880) (Version: - )
Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Canon Digital Camera Solution Disk 40-46 Software Starter Guide (HKLM-x32\...\SoftwareStarterGuide-DCSD40_46) (Version: 1.1.0.1 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.0.4 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.0.0.20 - Canon Inc.)
Canon Personal Printing Guide (HKLM-x32\...\Personal Printing Guide) (Version: 1.0.0.1 - Canon Inc.)
Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSSD1200IS_IXUS95IS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.2.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.4.0.9 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.5.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.2.0.4 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.2.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.8.0.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.3.0.7 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.0.9 - Canon Inc.)
Cards_Calendar_OrderGift_DoMorePlugout (x32 Version: 2.03.0000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2009.0203.2228.40314 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cook'n Recipe Organizer (HKLM-x32\...\Cook'n Recipe Organizer) (Version: - )
Curse Client (HKU\S-1-5-21-4263378259-964094001-1927029533-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.730 - Curse)
CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
CyberLink DVD Suite Deluxe (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: .1707 - CyberLink Corp.)
D1500 (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
D1500_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeviceDiscovery (x32 Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
District 187 (HKLM-x32\...\Steam App 221080) (Version: - )
DJ_SF_03_D1500_ProductContext (x32 Version: 100.0.215.000 - Hewlett-Packard) Hidden
DJ_SF_03_D1500_Software (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
DJ_SF_03_D1500_Software_Min (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
Driver Whiz (HKLM-x32\...\{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}) (Version: 8.0.1 - Driver Whiz)
Dungeons & Dragons Online® (HKLM-x32\...\Steam App 206480) (Version: - )
Embarq Toolbar (HKLM-x32\...\embarqtoolbar) (Version: - )
Enhanced Multimedia Keyboard Solution (HKLM-x32\...\KBD) (Version: - Hewlett-Packard)
eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
EverQuest Free-to-Play (HKLM-x32\...\Steam App 205710) (Version: - )
Expert PDF 7 Reader (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 7.0.1370.0 - Avanquest software)
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
FEAR (HKLM-x32\...\{2B653229-9854-4989-B780-D978F5F13EAB}) (Version: 1.00.0000 - Vivendi Universal Games, Inc.)
Football Superstars (HKLM-x32\...\Steam App 219870) (Version: - )
Forsaken World (HKLM-x32\...\Steam App 36620) (Version: - )
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{2FD94FBC-07AE-475C-B522-BFE899B9048E}) (Version: 2.4 - GARMIN)
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892) (HKLM-x32\...\KB970892_SQL9) (Version: 9.3.4053 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 30.0.1599.101 - Google Inc.)
Google Earth (HKLM-x32\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4601.54 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.165 - Google Inc.) Hidden
GPBaseService (x32 Version: 100.0.187.000 - Hewlett-Packard) Hidden
Hewlett-Packard Active Check for Health Check (x32 Version: 1.1.15.2 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (x32 Version: 2.0.63.2 - HP) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}) (Version: 5.6.0.2510 - Hewlett-Packard)
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Demo (HKLM-x32\...\{97ABD26A-3249-46CB-B2E2-F66E64B2E480}) (Version: 1.00.0000 - Hewlett-Packard)
HP Deskjet D1500 Printer Driver Software 10.0 Rel .3 (HKLM\...\{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}) (Version: 10.0 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Photosmart Essential 3.0 (HKLM\...\HP Photosmart Essential) (Version: 3.0 - HP)
HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.8.0 - Hewlett-Packard Company)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.5 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP Update (HKLM-x32\...\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}) (Version: 4.000.010.008 - Hewlett-Packard)
HPPhotoSmartPhotobookWebPack1 (x32 Version: 2.03.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
HPTCSSetup (HKLM-x32\...\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}) (Version: 1.0.964.2626 - Hewlett-Packard Company)
HydraVision (x32 Version: 4.2.92.0 - ATI Technologies Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{A04DCB25-7040-4935-A30D-8E0A893ABF2D}) (Version: 11.1.2.32 - Apple Inc.)
Java 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Java SE Runtime Environment 6 Update 1 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kids Cam Sticker Factory (HKLM-x32\...\AIMars) (Version: - Smith Micro Software, Inc.)
LibreOffice 3.5 (HKLM-x32\...\{EF790F1C-CB0C-4B95-8C54-60783F3B6661}) (Version: 3.5.4.2 - The Document Foundation)
LightScribe System Software 1.14.17.1 (HKLM-x32\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe)
LightScribeTemplateLabeler (HKLM-x32\...\{305D4B08-5807-4475-B1C8-D54685534864}) (Version: 1.10.23.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version: - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Accounting 2008 (HKLM-x32\...\Microsoft Office Accounting 2008) (Version: 3.0.8627.1 - Microsoft Corporation)
Microsoft Office Accounting 2008 Equifax Addin (HKLM-x32\...\{0C2AF762-0565-4C91-9F55-B8B53BB82A38}) (Version: 3.0.8231.0 - Microsoft Corporation)
Microsoft Office Accounting 2008 Fixed Asset Manager (HKLM-x32\...\{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}) (Version: 3.0.8231.0 - Microsoft Corporation)
Microsoft Office Accounting 2008 PayPal Addin (HKLM-x32\...\{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}) (Version: 3.0.8231.0 - Microsoft Corporation)
Microsoft Office Accounting ADP Payroll Addin (HKLM-x32\...\{5FA793A6-0071-42C1-9355-8F69A428C44F}) (Version: 0.0.0.0 - ADP)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 Trial (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
muvee autoProducer 6.1 (HKLM-x32\...\{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}) (Version: 6.10.050 - muvee Technologies)
My Sirius Studio (HKLM-x32\...\MySiriusStudio) (Version: - )
PCIe Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.71.00.50 - Conexant Systems)
Pirate101 (HKLM-x32\...\{662140BE-138C-4DC1-B4CD-B62C6C855A25}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Poker Night at the Inventory (HKLM-x32\...\Steam App 31280) (Version: - Telltale Games)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.4109 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2926 - CyberLink Corp.)
PowerDirector (x32 Version: 6.5.2926 - CyberLink Corp.) Hidden
PSSWCORE (x32 Version: 2.03.0000 - Hewlett-Packard) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python 2.5.2 (HKLM-x32\...\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}) (Version: 2.5.2150 - Python Software Foundation)
RadarSync PC Updater 2011 (HKU\S-1-5-21-4263378259-964094001-1927029533-1000\...\RadarSync PC Updater 2011) (Version: - RadarSync Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
Skins (x32 Version: 2009.0203.2228.40314 - ATI) Hidden
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
SmartWebPrintingOC (x32 Version: 100.0.189.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 100.0.175.000 - Hewlett-Packard) Hidden
sp44626 (HKLM-x32\...\sp44626) (Version: - Hewlett-Packard)
Status (x32 Version: 100.0.175.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
The Lord of the Rings Online™ v03.02.05.8032 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 03.02.05.8032 - Turbine, Inc.)
Toolbox (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Uninstall Dual Mode Camera (HKLM-x32\...\Dual Mode Camera_is1) (Version: - )
Uninstall EMBARQHelp (HKLM\...\EMBARQHelp) (Version: - )
Unity Web Player (HKU\S-1-5-21-4263378259-964094001-1927029533-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
UnloadSupport (x32 Version: 10.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.5 - Flagship Industries, Inc.)
VideoToolkit01 (x32 Version: 110.0.171.000 - Hewlett-Packard) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.71 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.0.5.14 - WildTangent)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 5.3.0.17055 - Blizzard Entertainment)
Yahoo! Music Jukebox (HKLM-x32\...\Yahoo! Music Engine) (Version: - )
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4263378259-964094001-1927029533-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Default.Default-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-4263378259-964094001-1927029533-1000_Classes\CLSID\{44296ad9-63ae-4948-85a4-65144830345a}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4263378259-964094001-1927029533-1000_Classes\CLSID\{eabf9cb4-cbea-4c3d-a33f-b85e830d7321}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

==================== Restore Points =========================

19-10-2013 02:00:40 Windows Update
19-10-2013 23:02:12 Scheduled Checkpoint
20-10-2013 02:00:24 Windows Update
21-10-2013 02:00:29 Windows Update
22-10-2013 02:00:53 Windows Update
23-10-2013 02:00:26 Windows Update
24-10-2013 02:00:32 Windows Update
25-10-2013 02:00:49 Windows Update
25-10-2013 19:10:03 Windows Update
25-10-2013 19:24:14 Windows Update
25-10-2013 20:22:01 Device Driver Package Install: Apple Network adapters
25-10-2013 20:38:39 Windows Update
26-10-2013 02:00:23 Windows Update
27-10-2013 02:00:21 Windows Update
28-10-2013 02:00:25 Windows Update
29-10-2013 02:00:30 Windows Update
30-10-2013 02:00:25 Windows Update
31-10-2013 02:00:33 Windows Update
01-11-2013 02:00:24 Windows Update
02-11-2013 02:00:24 Windows Update
03-11-2013 02:00:24 Windows Update
03-11-2013 03:00:16 Windows Update
04-11-2013 03:00:25 Windows Update
05-11-2013 03:00:27 Windows Update
06-11-2013 03:00:27 Windows Update
07-11-2013 03:00:28 Windows Update
08-11-2013 03:01:01 Windows Update
09-11-2013 03:01:06 Windows Update
10-11-2013 03:00:27 Windows Update
11-11-2013 03:00:26 Windows Update
11-11-2013 17:42:59 Windows Update
11-11-2013 18:19:12 Windows Update
10-02-2015 23:51:30 Removed NVIDIA PhysX
11-02-2015 00:05:43 Removed muvee autoProducer 6.1
11-02-2015 03:53:49 Removed STOPzilla. Available with Windows Installer version 1.2 and later.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 04:34 - 2006-09-18 13:37 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03C388D3-3CED-4B2D-8CDD-D70D08FD640C} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Default => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {084728B9-4104-4C00-9138-818BB501A6BA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4263378259-964094001-1927029533-1000Core => C:\Users\Default.Default-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {2E05EA37-1F20-4192-BD26-983AE3590B4B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-25] (Piriform Ltd)
Task: {3A1DE1AC-D4C7-4E5F-A705-C861AB35548E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05] (Google Inc.)
Task: {5B1176B9-E697-4663-8201-46BFBF2F6402} - System32\Tasks\RMSchedule => C:\Program Files (x86)\PC Tools Registry Mechanic\RegMech.exe
Task: {80CD46F2-9F71-4BCB-A7A0-6DE5AA4E0282} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {80FA0C7F-513D-4DF5-BF90-4EE58EDEDC21} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9C1D18E2-2E4B-4960-B686-D314F04E36A4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4263378259-964094001-1927029533-1000UA => C:\Users\Default.Default-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {BCEE25B8-E37C-436A-8DDD-983A7A5F91FD} - System32\Tasks\HPCeeScheduleForDefault => C:\Program Files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-12-17] (Hewlett-Packard)
Task: {C4B492F5-5214-4C42-9947-5D10C13F8AA4} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-02] (Hewlett-Packard)
Task: {C9B961BA-DB6E-4D8A-8B11-E0366AC08587} - System32\Tasks\RGames Updater => C:\Users\Default.Default-PC\AppData\Local\RivalGaming\Updater.exe
Task: {DAE884C1-0C4A-4E20-A0F1-0B1505C99AE2} - System32\Tasks\{BC206A84-9349-4D43-89E2-08B57A9A5188} => pcalua.exe -a E:\Installer.exe -d E:\
Task: {FC2C21A9-9804-4A0E-A189-B3C0327BCBEF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05] (Google Inc.)
Task: {FDEE9F6A-7FC5-4FC6-A0FA-CD37D9A51BC3} - System32\Tasks\RMAutoUpdate => C:\Program Files (x86)\PC Tools Registry Mechanic\SULauncher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4263378259-964094001-1927029533-1000Core.job => C:\Users\Default.Default-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4263378259-964094001-1927029533-1000UA.job => C:\Users\Default.Default-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDefault.job => C:\Program Files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe
Task: C:\Windows\Tasks\RGames Updater.job => C:\Users\Default.Default-PC\AppData\Local\RivalGaming\Updater.exe
Task: C:\Windows\Tasks\RMAutoUpdate.job => C:\Program Files (x86)\PC Tools Registry Mechanic\SULauncher.exe
Task: C:\Windows\Tasks\RMSchedule.job => C:\Program Files (x86)\PC Tools Registry Mechanic\RegMech.exe

==================== Loaded Modules (whitelisted) ==============

2012-09-25 10:38 - 2012-09-25 10:38 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2009-02-03 21:00 - 2009-02-03 21:00 - 00120320 _____ () C:\Windows\system32\atitmm64.dll
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\Drivers\fotcmwix.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\gbmlhlom.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\lgrarhws.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\otdfkuws.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\wcnakoye.sys:changelist
AlternateDataStreams: C:\ProgramData\TEMP:2BDCFAD6
AlternateDataStreams: C:\ProgramData\TEMP:2D5907B8
AlternateDataStreams: C:\ProgramData\TEMP:6E897B76
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4263378259-964094001-1927029533-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Default.Default-PC\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk => C:\Windows\pss\ymetray.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\Default.Default-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPAdvisor => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
MSCONFIG\startupreg: hpsysdrv => c:\hp\support\hpsysdrv.exe
MSCONFIG\startupreg: IAAnotif => "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KBD => C:\HP\KBD\KbdStub.EXE
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SPMTray => "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"
MSCONFIG\startupreg: SSDMonitor => "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
MSCONFIG\startupreg: Windows Mobile-based device management => %windir%\WindowsMobile\wmdSync.exe
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"
MSCONFIG\startupreg: {10DFCA9E-EFBA-4C73-B7DA-0C827B882010} => rundll32 "C:\Users\Default.Default-PC\AppData\Local\{75F4020C-E2D7-4E46-8FBA-CE678BC38C6C}\{10DFCA9E-EFBA-4C73-B7DA-0C827B882010}\gponnpakpi.dll",DllRegisterServer

==================== Accounts: =============================

Administrator (S-1-5-21-4263378259-964094001-1927029533-500 - Administrator - Disabled)
ASPNET (S-1-5-21-4263378259-964094001-1927029533-1005 - Limited - Enabled)
Default (S-1-5-21-4263378259-964094001-1927029533-1000 - Administrator - Enabled) => C:\Users\Default.Default-PC
Guest (S-1-5-21-4263378259-964094001-1927029533-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (09/07/2009 03:04:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1192 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/07/2009 02:51:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/07/2009 02:44:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/07/2009 02:44:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/07/2009 02:43:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/07/2009 02:43:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2015-02-11 11:41:33.659
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-11 11:41:33.378
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-11 11:41:33.082
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-11 11:41:32.770
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-11 11:41:32.380
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-11 11:41:32.083
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-11 11:41:31.802
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-11 11:41:31.490
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-11 04:24:24.517
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-11 04:24:24.252
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 41%
Total physical RAM: 4094.33 MB
Available physical RAM: 2393.48 MB
Total Pagefile: 8413.95 MB
Available Pagefile: 6814.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:452.98 GB) (Free:183.53 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.78 GB) (Free:1.73 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (WOW5.0.0_d2) (CDROM) (Total:7.74 GB) (Free:0 GB) UDF
Drive j: () (Removable) (Total:14.63 GB) (Free:12.64 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=453 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.8 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 14.6 GB) (Disk ID: EB302EC7)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=0C)

==================== End Of Log ============================

Link to comment
Share on other sites

This is bad....

 

I want you to run this FRST script, then we'll do a follow up with a different tool.

 

Running from J:\

 

We'll either have to make very sure you can place the fixlog in this directory or, move FRST to desktop

 

~~~~~~~~~~`

Please go to your J:\ drive, locate Farbar Recovery Scan Tool, right click and select CUT

Go to an open spot on your desktop, right click and select PASTE

You should now have Farbar Recovery Scan Tool on your desktop.

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

 

FRSTfix.JPG

 

 

start

CloseProcesses:

HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/w...VFVKUVMtS1FPQ1g"&"inst=NzctNjUxODk2MDIwLUZMMTArMS1ERFQrODg5OC1ERDEwRisxLVNUMTBGQVBQKzEtR (the data entry has 149 more characters).

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?

HKU\S-1-5-21-4263378259-964094001-1927029533-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-4263378259-964094001-1927029533-1000 -> {8E697CAE-CCED-4561-814C-E9EA621CEF6E} URL =

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin-x32: @Retrogamer_2z.com/Plugin -> C:\Program Files (x86)\Retrogamer_2z\bar\2.bin\NP2zStub.dll No File

FF Plugin-x32: @soe.sony.com/installer,version=1.0.3 -> C:\Windows\Downloaded Program Files\npsoe.dll No File

FF HKU\S-1-5-21-4263378259-964094001-1927029533-1000\...\Firefox\Extensions: [games@acandy.com] - C:\Users\Default.Default-PC\AppData\Local\ArcadeCandy\games@acandy.com

S3 X6va006; \??\C:\Users\DEFAUL~1.DEF\AppData\Local\Temp\0065E3E.tmp [X]

2013-11-11 14:54 - 2013-11-11 14:54 - 0300544 _____ () C:\Users\Default.Default-PC\AppData\Roaming\7dmDTxVfj

2013-11-12 10:20 - 2013-11-12 10:20 - 0299520 _____ () C:\Users\Default.Default-PC\AppData\Roaming\cY5mr8tJrBn

2013-11-11 14:47 - 2013-11-11 14:47 - 0299520 _____ () C:\Users\Default.Default-PC\AppData\Roaming\gSJZFIfpv

2013-11-11 14:59 - 2013-11-11 14:59 - 0300544 _____ () C:\Users\Default.Default-PC\AppData\Roaming\Ju6KByzi

2013-11-11 18:09 - 2013-11-11 18:09 - 0299520 _____ () C:\Users\Default.Default-PC\AppData\Roaming\yfvak0WHK

2013-11-12 10:20 - 2013-11-12 10:20 - 0299520 _____ () C:\Users\Default.Default-PC\AppData\Local\0T8zl5vCxiD

2013-11-11 17:37 - 2013-11-11 17:37 - 0300544 _____ () C:\Users\Default.Default-PC\AppData\Local\CWXBihIoFg

2013-11-11 18:09 - 2013-11-11 18:09 - 0299520 _____ () C:\Users\Default.Default-PC\AppData\Local\gn91ks2V

2013-11-11 14:59 - 2013-11-11 14:59 - 0300544 _____ () C:\Users\Default.Default-PC\AppData\Local\HWUuC9unFv9

2013-11-11 14:47 - 2013-11-11 14:47 - 0299520 _____ () C:\Users\Default.Default-PC\AppData\Local\k2OKvzz9tza

2013-11-11 14:54 - 2013-11-11 14:54 - 0300544 _____ () C:\Users\Default.Default-PC\AppData\Local\XNWU5ouMAK

2013-11-11 14:59 - 2013-11-11 14:59 - 0300544 _____ () C:\ProgramData\1hjraqyzKyk

2011-04-25 00:31 - 2011-04-25 00:31 - 0000336 ____H () C:\ProgramData\47177480

2013-11-11 17:37 - 2013-11-11 17:37 - 0300544 _____ () C:\ProgramData\6Qo79AE6PIC

2013-11-11 14:47 - 2013-11-11 14:47 - 0299520 _____ () C:\ProgramData\7KJ0cOFTaAF

2013-11-11 18:09 - 2013-11-11 18:09 - 0299520 _____ () C:\ProgramData\vxJFYSOVoV

2013-11-11 14:54 - 2013-11-11 14:54 - 0300544 _____ () C:\ProgramData\xxNMbgiw

2013-11-12 10:20 - 2013-11-12 10:20 - 0299520 _____ () C:\ProgramData\zvEh2lD778

2011-04-25 00:32 - 2011-04-25 00:32 - 0000120 ____H () C:\ProgramData\~47177480

2011-04-25 00:32 - 2011-04-25 00:32 - 0000136 ____H () C:\ProgramData\~47177480r

ZeroAccess:

C:\Users\Default.Default-PC\AppData\Local\Google\Desktop\Install

C:\Users\Default.Default-PC\AppData\Local\Temp\11366151302323.exe

C:\Users\Default.Default-PC\AppData\Local\Temp\InstallFlashPlayer.exe

C:\Users\Default.Default-PC\AppData\Local\Temp\notepad.exe

C:\Users\Default.Default-PC\AppData\Local\Temp\Player_Setup.exe

C:\Users\Default.Default-PC\AppData\Local\Temp\Quarantine.exe

C:\Users\Default.Default-PC\AppData\Local\Temp\sqlite3.dll

C:\Users\Default.Default-PC\AppData\Local\Temp\Uninstaller-5236.exe

C:\Users\Default.Default-PC\AppData\Local\Temp\_is4D35.exe

C:\Users\Default.Default-PC\AppData\Local\Temp\_is703F.exe

C:\Users\Default.Default-PC\AppData\Local\Temp\_is8804.exe

Task: {5B1176B9-E697-4663-8201-46BFBF2F6402} - System32\Tasks\RMSchedule => C:\Program Files (x86)\PC Tools Registry Mechanic\RegMech.exe

Task: {FDEE9F6A-7FC5-4FC6-A0FA-CD37D9A51BC3} - System32\Tasks\RMAutoUpdate => C:\Program Files (x86)\PC Tools Registry Mechanic\SULauncher.exe

Task: C:\Windows\Tasks\RMAutoUpdate.job => C:\Program Files (x86)\PC Tools Registry Mechanic\SULauncher.exe

Task: C:\Windows\Tasks\RMSchedule.job => C:\Program Files (x86)\PC Tools Registry Mechanic\RegMech.exe

AlternateDataStreams: C:\Windows\system32\Drivers\fotcmwix.sys:changelist

AlternateDataStreams: C:\Windows\system32\Drivers\gbmlhlom.sys:changelist

AlternateDataStreams: C:\Windows\system32\Drivers\lgrarhws.sys:changelist

AlternateDataStreams: C:\Windows\system32\Drivers\otdfkuws.sys:changelist

AlternateDataStreams: C:\Windows\system32\Drivers\wcnakoye.sys:changelist

AlternateDataStreams: C:\ProgramData\TEMP:2BDCFAD6

AlternateDataStreams: C:\ProgramData\TEMP:2D5907B8

AlternateDataStreams: C:\ProgramData\TEMP:6E897B76

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

C:\Users\Default.Default-PC\AppData\Local\{75F4020C-E2D7-4E46-8FBA-CE678BC38C6C}\{10DFCA9E-EFBA-4C73-B7DA-0C827B882010}\gponnpakpi.dll

EmptyTemp:

Hosts:

End

Open FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

~~~~~~~~~~~~~~~~~~~~~~~~`

 

bullseye_zpse9eaf36e.gifMalwarebytes Anti-Rootkit

  • Download Malwarebytes Anti-Rootkit
  • Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
  • Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
  • Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
  • Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
  • After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
  • Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
  • If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.
MBAMAnti-Rootkit1_zps4613be8c.png
  • Please click by the introduction screen on the Next button to continue.
MBAMAnti-Rootkit2update_zpsf85fca28.png
  • Next you will see the Update Database screen.
  • Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.
MBAMAnti-Rootkitupdatecomplete_zpscf9f4c
  • When the update has finished, click on the Next button.
MBAMAnti-Rootkitscan_zps9b346fe7.png
  • Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
  • Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.
MBAMAnti-Rootkitscan-results_zps9f0fdf8e
  • When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
  • Make sure everything is selected and that the option to create a restore point is checked.
  • Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
  • Click on Yes button to restart your computer.
  • There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
  • The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
    • For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
  • The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

please post

Fixlog.txt

mbar-log

Link to comment
Share on other sites

not sure how or why but i couldnt figure out how to install MB as per your instructions,i downloaded and run it anyway and it found no maleware.

 

scan log from FRST:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 02
Ran by Default at 2015-02-11 14:25:59 Run:1
Running from C:\Users\Default.Default-PC\Desktop
Loaded Profiles: Default (Available profiles: Default)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/w...VFVKUVMtS1FPQ1g"&"inst=NzctNjUxODk2MDIwLUZMMTArMS1ERFQrODg5OC1ERDEwRisxLVNUMTBGQVBQKzEtR (the data entry has 149 more characters).
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-4263378259-964094001-1927029533-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4263378259-964094001-1927029533-1000 -> {8E697CAE-CCED-4561-814C-E9EA621CEF6E} URL =
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @Retrogamer_2z.com/Plugin -> C:\Program Files (x86)\Retrogamer_2z\bar\2.bin\NP2zStub.dll No File
FF Plugin-x32: @soe.sony.com/installer,version=1.0.3 -> C:\Windows\Downloaded Program Files\npsoe.dll No File
FF HKU\S-1-5-21-4263378259-964094001-1927029533-1000\...\Firefox\Extensions: [games@acandy.com] - C:\Users\Default.Default-PC\AppData\Local\ArcadeCandy\games@acandy.com
S3 X6va006; \??\C:\Users\DEFAUL~1.DEF\AppData\Local\Temp\0065E3E.tmp [X]
2013-11-11 14:54 - 2013-11-11 14:54 - 0300544 _____ () C:\Users\Default.Default-PC\AppData\Roaming\7dmDTxVfj
2013-11-12 10:20 - 2013-11-12 10:20 - 0299520 _____ () C:\Users\Default.Default-PC\AppData\Roaming\cY5mr8tJrBn
2013-11-11 14:47 - 2013-11-11 14:47 - 0299520 _____ () C:\Users\Default.Default-PC\AppData\Roaming\gSJZFIfpv
2013-11-11 14:59 - 2013-11-11 14:59 - 0300544 _____ () C:\Users\Default.Default-PC\AppData\Roaming\Ju6KByzi
2013-11-11 18:09 - 2013-11-11 18:09 - 0299520 _____ () C:\Users\Default.Default-PC\AppData\Roaming\yfvak0WHK
2013-11-12 10:20 - 2013-11-12 10:20 - 0299520 _____ () C:\Users\Default.Default-PC\AppData\Local\0T8zl5vCxiD
2013-11-11 17:37 - 2013-11-11 17:37 - 0300544 _____ () C:\Users\Default.Default-PC\AppData\Local\CWXBihIoFg
2013-11-11 18:09 - 2013-11-11 18:09 - 0299520 _____ () C:\Users\Default.Default-PC\AppData\Local\gn91ks2V
2013-11-11 14:59 - 2013-11-11 14:59 - 0300544 _____ () C:\Users\Default.Default-PC\AppData\Local\HWUuC9unFv9
2013-11-11 14:47 - 2013-11-11 14:47 - 0299520 _____ () C:\Users\Default.Default-PC\AppData\Local\k2OKvzz9tza
2013-11-11 14:54 - 2013-11-11 14:54 - 0300544 _____ () C:\Users\Default.Default-PC\AppData\Local\XNWU5ouMAK
2013-11-11 14:59 - 2013-11-11 14:59 - 0300544 _____ () C:\ProgramData\1hjraqyzKyk
2011-04-25 00:31 - 2011-04-25 00:31 - 0000336 ____H () C:\ProgramData\47177480
2013-11-11 17:37 - 2013-11-11 17:37 - 0300544 _____ () C:\ProgramData\6Qo79AE6PIC
2013-11-11 14:47 - 2013-11-11 14:47 - 0299520 _____ () C:\ProgramData\7KJ0cOFTaAF
2013-11-11 18:09 - 2013-11-11 18:09 - 0299520 _____ () C:\ProgramData\vxJFYSOVoV
2013-11-11 14:54 - 2013-11-11 14:54 - 0300544 _____ () C:\ProgramData\xxNMbgiw
2013-11-12 10:20 - 2013-11-12 10:20 - 0299520 _____ () C:\ProgramData\zvEh2lD778
2011-04-25 00:32 - 2011-04-25 00:32 - 0000120 ____H () C:\ProgramData\~47177480
2011-04-25 00:32 - 2011-04-25 00:32 - 0000136 ____H () C:\ProgramData\~47177480r
ZeroAccess:
C:\Users\Default.Default-PC\AppData\Local\Google\Desktop\Install
C:\Users\Default.Default-PC\AppData\Local\Temp\11366151302323.exe
C:\Users\Default.Default-PC\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Default.Default-PC\AppData\Local\Temp\notepad.exe
C:\Users\Default.Default-PC\AppData\Local\Temp\Player_Setup.exe
C:\Users\Default.Default-PC\AppData\Local\Temp\Quarantine.exe
C:\Users\Default.Default-PC\AppData\Local\Temp\sqlite3.dll
C:\Users\Default.Default-PC\AppData\Local\Temp\Uninstaller-5236.exe
C:\Users\Default.Default-PC\AppData\Local\Temp\_is4D35.exe
C:\Users\Default.Default-PC\AppData\Local\Temp\_is703F.exe
C:\Users\Default.Default-PC\AppData\Local\Temp\_is8804.exe
Task: {5B1176B9-E697-4663-8201-46BFBF2F6402} - System32\Tasks\RMSchedule => C:\Program Files (x86)\PC Tools Registry Mechanic\RegMech.exe
Task: {FDEE9F6A-7FC5-4FC6-A0FA-CD37D9A51BC3} - System32\Tasks\RMAutoUpdate => C:\Program Files (x86)\PC Tools Registry Mechanic\SULauncher.exe
Task: C:\Windows\Tasks\RMAutoUpdate.job => C:\Program Files (x86)\PC Tools Registry Mechanic\SULauncher.exe
Task: C:\Windows\Tasks\RMSchedule.job => C:\Program Files (x86)\PC Tools Registry Mechanic\RegMech.exe
AlternateDataStreams: C:\Windows\system32\Drivers\fotcmwix.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\gbmlhlom.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\lgrarhws.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\otdfkuws.sys:changelist
AlternateDataStreams: C:\Windows\system32\Drivers\wcnakoye.sys:changelist
AlternateDataStreams: C:\ProgramData\TEMP:2BDCFAD6
AlternateDataStreams: C:\ProgramData\TEMP:2D5907B8
AlternateDataStreams: C:\ProgramData\TEMP:6E897B76
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
C:\Users\Default.Default-PC\AppData\Local\{75F4020C-E2D7-4E46-8FBA-CE678BC38C6C}\{10DFCA9E-EFBA-4C73-B7DA-0C827B882010}\gponnpakpi.dll
EmptyTemp:
Hosts:
End

*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL => value deleted successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
"HKU\S-1-5-21-4263378259-964094001-1927029533-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-4263378259-964094001-1927029533-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8E697CAE-CCED-4561-814C-E9EA621CEF6E}" => Key deleted successfully.
HKCR\CLSID\{8E697CAE-CCED-4561-814C-E9EA621CEF6E} => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@Retrogamer_2z.com/Plugin" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@soe.sony.com/installer,version=1.0.3" => Key deleted successfully.
HKU\S-1-5-21-4263378259-964094001-1927029533-1000\Software\Mozilla\Firefox\Extensions\\games@acandy.com => value deleted successfully.
X6va006 => Service deleted successfully.
C:\Users\Default.Default-PC\AppData\Roaming\7dmDTxVfj => Moved successfully.
C:\Users\Default.Default-PC\AppData\Roaming\cY5mr8tJrBn => Moved successfully.
C:\Users\Default.Default-PC\AppData\Roaming\gSJZFIfpv => Moved successfully.
C:\Users\Default.Default-PC\AppData\Roaming\Ju6KByzi => Moved successfully.
C:\Users\Default.Default-PC\AppData\Roaming\yfvak0WHK => Moved successfully.
C:\Users\Default.Default-PC\AppData\Local\0T8zl5vCxiD => Moved successfully.
C:\Users\Default.Default-PC\AppData\Local\CWXBihIoFg => Moved successfully.
C:\Users\Default.Default-PC\AppData\Local\gn91ks2V => Moved successfully.
C:\Users\Default.Default-PC\AppData\Local\HWUuC9unFv9 => Moved successfully.
C:\Users\Default.Default-PC\AppData\Local\k2OKvzz9tza => Moved successfully.
C:\Users\Default.Default-PC\AppData\Local\XNWU5ouMAK => Moved successfully.
C:\ProgramData\1hjraqyzKyk => Moved successfully.
C:\ProgramData\47177480 => Moved successfully.
C:\ProgramData\6Qo79AE6PIC => Moved successfully.
C:\ProgramData\7KJ0cOFTaAF => Moved successfully.
C:\ProgramData\vxJFYSOVoV => Moved successfully.
C:\ProgramData\xxNMbgiw => Moved successfully.
C:\ProgramData\zvEh2lD778 => Moved successfully.
C:\ProgramData\~47177480 => Moved successfully.
C:\ProgramData\~47177480r => Moved successfully.
ZeroAccess: => Error: No automatic fix found for this entry.
C:\Users\Default.Default-PC\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Users\Default.Default-PC\AppData\Local\Temp\11366151302323.exe => Moved successfully.
C:\Users\Default.Default-PC\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully.
C:\Users\Default.Default-PC\AppData\Local\Temp\notepad.exe => Moved successfully.
C:\Users\Default.Default-PC\AppData\Local\Temp\Player_Setup.exe => Moved successfully.
C:\Users\Default.Default-PC\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Default.Default-PC\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Default.Default-PC\AppData\Local\Temp\Uninstaller-5236.exe => Moved successfully.
C:\Users\Default.Default-PC\AppData\Local\Temp\_is4D35.exe => Moved successfully.
C:\Users\Default.Default-PC\AppData\Local\Temp\_is703F.exe => Moved successfully.
C:\Users\Default.Default-PC\AppData\Local\Temp\_is8804.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B1176B9-E697-4663-8201-46BFBF2F6402}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B1176B9-E697-4663-8201-46BFBF2F6402}" => Key deleted successfully.
C:\Windows\System32\Tasks\RMSchedule => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RMSchedule" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FDEE9F6A-7FC5-4FC6-A0FA-CD37D9A51BC3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDEE9F6A-7FC5-4FC6-A0FA-CD37D9A51BC3}" => Key deleted successfully.
C:\Windows\System32\Tasks\RMAutoUpdate => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RMAutoUpdate" => Key deleted successfully.
C:\Windows\Tasks\RMAutoUpdate.job => Moved successfully.
C:\Windows\Tasks\RMSchedule.job => Moved successfully.
C:\Windows\system32\Drivers\fotcmwix.sys => ":changelist" ADS removed successfully.
C:\Windows\system32\Drivers\gbmlhlom.sys => ":changelist" ADS removed successfully.
C:\Windows\system32\Drivers\lgrarhws.sys => ":changelist" ADS removed successfully.
C:\Windows\system32\Drivers\otdfkuws.sys => ":changelist" ADS removed successfully.
C:\Windows\system32\Drivers\wcnakoye.sys => ":changelist" ADS removed successfully.
C:\ProgramData\TEMP => ":2BDCFAD6" ADS removed successfully.
C:\ProgramData\TEMP => ":2D5907B8" ADS removed successfully.
C:\ProgramData\TEMP => ":6E897B76" ADS removed successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
C:\Users\Default.Default-PC\AppData\Local\{75F4020C-E2D7-4E46-8FBA-CE678BC38C6C}\{10DFCA9E-EFBA-4C73-B7DA-0C827B882010}\gponnpakpi.dll => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 313.1 MB temporary data.

The system needed a reboot.

==== End of Fixlog 14:26:49 ====

Link to comment
Share on other sites

You know, if we get this computer cleaned it be near a miracle because, this machine has/had 3 really bad infections that don't always come off. Then again at times it leaves damage behind.

 

Let's see if we can get ComboFix to run.

 

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

 

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

 

How to use ComboFix

 

Download ComboFix from here:

Link 1

Link 2

Link 3

 

Place ComboFix.exe on your Desktop <--Important

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

     

     

     

    You can get help on disabling your protection programs here

  • Double click on ComboFix.exe & follow the prompts.
  • You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

     

    Note:

    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

     

    Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

     

    ---------------------------------------------------------------------------------------------

  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

     

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

    ---------------------------------------------------------------------------------------------

  • If there are Internet issues after running ComboFix:

    Internet Explorer:

    Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.

    Firefox:

    Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.

    Chrome:

    Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.

    Safari

    Launch Safari

    Go to general settings menu

    Then in Preferences/ Advanced

    Then on line click Proxies change settings ...

    Click Internet Options, then click the Connections tab, click Network Settings.

    Disable option (uncheck) for the use of proxy server ...

     

~~~~~~~~~~~~~~~~~~`
Link to comment
Share on other sites

everything ran smoothly.

 

scan log:

 

ComboFix 15-02-09.01 - Default 02/12/2015 4:23.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2381 [GMT -8:00]
Running from: c:\users\Default.Default-PC\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\Default.Default-PC\AppData\Local\._Revolution_
c:\users\Default.Default-PC\Desktop\Setup.exe
c:\windows\desktop
c:\windows\desktop\Cook'n Recipe Organizer.lnk
c:\windows\PFRO.log
c:\windows\SysWow64\jucheck.exe
c:\windows\SysWow64\jusched.exe
.
.
((((((((((((((((((((((((( Files Created from 2015-01-12 to 2015-02-12 )))))))))))))))))))))))))))))))
.
.
2015-02-12 12:38 . 2015-02-12 12:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-12 12:38 . 2015-02-12 12:38 -------- d-----w- c:\users\Default.Default-PC\AppData\Local\temp
2015-02-12 06:10 . 2015-02-12 06:10 -------- d-----w- c:\users\Default.Default-PC\AppData\Roaming\ATI
2015-02-12 06:10 . 2015-02-12 06:10 -------- d-----w- c:\users\Default.Default-PC\AppData\Local\ATI
2015-02-12 06:10 . 2015-02-12 06:10 -------- d-----w- c:\programdata\ATI
2015-02-12 06:02 . 2015-02-12 06:02 -------- d-----w- c:\program files (x86)\ATI Technologies
2015-02-12 06:02 . 2015-02-12 06:02 -------- d-----w- c:\program files\ATI
2015-02-12 06:02 . 2015-02-12 06:06 -------- d-----w- c:\program files\ATI Technologies
2015-02-12 05:31 . 2015-02-12 05:31 -------- d-----w- c:\users\Default.Default-PC\AppData\Roaming\AVAST Software
2015-02-12 05:29 . 2015-02-12 05:28 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-02-12 05:29 . 2015-02-12 05:28 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-02-12 05:29 . 2015-02-12 05:28 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-02-12 05:29 . 2015-02-12 05:30 87912 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2015-02-12 05:29 . 2015-02-12 05:28 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-02-12 05:29 . 2015-02-12 05:28 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-02-12 05:29 . 2015-02-12 05:28 64752 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-02-12 05:29 . 2015-02-12 05:30 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-02-12 05:28 . 2015-02-12 05:28 364512 ----a-w- c:\windows\system32\aswBoot.exe
2015-02-12 05:28 . 2015-02-12 05:28 43152 ----a-w- c:\windows\avastSS.scr
2015-02-12 05:25 . 2015-02-12 05:25 -------- d-----w- c:\program files\AVAST Software
2015-02-12 04:12 . 2015-02-12 12:05 -------- d-----w- c:\windows\system32\catroot2
2015-02-12 04:02 . 2015-02-12 04:02 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2015-02-12 03:26 . 2015-02-12 03:26 -------- d-----w- C:\RegBackup
2015-02-12 03:22 . 2015-02-12 03:22 -------- d-----w- c:\program files (x86)\Tweaking.com
2015-02-11 22:48 . 2015-02-12 03:19 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-02-11 22:06 . 2012-11-01 19:31 882792 ----a-w- c:\windows\system32\rtl8192cu.sys
2015-02-11 22:06 . 2012-11-01 19:31 882792 ----a-w- c:\windows\system32\drivers\RTL8192cu.sys
2015-02-11 22:05 . 2015-02-11 22:05 -------- d-----w- c:\programdata\TP-LINK
2015-02-11 19:40 . 2015-02-11 22:26 -------- d-----w- C:\FRST
2015-02-11 13:33 . 2015-02-11 13:33 -------- d-----w- c:\users\Default.Default-PC\AppData\Roaming\SUPERAntiSpyware.com
2015-02-11 13:33 . 2015-02-11 13:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2015-02-11 13:33 . 2015-02-11 13:33 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2015-02-11 13:32 . 2015-02-12 06:17 -------- d-----w- c:\programdata\Auslogics
2015-02-11 13:32 . 2015-02-12 06:17 -------- d-----w- c:\program files (x86)\Auslogics
2015-02-11 13:28 . 2015-02-12 05:25 -------- d-----w- c:\programdata\AVAST Software
2015-02-11 12:02 . 2015-02-12 03:14 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-11 12:01 . 2015-02-12 03:13 97496 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-11 12:01 . 2015-02-11 12:34 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-02-11 12:01 . 2014-11-21 14:14 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-11 12:01 . 2014-11-21 14:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-11 11:37 . 2015-02-11 21:11 -------- d-----w- c:\users\Default.Default-PC\AppData\Roaming\U3
2015-02-11 08:05 . 2015-02-11 08:42 -------- d-----w- c:\programdata\InstallShield
2015-02-11 07:07 . 2015-02-11 21:07 -------- d-----w- C:\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-11 22:26 . 2010-06-24 19:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2015-02-11 22:16 . 2012-06-14 13:11 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-11 22:16 . 2011-06-04 19:18 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-02-12 5227112]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-30 642304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - AFD
*Deregistered* - amdkmdag
*Deregistered* - aswHwid
*Deregistered* - aswMonFlt
*Deregistered* - aswRdr
*Deregistered* - aswRvrt
*Deregistered* - aswSnx
*Deregistered* - aswSP
*Deregistered* - aswTdi
*Deregistered* - aswVmm
*Deregistered* - bowser
*Deregistered* - cdfs
*Deregistered* - CLFS
*Deregistered* - crcdisk
*Deregistered* - DfsC
*Deregistered* - DXGKrnl
*Deregistered* - fastfat
*Deregistered* - FileInfo
*Deregistered* - FltMgr
*Deregistered* - HTTP
*Deregistered* - iScsiPrt
*Deregistered* - KSecDD
*Deregistered* - lltdio
*Deregistered* - luafv
*Deregistered* - mouclass
*Deregistered* - MountMgr
*Deregistered* - mpsdrv
*Deregistered* - MRxDAV
*Deregistered* - mrxsmb
*Deregistered* - mrxsmb10
*Deregistered* - mrxsmb20
*Deregistered* - Msfs
*Deregistered* - msisadrv
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NativeWifiP
*Deregistered* - NDIS
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - netbt
*Deregistered* - Npfs
*Deregistered* - nsiproxy
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PEAUTH
*Deregistered* - PptpMiniport
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasPppoe
*Deregistered* - RasSstp
*Deregistered* - rdbss
*Deregistered* - RDPCDD
*Deregistered* - RDPENCDD
*Deregistered* - rspndr
*Deregistered* - SASDIFSV
*Deregistered* - SASKUTIL
*Deregistered* - secdrv
*Deregistered* - Smb
*Deregistered* - spldr
*Deregistered* - srv
*Deregistered* - srv2
*Deregistered* - srvnet
*Deregistered* - swenum
*Deregistered* - Tcpip
*Deregistered* - tcpipreg
*Deregistered* - tdx
*Deregistered* - TermDD
*Deregistered* - tunmp
*Deregistered* - tunnel
*Deregistered* - umbus
*Deregistered* - VgaSave
*Deregistered* - volmgr
*Deregistered* - volmgrx
*Deregistered* - volsnap
*Deregistered* - Wanarpv6
*Deregistered* - Wdf01000
*Deregistered* - XAudio
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-11 22:37 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 22:16]
.
2015-02-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4263378259-964094001-1927029533-1000Core.job
- c:\users\Default.Default-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-25 11:57]
.
2015-02-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4263378259-964094001-1927029533-1000UA.job
- c:\users\Default.Default-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-25 11:57]
.
2015-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 22:31]
.
2015-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 22:31]
.
2013-06-08 c:\windows\Tasks\HPCeeScheduleForDefault.job
- c:\program files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2002-08-27 03:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-02-12 05:28 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-SITEguard - (no file)
Wow6432Node-HKLM-Run-hpqSRMon - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2015-02-12 04:43:18
ComboFix-quarantined-files.txt 2015-02-12 12:43
.
Pre-Run: 197,904,674,816 bytes free
Post-Run: 196,119,990,272 bytes free
.
- - End Of File - - A6776AC015DB1466AAC77DFAF356B6D9
03BA8F890B47C0BE359A4D5A636D214D

Link to comment
Share on other sites

Let's check for something deeper.

 

Also, tell me what the computer is doing now.

 

 

Download the latest version of TDSSKiller from here and save it to your Desktop.

 

Or from here

http://www.bleepingcomputer.com/download/tdsskiller/dl/4/

  • Doubleclick on TDSSKiller.exe to run the application

    tdss%20start.JPG

  • Then click on Change parameters.

     

    tdss%20Change%20param.JPG

  • Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
  • Click the Start Scan button.

     

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

     

    tdss%20threat.JPG

  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

     

    tdss%20report.JPG

  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.

 

 

 

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Link to comment
Share on other sites

well for the better part of yesterday i have been updating drivers like the video card driver since this computer has been neglected a ton. i did a scannow file scan and there are some damaged files associated with windows ''sidebar',not sure if this is due to it being infected. it seems to be running ok,kinda slow but i guess it could be from it being 5 years old. also i noticed that if i enter the same address in the infected computer and my personal one i get 2 different sites,example: tried going to HP site for drivers,entered same address on both computers and get HP site but not exact same page

 

scan log:

 

11:08:04.0025 0x0da4 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
11:08:08.0986 0x0da4 ============================================================
11:08:08.0986 0x0da4 Current date / time: 2015/02/12 11:08:08.0986
11:08:08.0986 0x0da4 SystemInfo:
11:08:08.0986 0x0da4
11:08:08.0986 0x0da4 OS Version: 6.0.6002 ServicePack: 2.0
11:08:08.0986 0x0da4 Product type: Workstation
11:08:08.0986 0x0da4 ComputerName: DEFAULT-PC
11:08:08.0986 0x0da4 UserName: Default
11:08:08.0986 0x0da4 Windows directory: C:\Windows
11:08:08.0986 0x0da4 System windows directory: C:\Windows
11:08:08.0986 0x0da4 Running under WOW64
11:08:08.0986 0x0da4 Processor architecture: Intel x64
11:08:08.0986 0x0da4 Number of processors: 2
11:08:08.0986 0x0da4 Page size: 0x1000
11:08:08.0986 0x0da4 Boot type: Normal boot
11:08:08.0986 0x0da4 ============================================================
11:08:09.0142 0x0da4 KLMD registered as C:\Windows\system32\drivers\25351510.sys
11:08:09.0438 0x0da4 System UUID: {3639A352-87F7-E1A9-E091-3DE6B72CBAD2}
11:08:09.0984 0x0da4 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:08:10.0016 0x0da4 ============================================================
11:08:10.0016 0x0da4 \Device\Harddisk0\DR0:
11:08:10.0016 0x0da4 MBR partitions:
11:08:10.0016 0x0da4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x389F6A7E
11:08:10.0016 0x0da4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x389F6ABD, BlocksNum 0x198E184
11:08:10.0016 0x0da4 ============================================================
11:08:10.0078 0x0da4 C: <-> \Device\Harddisk0\DR0\Partition1
11:08:10.0140 0x0da4 D: <-> \Device\Harddisk0\DR0\Partition2
11:08:10.0140 0x0da4 ============================================================
11:08:10.0140 0x0da4 Initialize success
11:08:10.0140 0x0da4 ============================================================
11:08:52.0026 0x10f0 ============================================================
11:08:52.0026 0x10f0 Scan started
11:08:52.0026 0x10f0 Mode: Manual; SigCheck; TDLFS;
11:08:52.0026 0x10f0 ============================================================
11:08:52.0026 0x10f0 KSN ping started
11:09:05.0973 0x10f0 KSN ping finished: true
11:09:06.0956 0x10f0 ================ Scan system memory ========================
11:09:06.0956 0x10f0 System memory - ok
11:09:06.0956 0x10f0 ================ Scan services =============================
11:09:07.0034 0x10f0 [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
11:09:07.0143 0x10f0 !SASCORE - ok
11:09:07.0346 0x10f0 aaitnpec - ok
11:09:07.0346 0x10f0 aakcbixx - ok
11:09:07.0361 0x10f0 aakseyra - ok
11:09:07.0361 0x10f0 aaoyrtzl - ok
11:09:07.0377 0x10f0 aauzykor - ok
11:09:07.0377 0x10f0 abakocns - ok
11:09:07.0439 0x10f0 abawojvx - ok
11:09:07.0455 0x10f0 abgiubzh - ok
11:09:07.0455 0x10f0 abvqpxnn - ok
11:09:07.0470 0x10f0 acalpwrh - ok
11:09:07.0470 0x10f0 acduhfso - ok
11:09:07.0517 0x10f0 acgaroke - ok
11:09:07.0626 0x10f0 [ 1965AAFFAB07E3FB03C77F81BEBA3547, 351A1EBB1B95C8E03ED125C8F997DEE810B4DF36AD290E7685FC01963B522BFC ] ACPI C:\Windows\system32\drivers\acpi.sys
11:09:07.0658 0x10f0 ACPI - ok
11:09:07.0658 0x10f0 acroctxh - ok
11:09:07.0689 0x10f0 acsdjoil - ok
11:09:07.0689 0x10f0 acslaxlr - ok
11:09:07.0704 0x10f0 actmizpc - ok
11:09:07.0704 0x10f0 adblgpdu - ok
11:09:07.0704 0x10f0 adirovea - ok
11:09:07.0720 0x10f0 adklclte - ok
11:09:07.0736 0x10f0 admpsidu - ok
11:09:07.0736 0x10f0 admskhgc - ok
11:09:07.0845 0x10f0 [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:09:07.0860 0x10f0 AdobeFlashPlayerUpdateSvc - ok
11:09:07.0923 0x10f0 [ F14215E37CF124104575073F782111D2, 7F624F7F0FE9909C07AB2E4C74727686FDA9DF33778A9CBBE35027D6579E4F71 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:09:07.0954 0x10f0 adp94xx - ok
11:09:08.0001 0x10f0 [ 7D05A75E3066861A6610F7EE04FF085C, 406F2CE539C306BA60C233FBCDB029153588F0499BBE91E66FC915E5C5D7D2A5 ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:09:08.0016 0x10f0 adpahci - ok
11:09:08.0032 0x10f0 adpaoivq - ok
11:09:08.0063 0x10f0 [ 820A201FE08A0C345B3BEDBC30E1A77C, 3170B308724CAA0AD50B74D045C837C48BD6A3A11ABA222670BEA82192A861BF ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
11:09:08.0079 0x10f0 adpu160m - ok
11:09:08.0094 0x10f0 [ 9B4AB6854559DC168FBB4C24FC52E794, 83CD75DE0A16AE66586837565ECA8B98BA9309519139C4C2032474B8DDF5A1AD ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:09:08.0110 0x10f0 adpu320 - ok
11:09:08.0157 0x10f0 adrcvhju - ok
11:09:08.0235 0x10f0 adzvbqnn - ok
11:09:08.0235 0x10f0 aebtcggm - ok
11:09:08.0250 0x10f0 aedgprnm - ok
11:09:08.0250 0x10f0 aehxulja - ok
11:09:08.0282 0x10f0 [ 0F421175574BFE0BF2F4D8E910A253BB, CEABE3A4F546EB6ACA079931AB532DC88FF757DEEF6F434991802220328A9CD6 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:09:08.0313 0x10f0 AeLookupSvc - ok
11:09:08.0313 0x10f0 aepezbci - ok
11:09:08.0328 0x10f0 aevjwvxv - ok
11:09:08.0328 0x10f0 afcgctnw - ok
11:09:08.0391 0x10f0 [ C4F6CE6087760AD70960C9EB130E7943, A2812502096FCA8CA8003DA34967CE7030CDEDC1D3B466F3A93C99EBACA4A2FE ] AFD C:\Windows\system32\drivers\afd.sys
11:09:08.0422 0x10f0 AFD - ok
11:09:08.0422 0x10f0 afigkgym - ok
11:09:08.0438 0x10f0 afktgyim - ok
11:09:08.0438 0x10f0 afoipuqm - ok
11:09:08.0438 0x10f0 afzazczk - ok
11:09:08.0453 0x10f0 agjrlssq - ok
11:09:08.0484 0x10f0 [ F6F6793B7F17B550ECFDBD3B229173F7, 7EB12A9372B7966440E39F1B567A43C21231D67DDFAA9C1DECC7E68627F82346 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:09:08.0500 0x10f0 agp440 - ok
11:09:08.0500 0x10f0 agsnomje - ok
11:09:08.0562 0x10f0 agszpvci - ok
11:09:08.0578 0x10f0 ahctjjgt - ok
11:09:08.0578 0x10f0 ahhgvfuv - ok
11:09:08.0594 0x10f0 ahmhlscf - ok
11:09:08.0594 0x10f0 ahqfknnv - ok
11:09:08.0594 0x10f0 ahskicvg - ok
11:09:08.0609 0x10f0 aiabwrod - ok
11:09:08.0625 0x10f0 aiazorak - ok
11:09:08.0672 0x10f0 [ 222CB641B4B8A1D1126F8033F9FD6A00, 8C7FD4BF87DC00893B99E64344C0E6A3F321DAD9BE60A99763629260E7C6312C ] aic78xx C:\Windows\system32\drivers\djsvs.sys
11:09:08.0687 0x10f0 aic78xx - ok
11:09:08.0703 0x10f0 aijvtjrj - ok
11:09:08.0703 0x10f0 ainvzghc - ok
11:09:08.0718 0x10f0 airxxmqq - ok
11:09:08.0734 0x10f0 ajdcvehf - ok
11:09:08.0734 0x10f0 ajfzucoh - ok
11:09:08.0734 0x10f0 ajhpygmc - ok
11:09:08.0750 0x10f0 ajrgdhit - ok
11:09:08.0750 0x10f0 ajxfxxmw - ok
11:09:08.0765 0x10f0 ajzipmun - ok
11:09:08.0765 0x10f0 akcathmx - ok
11:09:08.0781 0x10f0 akdrjctj - ok
11:09:08.0781 0x10f0 akeexlog - ok
11:09:08.0796 0x10f0 akiafucy - ok
11:09:08.0796 0x10f0 akmergnj - ok
11:09:08.0812 0x10f0 alcpgikt - ok
11:09:08.0812 0x10f0 alffhwbk - ok
11:09:08.0828 0x10f0 [ 5922F4F59B7868F3D74BBBBEB7B825A3, 71504BC8B596F540BF059059670BC0C138D8759C1DD9F99F1EC368FD5C53F573 ] ALG C:\Windows\System32\alg.exe
11:09:08.0874 0x10f0 ALG - ok
11:09:08.0890 0x10f0 alhirycg - ok
11:09:08.0921 0x10f0 [ 157D0898D4B73F075CE9FA26B482DF98, 84C3E163D7393FD306842F155C88A50B7D8AE88B59586F9014DB76B749CC33D5 ] aliide C:\Windows\system32\drivers\aliide.sys
11:09:08.0921 0x10f0 aliide - ok
11:09:08.0937 0x10f0 alklhxya - ok
11:09:08.0952 0x10f0 alkndprw - ok
11:09:08.0952 0x10f0 almtyzia - ok
11:09:08.0968 0x10f0 alzfnobt - ok
11:09:08.0968 0x10f0 amafadqp - ok
11:09:08.0984 0x10f0 amaqvwrn - ok
11:09:09.0015 0x10f0 [ DDEA39A56B801A675E118429AF6A30D2, D61A702E8777514A6926D1D5EB180F33C6317871013B355E7C17FE37C14C5D7F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:09:09.0046 0x10f0 AMD External Events Utility - ok
11:09:09.0093 0x10f0 [ 970FA5059E61E30D25307B99903E991E, CFB241803A63EA3469B2596462A42DDCA813B3ACF96E56BB34F5979BB34DDC32 ] amdide C:\Windows\system32\drivers\amdide.sys
11:09:09.0108 0x10f0 amdide - ok
11:09:09.0186 0x10f0 [ CDC3632A3A5EA4DBB83E46076A3165A1, 40BE3451A3F29CD3352360FF72165C54237E44D01006390805D493B0D06F51DB ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:09:09.0218 0x10f0 AmdK8 - ok
11:09:09.0701 0x10f0 [ 7F2BDD27F3611041D6B0D6C565A748A7, F74A3589253AAEDAFB15D5C439771339FC3B78B1CE51409A630822B653D4885D ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:09:10.0903 0x10f0 amdkmdag - ok
11:09:11.0013 0x10f0 [ 8E2A3479CF4E871F37D0F023692E6694, BE995D5679ABEF800E24208A068C44A10607305A8C328FF29A11DCAAB4D18FBB ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:09:11.0044 0x10f0 amdkmdap - ok
11:09:11.0075 0x10f0 amhnvjni - ok
11:09:11.0137 0x10f0 amjbvlry - ok
11:09:11.0137 0x10f0 amjjrcjv - ok
11:09:11.0153 0x10f0 amwrbvga - ok
11:09:11.0200 0x10f0 andjcdxw - ok
11:09:11.0200 0x10f0 anxmweak - ok
11:09:11.0200 0x10f0 anyxqhik - ok
11:09:11.0215 0x10f0 aoavmuzo - ok
11:09:11.0215 0x10f0 aofwaldl - ok
11:09:11.0231 0x10f0 aojscjmu - ok
11:09:11.0231 0x10f0 aolskbry - ok
11:09:11.0247 0x10f0 aoqkjfel - ok
11:09:11.0247 0x10f0 apdtihrl - ok
11:09:11.0247 0x10f0 apowqhqr - ok
11:09:11.0310 0x10f0 [ 9C37B3FD5615477CB9A0CD116CF43F5C, BD3F85A29931072F2B0C7283761E224E4621FE0D9D34D6D668A4516B28388484 ] Appinfo C:\Windows\System32\appinfo.dll
11:09:11.0326 0x10f0 Appinfo - ok
11:09:11.0435 0x10f0 [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:09:11.0450 0x10f0 Apple Mobile Device - ok
11:09:11.0466 0x10f0 apqxliea - ok
11:09:11.0466 0x10f0 apyktdiy - ok
11:09:11.0466 0x10f0 aqkgffsx - ok
11:09:11.0513 0x10f0 [ BA8417D4765F3988FF921F30F630E303, 876A8F34E578020DD9EDD64F7F77A0A3B4592EC568830B500D7EA844D3159C72 ] arc C:\Windows\system32\drivers\arc.sys
11:09:11.0528 0x10f0 arc - ok
11:09:11.0606 0x10f0 [ 9D41C435619733B34CC16A511E644B11, DEFFBBB5ECE33B7DF949DF979188AF3B6674E7580FC069397AB756EA84E24822 ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:09:11.0622 0x10f0 arcsas - ok
11:09:11.0638 0x10f0 aroegcgd - ok
11:09:11.0669 0x10f0 arpyctfi - ok
11:09:11.0669 0x10f0 arvxqwne - ok
11:09:11.0700 0x10f0 asdusdjy - ok
11:09:11.0716 0x10f0 aspnet_state - ok
11:09:11.0731 0x10f0 asrkmecj - ok
11:09:11.0747 0x10f0 assaqghx - ok
11:09:11.0794 0x10f0 [ 9BE9F2B83DE80E2752B1405CC427E2EC, 6015CA66553B3B882083B33F24FB338249A110D9769831C3D3D3C681AAFA9411 ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
11:09:11.0825 0x10f0 aswHwid - ok
11:09:11.0872 0x10f0 [ DE13ACC4B3EA66B4FBED7CF322807C90, E62AC03B66E69C43BBF275C10A79D88A6CCD782A8257114335464400E57A5639 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
11:09:11.0887 0x10f0 aswMonFlt - ok
11:09:11.0918 0x10f0 [ 879FBA8EFE252F02F9D1BBCE614A5B94, 34CAD7C8F7CDBFC7E7DBEB9839EEF14910ECE78B29BEEC38C67FDCDA31A3A82C ] aswRdr C:\Windows\system32\drivers\aswRdr.sys
11:09:11.0934 0x10f0 aswRdr - ok
11:09:11.0981 0x10f0 [ 1323269A92645705DEFA053F3596829D, 83EC58E0577A1E45D1FCBC0C0AF182099FB70B9005B9F8161166EBB4E9F58F35 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
11:09:11.0996 0x10f0 aswRvrt - ok
11:09:12.0215 0x10f0 [ E74FD717476B30E23F45354B8F3ACB30, 951D1655E1FA4CF0ACB29F2EEDDB3B42522D392F46DD826C63DCA8941E17ABA8 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
11:09:12.0262 0x10f0 aswSnx - ok
11:09:12.0324 0x10f0 [ B1881A01E301990B671694CA1623F1B6, 5299C713EA7CF96F0550943DB37E963CDA09258F65C471CCEEAB44C4736B7A08 ] aswSP C:\Windows\system32\drivers\aswSP.sys
11:09:12.0340 0x10f0 aswSP - ok
11:09:12.0402 0x10f0 [ B27B6E9062013BEDAEEB7C44BC38B9FD, 6264B0C71E3BD70A1305F4E469C087F54AA7B5354D97FF2A5E3A381FAE4E7D1A ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
11:09:12.0418 0x10f0 aswTdi - ok
11:09:12.0464 0x10f0 [ 1A5BDDE65B648DC3AD48B6ECAA3AE9C8, 858F674C3B775F9C8C782B7AFAC0B02AE9410C9F3B7F5B3AE1C4AD3BF6448C14 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
11:09:12.0496 0x10f0 aswVmm - ok
11:09:12.0511 0x10f0 [ 22D13FF3DAFEC2A80634752B1EAA2DE6, 503F7E5F1B14D3F7AEAB0982E812B19DABE38FD4104D93922F50F0B2D19BECFB ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:09:12.0558 0x10f0 AsyncMac - ok
11:09:12.0620 0x10f0 [ 1898FAE8E07D97F2F6C2D5326C633FAC, 62142E7B720C0A7FAD36577EE985B5793CB395574A3ECA9F2AF613C0F889D39C ] atapi C:\Windows\system32\drivers\atapi.sys
11:09:12.0636 0x10f0 atapi - ok
11:09:12.0683 0x10f0 atdhoswd - ok
11:09:12.0761 0x10f0 [ 917692CDF8E1CE00D9752FA40615338B, 13CC566C3DC5C5EAC956A6D7AC0181231388C018639372E273CEAEC55575EBB4 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH6.sys
11:09:12.0776 0x10f0 AtiHDAudioService - ok
11:09:13.0369 0x10f0 [ 7F2BDD27F3611041D6B0D6C565A748A7, F74A3589253AAEDAFB15D5C439771339FC3B78B1CE51409A630822B653D4885D ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:09:14.0414 0x10f0 atikmdag - ok
11:09:14.0446 0x10f0 atjiojel - ok
11:09:14.0477 0x10f0 attazjui - ok
11:09:14.0539 0x10f0 [ 79318C744693EC983D20E9337A2F8196, 94226786EF8A101C2E805C6BA3C1CF46628BAF1AFCECBC1FAB7A7E7E5E642608 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:09:14.0617 0x10f0 AudioEndpointBuilder - ok
11:09:14.0648 0x10f0 [ 79318C744693EC983D20E9337A2F8196, 94226786EF8A101C2E805C6BA3C1CF46628BAF1AFCECBC1FAB7A7E7E5E642608 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:09:14.0711 0x10f0 AudioSrv - ok
11:09:14.0726 0x10f0 auilbkqj - ok
11:09:14.0758 0x10f0 aukqqlhi - ok
11:09:14.0773 0x10f0 aukzhcxm - ok
11:09:14.0773 0x10f0 aushtvdh - ok
11:09:14.0789 0x10f0 autlkbco - ok
11:09:14.0789 0x10f0 auwbqokw - ok
11:09:14.0867 0x10f0 [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:09:14.0882 0x10f0 avast! Antivirus - ok
11:09:14.0898 0x10f0 avbzfeta - ok
11:09:14.0914 0x10f0 avhdxbfu - ok
11:09:14.0914 0x10f0 avjujbqz - ok
11:09:14.0929 0x10f0 avkfwwfk - ok
11:09:14.0929 0x10f0 avwiqknu - ok
11:09:14.0945 0x10f0 awbpzlys - ok
11:09:14.0945 0x10f0 awdcehom - ok
11:09:14.0960 0x10f0 awtrxkoq - ok
11:09:14.0992 0x10f0 awvldegy - ok
11:09:14.0992 0x10f0 axbfxtpu - ok
11:09:15.0007 0x10f0 axlawvvm - ok
11:09:15.0023 0x10f0 axwngkut - ok
11:09:15.0023 0x10f0 axznppkf - ok
11:09:15.0038 0x10f0 ayuqmrqr - ok
11:09:15.0038 0x10f0 azhkfebi - ok
11:09:15.0038 0x10f0 azizoxph - ok
11:09:15.0054 0x10f0 azmtuwjy - ok
11:09:15.0054 0x10f0 azxevlte - ok
11:09:15.0070 0x10f0 baehscip - ok
11:09:15.0070 0x10f0 bagwvyih - ok
11:09:15.0070 0x10f0 baibofaq - ok
11:09:15.0085 0x10f0 bakqucje - ok
11:09:15.0101 0x10f0 bavtfeup - ok
11:09:15.0101 0x10f0 bazrcdlw - ok
11:09:15.0132 0x10f0 bbayhaqv - ok
11:09:15.0132 0x10f0 bbcbebbe - ok
11:09:15.0148 0x10f0 bbdryifq - ok
11:09:15.0163 0x10f0 bbiscxre - ok
11:09:15.0179 0x10f0 bbrpriot - ok
11:09:15.0179 0x10f0 bbvkgijg - ok
11:09:15.0179 0x10f0 bbygoiua - ok
11:09:15.0194 0x0d2c Object required for P2P: [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI
11:09:15.0194 0x10f0 bcfdjwts - ok
11:09:15.0210 0x10f0 bcipjluv - ok
11:09:15.0210 0x10f0 bclpsyqv - ok
11:09:15.0304 0x10f0 [ 6163664C7E9CD110AF70180C126C3FDC, 9A801295CDE2BDE4EE0E96C610E4C01F6915DBDA2104D0E8873AFF1BC34A0FA1 ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
11:09:15.0319 0x10f0 BcmSqlStartupSvc - ok
11:09:15.0335 0x10f0 bcyagtdy - ok
11:09:15.0335 0x10f0 bczchigy - ok
11:09:15.0350 0x10f0 bczutmqv - ok
11:09:15.0350 0x10f0 bdcxooeh - ok
11:09:15.0366 0x10f0 bdqscjnr - ok
11:09:15.0366 0x10f0 Beep - ok
11:09:15.0382 0x10f0 beohfqgd - ok
11:09:15.0382 0x10f0 bewcvgbb - ok
11:09:15.0382 0x10f0 bewkjfqo - ok
11:09:15.0397 0x10f0 bewnmaxc - ok
11:09:15.0397 0x10f0 bfaqhzjc - ok
11:09:15.0413 0x10f0 bfcketri - ok
11:09:15.0475 0x10f0 [ FFB96C2589FFA60473EAD78B39FBDE29, 6A2792753E2CB580672B3107C0DBB9D26B6DAA14B37D5EC314BD0E304197E03E ] BFE C:\Windows\System32\bfe.dll
11:09:15.0522 0x10f0 BFE - ok
11:09:15.0538 0x10f0 bfetyuby - ok
11:09:15.0553 0x10f0 bfnvgwva - ok
11:09:15.0553 0x10f0 bfxvbsop - ok
11:09:15.0569 0x10f0 bgugefzf - ok
11:09:15.0584 0x10f0 bgwnfedv - ok
11:09:15.0584 0x10f0 bhbvjnsq - ok
11:09:15.0584 0x10f0 bhegrsug - ok
11:09:15.0600 0x10f0 bhgxyjma - ok
11:09:15.0616 0x10f0 bhkmsaox - ok
11:09:15.0631 0x10f0 bhljvjzw - ok
11:09:15.0631 0x10f0 bhsiypit - ok
11:09:15.0647 0x10f0 bhsomeom - ok
11:09:15.0647 0x10f0 bhtpgvit - ok
11:09:15.0647 0x10f0 biejkzbr - ok
11:09:15.0662 0x10f0 biroahmj - ok
11:09:15.0662 0x10f0 bistzwzb - ok
11:09:15.0740 0x10f0 [ 6D316F4859634071CC25C4FD4589AD2C, 73F69AC9E505F3B11A3CCFF8571930229A9058E672CD008A4BF26C0189564EAE ] BITS C:\Windows\system32\qmgr.dll
11:09:15.0818 0x10f0 BITS - ok
11:09:15.0818 0x10f0 biyvljqb - ok
11:09:15.0834 0x10f0 bjqodkku - ok
11:09:15.0834 0x10f0 bjusgfxu - ok
11:09:15.0865 0x10f0 bkclqepx - ok
11:09:15.0881 0x10f0 bkdujwyy - ok
11:09:15.0881 0x10f0 bkgdjwcp - ok
11:09:15.0896 0x10f0 bkhmehtw - ok
11:09:15.0896 0x10f0 bkjhaxya - ok
11:09:15.0912 0x10f0 bkjxozfb - ok
11:09:15.0912 0x10f0 bkkciuto - ok
11:09:15.0928 0x10f0 bknlwdga - ok
11:09:15.0928 0x10f0 bknzzstl - ok
11:09:15.0959 0x10f0 bkrzdotq - ok
11:09:15.0974 0x10f0 [ 79FEEB40056683F8F61398D81DDA65D2, 5EA3016194F71A2A2177C2B5129E82738EC621ACAD269809F4C131B72CFEB6C6 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
11:09:16.0006 0x10f0 blbdrive - ok
11:09:16.0021 0x10f0 blbtocbg - ok
11:09:16.0021 0x10f0 blckxzga - ok
11:09:16.0037 0x10f0 bldajpew - ok
11:09:16.0037 0x10f0 blpxfvrz - ok
11:09:16.0037 0x10f0 blrvjvpv - ok
11:09:16.0068 0x10f0 blwygwbq - ok
11:09:16.0084 0x10f0 blxwpfon - ok
11:09:16.0084 0x10f0 bmamnida - ok
11:09:16.0099 0x10f0 bmavyxgy - ok
11:09:16.0099 0x10f0 bmbixfti - ok
11:09:16.0115 0x10f0 bmharneq - ok
11:09:16.0115 0x10f0 bmpejquj - ok
11:09:16.0130 0x10f0 bnaykkue - ok
11:09:16.0146 0x10f0 bnmyyflh - ok
11:09:16.0146 0x10f0 bnpjxdqu - ok
11:09:16.0162 0x10f0 boddpjgg - ok
11:09:16.0162 0x10f0 bofqlxsr - ok
11:09:16.0177 0x10f0 boktthuv - ok
11:09:16.0177 0x10f0 bonftweh - ok
11:09:16.0240 0x10f0 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:09:16.0318 0x10f0 Bonjour Service - ok
11:09:16.0333 0x10f0 bonvzlmn - ok
11:09:16.0333 0x10f0 borxkjqt - ok
11:09:16.0349 0x10f0 botzahpe - ok
11:09:16.0349 0x10f0 bouvqeur - ok
11:09:16.0396 0x10f0 [ 2348447A80920B2493A9B582A23E81E1, 50F9242B7104607E633ABAF4E0A213C1C1226BF81F7FB4E216A9E878247B868C ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:09:16.0427 0x10f0 bowser - ok
11:09:16.0427 0x10f0 bpaqzkdj - ok
11:09:16.0427 0x10f0 bpkwaztg - ok
11:09:16.0442 0x10f0 bpsxdmer - ok
11:09:16.0442 0x10f0 bptsxrxn - ok
11:09:16.0458 0x10f0 bpynvglv - ok
11:09:16.0489 0x10f0 bqbvgvjs - ok
11:09:16.0505 0x10f0 bqjqqouf - ok
11:09:16.0505 0x10f0 brcuilax - ok
11:09:16.0536 0x10f0 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
11:09:16.0567 0x10f0 BrFiltLo - ok
11:09:16.0583 0x10f0 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
11:09:16.0630 0x10f0 BrFiltUp - ok
11:09:16.0645 0x10f0 brjnvbmo - ok
11:09:16.0645 0x10f0 brnodiaq - ok
11:09:16.0676 0x10f0 [ A1B39DE453433B115B4EA69EE0343816, 61441E7E9D5259A5987DBD3FC8D4E3221A57F42C7CC0F94DB48E80EEF96CA5D4 ] Browser C:\Windows\System32\browser.dll
11:09:16.0723 0x10f0 Browser - ok
11:09:16.0723 0x10f0 brrlhszm - ok
11:09:16.0801 0x10f0 [ F0F0BA4D815BE446AA6A4583CA3BCA9B, E0A5DB5A0C7D6AF93ED45F34D2597F77982DFF41E4FDAC827FE5D80323ADED60 ] Brserid C:\Windows\system32\drivers\brserid.sys
11:09:16.0848 0x10f0 Brserid - ok
11:09:16.0864 0x10f0 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
11:09:16.0910 0x10f0 BrSerWdm - ok
11:09:16.0942 0x10f0 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
11:09:16.0988 0x10f0 BrUsbMdm - ok
11:09:17.0004 0x10f0 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
11:09:17.0051 0x10f0 BrUsbSer - ok
11:09:17.0066 0x10f0 brwucpkc - ok
11:09:17.0066 0x10f0 bsdtnekh - ok
11:09:17.0082 0x10f0 bseeuoax - ok
11:09:17.0082 0x10f0 bsmzbvva - ok
11:09:17.0082 0x10f0 bsuocqqx - ok
11:09:17.0098 0x10f0 btawjfgj - ok
11:09:17.0144 0x10f0 [ E0777B34E05F8A82A21856EFC900C29F, A7ACE3C65D1773C50ACD98A13B3ADBDD2A6052D7F5D124CB6EE6E7C22151A424 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:09:17.0238 0x10f0 BTHMODEM - ok
11:09:17.0238 0x10f0 btiibvtv - ok
11:09:17.0254 0x10f0 btrjvqbd - ok
11:09:17.0269 0x10f0 btshbyea - ok
11:09:17.0269 0x10f0 btzufyrs - ok
11:09:17.0285 0x10f0 buixqics - ok
11:09:17.0285 0x10f0 bumankug - ok
11:09:17.0285 0x10f0 busymyoe - ok
11:09:17.0300 0x10f0 buvfilpg - ok
11:09:17.0300 0x10f0 buxefsxj - ok
11:09:17.0316 0x10f0 bvbqboky - ok
11:09:17.0316 0x10f0 bvcckxzu - ok
11:09:17.0332 0x10f0 bvdyggqn - ok
11:09:17.0347 0x10f0 bvjjbrfx - ok
11:09:17.0363 0x10f0 bvkelbcv - ok
11:09:17.0363 0x10f0 bvpakqyf - ok
11:09:17.0378 0x10f0 bvrwuggv - ok
11:09:17.0378 0x10f0 bvubgwks - ok
11:09:17.0378 0x10f0 bvvjmhka - ok
11:09:17.0394 0x10f0 bvyfuzjg - ok
11:09:17.0394 0x10f0 bvynbasd - ok
11:09:17.0410 0x10f0 bwhqituh - ok
11:09:17.0410 0x10f0 bwizgmqw - ok
11:09:17.0425 0x10f0 bwnypgva - ok
11:09:17.0425 0x10f0 bxabqpqa - ok
11:09:17.0441 0x10f0 bxdipfzq - ok
11:09:17.0441 0x10f0 bxnsqvyc - ok
11:09:17.0441 0x10f0 bxoexumr - ok
11:09:17.0456 0x10f0 bxpdllfa - ok
11:09:17.0456 0x10f0 bxrdjymj - ok
11:09:17.0472 0x10f0 bynwggnk - ok
11:09:17.0472 0x10f0 bywihiyk - ok
11:09:17.0472 0x10f0 bzfwpzhs - ok
11:09:17.0488 0x10f0 bzosbetv - ok
11:09:17.0488 0x10f0 bzukxoke - ok
11:09:17.0503 0x10f0 caanwrku - ok
11:09:17.0503 0x10f0 cabrfeei - ok
11:09:17.0519 0x10f0 cagupbao - ok
11:09:17.0519 0x10f0 canuhhja - ok
11:09:17.0519 0x10f0 canyjqrl - ok
11:09:17.0534 0x10f0 catchme - ok
11:09:17.0612 0x10f0 [ ACBADAB44C65E96983DBF5633318C355, 3EC0467EAE8B0F724FAB6A3861741A8771FCBC053C88AA04D53351D6D0F1211F ] CAXHWBS3 C:\Windows\system32\DRIVERS\CAXHWBS3.sys
11:09:17.0628 0x10f0 CAXHWBS3 - ok
11:09:17.0628 0x10f0 cbcdhgkv - ok
11:09:17.0644 0x10f0 cbmsfugk - ok
11:09:17.0644 0x10f0 cbypivgj - ok
11:09:17.0659 0x10f0 ccboksii - ok
11:09:17.0659 0x10f0 ccptpisn - ok
11:09:17.0659 0x10f0 ccsbinfw - ok
11:09:17.0675 0x10f0 cctlylmk - ok
11:09:17.0675 0x10f0 ccxkufuk - ok
11:09:17.0722 0x10f0 [ B4D787DB8D30793A4D4DF9FEED18F136, 2A956F7DCFE61E556F30BDA6D45592A05533541D6ED321C251C1C05F6CEA6DDC ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:09:17.0753 0x10f0 cdfs - ok
11:09:17.0784 0x10f0 cdnikbxd - ok
11:09:17.0831 0x10f0 [ C025AA69BE3D0D25C7A2E746EF6F94FC, F4754B23CC256ADF92FDD42A9BA80F1ACB74834A58FCBEA2C52650FAFC7F9483 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:09:17.0862 0x10f0 cdrom - ok
11:09:17.0878 0x10f0 cdtktqnc - ok
11:09:17.0893 0x10f0 cdyfmhvr - ok
11:09:17.0893 0x10f0 cedrglgs - ok
11:09:17.0909 0x10f0 celcliji - ok
11:09:17.0909 0x10f0 cerbephe - ok
11:09:17.0940 0x10f0 [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] CertPropSvc C:\Windows\System32\certprop.dll
11:09:17.0987 0x10f0 CertPropSvc - ok
11:09:17.0987 0x10f0 cevewasc - ok
11:09:18.0002 0x10f0 cfhsfkie - ok
11:09:18.0002 0x10f0 cfiihgti - ok
11:09:18.0018 0x10f0 cftrkfvf - ok
11:09:18.0034 0x10f0 cfwcgwjb - ok
11:09:18.0034 0x10f0 cgbanjaf - ok
11:09:18.0034 0x10f0 cgcsygmj - ok
11:09:18.0049 0x10f0 cgeywbjj - ok
11:09:18.0065 0x10f0 cggurdbm - ok
11:09:18.0065 0x10f0 chhljxao - ok
11:09:18.0065 0x10f0 chkwxzos - ok
11:09:18.0080 0x10f0 chlqenlk - ok
11:09:18.0080 0x10f0 chuchyxb - ok
11:09:18.0096 0x10f0 chwfzfwp - ok
11:09:18.0096 0x10f0 chxxrmsh - ok
11:09:18.0112 0x10f0 chyseiea - ok
11:09:18.0112 0x10f0 cidqhvrp - ok
11:09:18.0127 0x10f0 cifzuaqe - ok
11:09:18.0127 0x10f0 ciodkasc - ok
11:09:18.0143 0x10f0 ciotjdko - ok
11:09:18.0221 0x10f0 [ 02EA568D498BBDD4BA55BF3FCE34D456, 5A418B156CBB48D14E0F6B6AE6E03B8CD97AABE838F260757014479566C63F17 ] circlass C:\Windows\system32\drivers\circlass.sys
11:09:18.0283 0x10f0 circlass - ok
11:09:18.0299 0x10f0 cixhbgdt - ok
11:09:18.0299 0x10f0 cjbgfxda - ok
11:09:18.0299 0x10f0 cjhemwsg - ok
11:09:18.0314 0x10f0 cjsjwhdj - ok
11:09:18.0314 0x10f0 cjsspaop - ok
11:09:18.0330 0x10f0 cjvjynss - ok
11:09:18.0346 0x10f0 cjzbfqcy - ok
11:09:18.0361 0x10f0 cjzxcqar - ok
11:09:18.0361 0x10f0 ckdkzhzw - ok
11:09:18.0377 0x10f0 ckdrggin - ok
11:09:18.0377 0x0d2c Object send P2P result: true
11:09:18.0377 0x0d2c Object required for P2P: [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci
11:09:18.0377 0x10f0 cknikwsm - ok
11:09:18.0392 0x10f0 ckttrkrj - ok
11:09:18.0392 0x10f0 cktyoqxp - ok
11:09:18.0392 0x10f0 ckwpdcun - ok
11:09:18.0408 0x10f0 cldgwckn - ok
11:09:18.0408 0x10f0 clfrmifj - ok
11:09:18.0502 0x10f0 [ 3DCA9A18B204939CFB24BEA53E31EB48, 73CEDE020A6C8269EE8847A4E43071FD231179DA9430DE2983263B8345AD92B7 ] CLFS C:\Windows\system32\CLFS.sys
11:09:18.0533 0x10f0 CLFS - ok
11:09:18.0548 0x10f0 clozkggw - ok
11:09:18.0595 0x10f0 [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:09:18.0611 0x10f0 clr_optimization_v2.0.50727_32 - ok
11:09:18.0829 0x10f0 [ CE07A466201096F021CD09D631B21540, 1A11DDAB7000569A89F3FA26BDEE4D527FA6D57D3F91CDABAA9C02CACDDE5F6D ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:09:18.0845 0x10f0 clr_optimization_v2.0.50727_64 - ok
11:09:18.0985 0x10f0 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:09:19.0001 0x10f0 clr_optimization_v4.0.30319_32 - ok
11:09:19.0157 0x10f0 [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:09:19.0172 0x10f0 clr_optimization_v4.0.30319_64 - ok
11:09:19.0297 0x10f0 [ E5D5499A1C50A54B5161296B6AFE6192, 20A8A0478918063A9EE81565F21F4ACCAA7B6A8B2E9E084099879D85574BAB3E ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:09:19.0313 0x10f0 cmdide - ok
11:09:19.0313 0x10f0 cmoavnhm - ok
11:09:19.0313 0x10f0 cmwdbavm - ok
11:09:19.0328 0x10f0 cmyvuwrn - ok
11:09:19.0328 0x10f0 cnelwjer - ok
11:09:19.0344 0x10f0 cngfjczd - ok
11:09:19.0344 0x10f0 cnktuiow - ok
11:09:19.0344 0x10f0 cnpitchx - ok
11:09:19.0360 0x10f0 cnqyxsca - ok
11:09:19.0360 0x10f0 cnslpldr - ok
11:09:19.0375 0x10f0 cnyfmfxv - ok
11:09:19.0422 0x10f0 cohymzei - ok
11:09:19.0422 0x10f0 cojandpx - ok
11:09:19.0469 0x10f0 [ 7FB8AD01DB0EABE60C8A861531A8F431, E19353C686B07A0DBBA92CFCC88AB9B6BEBAF389416B78F4470BA673E7CD73C3 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
11:09:19.0484 0x10f0 Compbatt - ok
11:09:19.0500 0x10f0 comscrfk - ok
11:09:19.0500 0x10f0 COMSysApp - ok
11:09:19.0516 0x10f0 covzcmsn - ok
11:09:19.0547 0x10f0 coyegumj - ok
11:09:19.0547 0x10f0 cpfqeqin - ok
11:09:19.0547 0x10f0 cpgcgwhl - ok
11:09:19.0562 0x10f0 cpjlufzy - ok
11:09:19.0562 0x10f0 cpleevee - ok
11:09:19.0578 0x10f0 cpshnurd - ok
11:09:19.0578 0x10f0 cptfldkp - ok
11:09:19.0796 0x10f0 cpuz132 - ok
11:09:19.0796 0x10f0 cpzbmojt - ok
11:09:19.0812 0x10f0 cpzpdnue - ok
11:09:19.0812 0x10f0 cqighdfi - ok
11:09:19.0828 0x10f0 cqmhgvsm - ok
11:09:19.0828 0x10f0 cqxtmdlt - ok
11:09:19.0828 0x10f0 craujtrs - ok
11:09:19.0874 0x10f0 [ A8585B6412253803CE8EFCBD6D6DC15C, C3906B080D3BB06CB976FD98C62CBA97DAE74970A5559D51EF5111D773949322 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:09:19.0890 0x10f0 crcdisk - ok
11:09:19.0906 0x10f0 crhhkfmc - ok
11:09:19.0906 0x10f0 crhrwrvq - ok
11:09:19.0921 0x10f0 crmnaecd - ok
11:09:19.0921 0x10f0 crsjhzvd - ok
11:09:19.0937 0x10f0 crvbmypg - ok
11:09:20.0030 0x10f0 [ 5AAC48EAF8EACF247DB44FB61B900D89, D20FCD5C71CA18F284D3DFD0CED37F6888A296E76B7B0563F2F4668CF90FE752 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:09:20.0046 0x10f0 CryptSvc - ok
11:09:20.0062 0x10f0 crzmytzd - ok
11:09:20.0062 0x10f0 cscdnkhs - ok
11:09:20.0062 0x10f0 csdaharw - ok
11:09:20.0077 0x10f0 csenaqal - ok
11:09:20.0077 0x10f0 csfkpcor - ok
11:09:20.0093 0x10f0 csfpjayf - ok
11:09:20.0093 0x10f0 cshhofbj - ok
11:09:20.0108 0x10f0 csjutqru - ok
11:09:20.0108 0x10f0 cskdqplv - ok
11:09:20.0108 0x10f0 cskgbdzf - ok
11:09:20.0124 0x10f0 cspwkqzk - ok
11:09:20.0124 0x10f0 csvudbfs - ok
11:09:20.0140 0x10f0 ctcruwhk - ok
11:09:20.0140 0x10f0 ctjtixit - ok
11:09:20.0140 0x10f0 ctlykang - ok
11:09:20.0155 0x10f0 ctnyfsaw - ok
11:09:20.0155 0x10f0 ctobiukp - ok
11:09:20.0171 0x10f0 ctvyhtyo - ok
11:09:20.0171 0x10f0 ctzwqgpd - ok
11:09:20.0186 0x10f0 cucibjzn - ok
11:09:20.0186 0x10f0 cuglzawt - ok
11:09:20.0186 0x10f0 cuqdgvif - ok
11:09:20.0202 0x10f0 cuyqswjp - ok
11:09:20.0249 0x10f0 cuysjifv - ok
11:09:20.0264 0x10f0 cvirunid - ok
11:09:20.0264 0x10f0 cvmljqoq - ok
11:09:20.0264 0x10f0 cvouwsvu - ok
11:09:20.0280 0x10f0 cvoyojpy - ok
11:09:20.0280 0x10f0 cvrhwcjp - ok
11:09:20.0296 0x10f0 cwjjjrnu - ok
11:09:20.0296 0x10f0 cwzccnpy - ok
11:09:20.0311 0x10f0 cxgignxz - ok
11:09:20.0311 0x10f0 cxjegubj - ok
11:09:20.0327 0x10f0 cxkuayfb - ok
11:09:20.0327 0x10f0 cxnvbxsm - ok
11:09:20.0327 0x10f0 cxwmvovd - ok
11:09:20.0342 0x10f0 cyelsrut - ok
11:09:20.0342 0x10f0 cyelzlbf - ok
11:09:20.0358 0x10f0 cylwmkug - ok
11:09:20.0374 0x10f0 cynibrwt - ok
11:09:20.0374 0x10f0 cytpghkw - ok
11:09:20.0389 0x10f0 cywakmoj - ok
11:09:20.0405 0x10f0 cztkdxlc - ok
11:09:20.0405 0x10f0 czwevclv - ok
11:09:20.0420 0x10f0 dairguft - ok
11:09:20.0420 0x10f0 dalnutqm - ok
11:09:20.0436 0x10f0 daonjmun - ok
11:09:20.0436 0x10f0 dauyorsp - ok
11:09:20.0452 0x10f0 dauytjwv - ok
11:09:20.0452 0x10f0 davxytgm - ok
11:09:20.0452 0x10f0 dbbikocp - ok
11:09:20.0467 0x10f0 dbfyzhyn - ok
11:09:20.0467 0x10f0 dbgukjra - ok
11:09:20.0483 0x10f0 dbgysluh - ok
11:09:20.0483 0x10f0 dbiclijv - ok
11:09:20.0483 0x10f0 dbkaldqv - ok
11:09:20.0498 0x10f0 dbmnelet - ok
11:09:20.0498 0x10f0 dbrhjbfq - ok
11:09:20.0514 0x10f0 dbvmkbrn - ok
11:09:20.0514 0x10f0 dbwmqjos - ok
11:09:20.0530 0x10f0 dbwrwrtj - ok
11:09:20.0530 0x10f0 dbyqkcij - ok
11:09:20.0530 0x10f0 dcaolrta - ok
11:09:20.0545 0x10f0 dcfrdkxk - ok
11:09:20.0545 0x10f0 dckftgyf - ok
11:09:20.0576 0x10f0 dcluysia - ok
11:09:20.0592 0x10f0 dclwmwuf - ok
11:09:20.0592 0x10f0 dcmfbdie - ok
11:09:20.0592 0x10f0 dcnmcesz - ok
11:09:20.0654 0x10f0 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] DcomLaunch C:\Windows\system32\rpcss.dll
11:09:20.0701 0x10f0 DcomLaunch - ok
11:09:20.0717 0x10f0 dcpzhntd - ok
11:09:20.0717 0x10f0 dctjbbpz - ok
11:09:20.0732 0x10f0 dcufakot - ok
11:09:20.0748 0x10f0 ddcfmsaw - ok
11:09:20.0748 0x10f0 ddcpmqnp - ok
11:09:20.0764 0x10f0 dddnhkoz - ok
11:09:20.0764 0x10f0 ddhdvnle - ok
11:09:20.0764 0x10f0 ddixrbsq - ok
11:09:20.0779 0x10f0 ddmgtnot - ok
11:09:20.0779 0x10f0 ddpjvnea - ok
11:09:20.0795 0x10f0 ddpxrkzv - ok
11:09:20.0795 0x10f0 ddvwncum - ok
11:09:20.0795 0x10f0 ddxbdgdh - ok
11:09:20.0810 0x10f0 ddxusosm - ok
11:09:20.0810 0x10f0 debmligp - ok
11:09:20.0826 0x10f0 decjtmrf - ok
11:09:20.0826 0x10f0 declilzf - ok
11:09:20.0842 0x10f0 deevmcnj - ok
11:09:20.0842 0x10f0 deoahkdy - ok
11:09:20.0842 0x10f0 deyhdncv - ok
11:09:20.0857 0x10f0 dfeuhpab - ok
11:09:20.0857 0x10f0 dfpomhul - ok
11:09:20.0873 0x10f0 dfptzamn - ok
11:09:20.0935 0x10f0 [ 8B722BA35205C71E7951CDC4CDBADE19, 39720A60DFD0532F7E1A1976240E9828559BF9E0C6D1CFBF4D911965BFD94158 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:09:20.0951 0x10f0 DfsC - ok
11:09:21.0169 0x10f0 [ C647F468F7DE343DF8C143655C5557D4, E2D35FE49C408B952D8FE0C7EF70D42798229D30B89CEF9858BAC9F4F9E98EF2 ] DFSR C:\Windows\system32\DFSR.exe
11:09:21.0325 0x10f0 DFSR - ok
11:09:21.0341 0x10f0 dfuqpbop - ok
11:09:21.0341 0x10f0 dfxcstiw - ok
11:09:21.0356 0x10f0 dfzjbnuc - ok
11:09:21.0356 0x10f0 dghplmoj - ok
11:09:21.0372 0x10f0 dghqryec - ok
11:09:21.0372 0x10f0 dgohoypy - ok
11:09:21.0388 0x10f0 dgvxexzy - ok
11:09:21.0450 0x10f0 [ 3ED0321127CE70ACDAABBF77E157C2A7, 10973BD0AEF9597A4EA0A4947BDE922F9168F33D6ED97BFFEE6176AADAD78980 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
11:09:21.0528 0x10f0 Dhcp - ok
11:09:21.0528 0x10f0 dhoxzkni - ok
11:09:21.0544 0x10f0 dhrnauda - ok
11:09:21.0575 0x0d2c Object send P2P result: true
11:09:21.0575 0x0d2c Object required for P2P: [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320
11:09:21.0575 0x10f0 [ B0107E40ECDB5FA692EBF832F295D905, 76466BB9E4F12436ECCCB9D89EB20762B4785F82F02591B51A735A590E248264 ] disk C:\Windows\system32\drivers\disk.sys
11:09:21.0622 0x10f0 disk - ok
11:09:21.0622 0x10f0 ditoieer - ok
11:09:21.0637 0x10f0 djahgfpp - ok
11:09:21.0637 0x10f0 djatpigv - ok
11:09:21.0668 0x10f0 djjvhebu - ok
11:09:21.0684 0x10f0 djmoczrl - ok
11:09:21.0684 0x10f0 djqfjhcq - ok
11:09:21.0684 0x10f0 djrgsexo - ok
11:09:21.0700 0x10f0 djsyhcyj - ok
11:09:21.0700 0x10f0 dkahwsvz - ok
11:09:21.0715 0x10f0 dknmqdlm - ok
11:09:21.0715 0x10f0 dkvlcfgh - ok
11:09:21.0731 0x10f0 dlkdussh - ok
11:09:21.0731 0x10f0 dlmrlkjb - ok
11:09:21.0731 0x10f0 dlmrzmjw - ok
11:09:21.0746 0x10f0 dlzivkvw - ok
11:09:21.0746 0x10f0 dmilidhp - ok
11:09:21.0762 0x10f0 dmiumunj - ok
11:09:21.0762 0x10f0 dmlfpmnt - ok
11:09:21.0778 0x10f0 dmnprcso - ok
11:09:21.0778 0x10f0 dmubokla - ok
11:09:21.0778 0x10f0 dmvibfhd - ok
11:09:21.0793 0x10f0 dngznvqq - ok
11:09:21.0871 0x10f0 [ 06230F1B721494A6DF8D47FD395BB1B0, F6CA8270740E01D9CE2FE8E34BC067C7EDC15BA610F461860E1D17D135C8A379 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:09:21.0887 0x10f0 Dnscache - ok
11:09:21.0887 0x10f0 dntfdfqd - ok
11:09:21.0902 0x10f0 dobdkaqx - ok
11:09:21.0902 0x10f0 dobhanom - ok
11:09:21.0918 0x10f0 doeghvwd - ok
11:09:21.0918 0x10f0 doocyjce - ok
11:09:21.0918 0x10f0 dosvwsdw - ok
11:09:21.0965 0x10f0 [ 1A7156DD1E850E9914E5E991E3225B94, 99FF0C7125B01FCB0B92DC44756AE8FAA486F2E7F38DC6204F7EFE5918F8480A ] dot3svc C:\Windows\System32\dot3svc.dll
11:09:22.0074 0x10f0 dot3svc - ok
11:09:22.0074 0x10f0 dovithew - ok
11:09:22.0090 0x10f0 doydjzzy - ok
11:09:22.0090 0x10f0 dpaapelp - ok
11:09:22.0105 0x10f0 dpfxoaiz - ok
11:09:22.0105 0x10f0 dphqifqm - ok
11:09:22.0168 0x10f0 [ 1583B39790DB3EAEC7EDB0CB0140C708, F94F9AE7054A38602CD25D4E10FE7C7B574BD9ED8440C3FDAA7275A1D1E663E7 ] DPS C:\Windows\system32\dps.dll
11:09:22.0199 0x10f0 DPS - ok
11:09:22.0214 0x10f0 dpzdbcup - ok
11:09:22.0214 0x10f0 dqlswqwx - ok
11:09:22.0230 0x10f0 dqphksbj - ok
11:09:22.0230 0x10f0 dqylxcka - ok
11:09:22.0246 0x10f0 draoehli - ok
11:09:22.0261 0x10f0 drfeusov - ok
11:09:22.0261 0x10f0 drfwoclx - ok
11:09:22.0277 0x10f0 drgfcuck - ok
11:09:22.0277 0x10f0 drjhqgnk - ok
11:09:22.0324 0x10f0 [ F1A78A98CFC2EE02144C6BEC945447E6, D2E2AA13BE6319F967002476A5D3CF09B1B44350576DD8E1C1C531854F53B488 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:09:22.0339 0x10f0 drmkaud - ok
11:09:22.0355 0x10f0 dsbjsnid - ok
11:09:22.0355 0x10f0 dsdzyovv - ok
11:09:22.0370 0x10f0 dsjlynxq - ok
11:09:22.0370 0x10f0 dsmenwkn - ok
11:09:22.0370 0x10f0 dszlhsan - ok
11:09:22.0386 0x10f0 dthkdgto - ok
11:09:22.0386 0x10f0 dtmhgede - ok
11:09:22.0402 0x10f0 dtsbczsi - ok
11:09:22.0402 0x10f0 dufwjylf - ok
11:09:22.0417 0x10f0 dugmksgv - ok
11:09:22.0417 0x10f0 dugtitcd - ok
11:09:22.0417 0x10f0 duhjhdkc - ok
11:09:22.0433 0x10f0 dupiuuiz - ok
11:09:22.0433 0x10f0 duqtxnwv - ok
11:09:22.0448 0x10f0 dvbkwrrz - ok
11:09:22.0448 0x10f0 dvikalhn - ok
11:09:22.0448 0x10f0 dvrcfews - ok
11:09:22.0464 0x10f0 dvwxiirc - ok
11:09:22.0464 0x10f0 dwemodoo - ok
11:09:22.0480 0x10f0 dwfopklp - ok
11:09:22.0480 0x10f0 dwhhjrzh - ok
11:09:22.0480 0x10f0 dwjwogar - ok
11:09:22.0495 0x10f0 dwlkstlu - ok
11:09:22.0573 0x10f0 [ 0A3C78677FF62E9E0AE7CC25C790A968, 6A2D81BC3715FD4960D2C853870C056C5BFE581B25C4592CBF65EAC044DFEAB3 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:09:22.0604 0x10f0 DXGKrnl - ok
11:09:22.0620 0x10f0 dyfmruus - ok
11:09:22.0620 0x10f0 dyqmeeaa - ok
11:09:22.0636 0x10f0 dyywtbaf - ok
11:09:22.0636 0x10f0 dzcmgutk - ok
11:09:22.0651 0x10f0 dzijhkci - ok
11:09:22.0651 0x10f0 dzpkacet - ok
11:09:22.0698 0x10f0 dzuijpvq - ok
11:09:22.0714 0x10f0 dzxkiayh - ok
11:09:22.0823 0x10f0 [ 264CEE7B031A9D6C827F3D0CB031F2FE, 50CAD28A73D29E7E04A45330146CF713BA17101215955009121E36D43CD5C536 ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
11:09:22.0854 0x10f0 E1G60 - ok
11:09:22.0870 0x10f0 eaaoazar - ok
11:09:22.0870 0x10f0 eadfkbkd - ok
11:09:22.0885 0x10f0 EagleX64 - ok
11:09:22.0885 0x10f0 eaoqrvzq - ok
11:09:22.0932 0x10f0 [ C2303883FD9BE49DC36A6400643002EA, F062D1D6D503CF5195BDE8C1DC75B541F559CB8175ADABCDB7690E9F1CA3EA4E ] EapHost C:\Windows\System32\eapsvc.dll
11:09:22.0994 0x10f0 EapHost - ok
11:09:22.0994 0x10f0 eatfcdzf - ok
11:09:23.0010 0x10f0 eayuckhv - ok
11:09:23.0010 0x10f0 ebcgrzcr - ok
11:09:23.0026 0x10f0 ebiqsjcw - ok
11:09:23.0026 0x10f0 ebkkhwyl - ok
11:09:23.0026 0x10f0 ebldktwn - ok
11:09:23.0041 0x10f0 ebnhciqj - ok
11:09:23.0041 0x10f0 ebxlhpzc - ok
11:09:23.0104 0x10f0 [ 5F94962BE5A62DB6E447FF6470C4F48A, D00F9B3315DE8610BBE93FFD3CA3E2CF5B10697C518FC25FA4274CC6894D022B ] Ecache C:\Windows\system32\drivers\ecache.sys
11:09:23.0119 0x10f0 Ecache - ok
11:09:23.0135 0x10f0 ecbzizpv - ok
11:09:23.0135 0x10f0 eccdvzoo - ok
11:09:23.0150 0x10f0 ecgjruyh - ok
11:09:23.0150 0x10f0 ecljnacv - ok
11:09:23.0150 0x10f0 ecnrmwlm - ok
11:09:23.0166 0x10f0 ecsbtbwm - ok
11:09:23.0166 0x10f0 ectdjcai - ok
11:09:23.0197 0x10f0 ecthxtxy - ok
11:09:23.0197 0x10f0 edcqjfhr - ok
11:09:23.0213 0x10f0 edhusxhv - ok
11:09:23.0213 0x10f0 edosjinc - ok
11:09:23.0228 0x10f0 edsqzdai - ok
11:09:23.0228 0x10f0 edwgluxa - ok
11:09:23.0228 0x10f0 eedgqykx - ok
11:09:23.0244 0x10f0 eehfqqmh - ok
11:09:23.0244 0x10f0 eezqkrmf - ok
11:09:23.0260 0x10f0 efkxvtgk - ok
11:09:23.0260 0x10f0 eflmydps - ok
11:09:23.0275 0x10f0 efrgspth - ok
11:09:23.0275 0x10f0 eftzkakq - ok
11:09:23.0306 0x10f0 egdezkzs - ok
11:09:23.0306 0x10f0 egdgbdys - ok
11:09:23.0322 0x10f0 eglvqmit - ok
11:09:23.0322 0x10f0 egtocauk - ok
11:09:23.0322 0x10f0 egyfgzzz - ok
11:09:23.0338 0x10f0 ehgaoqaw - ok
11:09:23.0338 0x10f0 ehhwqeug - ok
11:09:23.0353 0x10f0 ehjwgkpn - ok
11:09:23.0353 0x10f0 ehlxeouu - ok
11:09:23.0353 0x10f0 ehmyleqg - ok
11:09:23.0416 0x10f0 [ 14CE384D2E27B64C256BDA4DC39C312D, D5FA9C2BB162F1C22E419D33671B8202AAC245A87F6B183B97F83F5BFA165B41 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:09:23.0462 0x10f0 ehRecvr - ok
11:09:23.0478 0x10f0 [ B93159C1313D66FDFBBE876F5189CD52, 51E39160EA56F6B08449267EDF2A0F604612663768D2348DE23554AB07BDBB62 ] ehSched C:\Windows\ehome\ehsched.exe
11:09:23.0494 0x10f0 ehSched - ok
11:09:23.0540 0x10f0 [ F5EE2527D74449868E3C3227A59BCD28, 11640E97EE9D8F9A5DC3FEA6BA7A737AA796A7235C7F5C7EF1ABFB51C9D730D3 ] ehstart C:\Windows\ehome\ehstart.dll
11:09:23.0556 0x10f0 ehstart - ok
11:09:23.0572 0x10f0 eiutgmkc - ok
11:09:23.0572 0x10f0 eiwvpqqd - ok
11:09:23.0587 0x10f0 eizutpte - ok
11:09:23.0587 0x10f0 ejibddck - ok
11:09:23.0587 0x10f0 ejpowano - ok
11:09:23.0603 0x10f0 ekeygjri - ok
11:09:23.0603 0x10f0 ekfxppjn - ok
11:09:23.0618 0x10f0 ekkwmkzc - ok
11:09:23.0618 0x10f0 ekldcicy - ok
11:09:23.0634 0x10f0 eldpilrl - ok
11:09:23.0634 0x10f0 elghgene - ok
11:09:23.0634 0x10f0 eljnfebh - ok
11:09:23.0650 0x10f0 elqductc - ok
11:09:23.0650 0x10f0 elwoougu - ok
11:09:23.0665 0x10f0 elwyujwg - ok
11:09:23.0728 0x10f0 [ C4636D6E10469404AB5308D9FD45ED07, 367D958D19F672395462206F27C1E138386C2F37B0FA77546F4217CF16D05C84 ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:09:23.0759 0x10f0 elxstor - ok
11:09:23.0821 0x10f0 [ A9B18B63A4FD6BAAB83326706D857FAB, 7721CC67C0F8CE3060D0EB35A10E4ADC1E3CB470C0797B17D606060C270F96D7 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
11:09:23.0852 0x10f0 EMDMgmt - ok
11:09:23.0899 0x10f0 emdnfajd - ok
11:09:23.0915 0x10f0 emkovjzg - ok
11:09:23.0915 0x10f0 emoxzksr - ok
11:09:23.0930 0x10f0 enehfdkp - ok
11:09:23.0930 0x10f0 ensuxwpt - ok
11:09:23.0930 0x10f0 entsiucg - ok
11:09:23.0946 0x10f0 enyumixv - ok
11:09:23.0977 0x10f0 eoebjfsm - ok
11:09:23.0993 0x10f0 eoepzasu - ok
11:09:23.0993 0x10f0 eofmnflc - ok
11:09:24.0008 0x10f0 eonwcbje - ok
11:09:24.0008 0x10f0 eooqmvnt - ok
11:09:24.0008 0x10f0 eooyvstq - ok
11:09:24.0024 0x10f0 eoselnoq - ok
11:09:24.0024 0x10f0 epaknpso - ok
11:09:24.0040 0x10f0 epqetrvd - ok
11:09:24.0040 0x10f0 epxejdxo - ok
11:09:24.0040 0x10f0 epzbnhpe - ok
11:09:24.0055 0x10f0 eqfcqlpz - ok
11:09:24.0055 0x10f0 eqgildpv - ok
11:09:24.0071 0x10f0 eqiiqrpx - ok
11:09:24.0071 0x10f0 eqjtymsn - ok
11:09:24.0086 0x10f0 eqntdmqz - ok
11:09:24.0086 0x10f0 eqoexjua - ok
11:09:24.0086 0x10f0 eqrhahtt - ok
11:09:24.0102 0x10f0 eqrvtklj - ok
11:09:24.0102 0x10f0 eqtlwytd - ok
11:09:24.0118 0x10f0 eqwigvqw - ok
11:09:24.0118 0x10f0 eraitjbc - ok
11:09:24.0133 0x10f0 erdhqtic - ok
11:09:24.0133 0x10f0 ericmpte - ok
11:09:24.0133 0x10f0 erljlxaz - ok
11:09:24.0149 0x10f0 ermjkmgt - ok
11:09:24.0196 0x10f0 [ BC3A58E938BB277E46BF4B3003B01ABD, 2BB054E632A96951DAB25B3BE8541AEC1B97A7739FC8D0E34BE8B9295600C8FC ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:09:24.0242 0x10f0 ErrDev - ok
11:09:24.0242 0x10f0 erujecug - ok
11:09:24.0258 0x10f0 eskmeebb - ok
11:09:24.0258 0x10f0 esnnkzaz - ok
11:09:24.0274 0x10f0 esrlqael - ok
11:09:24.0274 0x10f0 estbupjz - ok
11:09:24.0274 0x10f0 esyywzfq - ok
11:09:24.0289 0x10f0 etecpobn - ok
11:09:24.0289 0x10f0 eticrjgy - ok
11:09:24.0305 0x10f0 etkwcuzm - ok
11:09:24.0305 0x10f0 etvbakcr - ok
11:09:24.0320 0x10f0 euhnmplh - ok
11:09:24.0320 0x10f0 eujvfxmp - ok
11:09:24.0336 0x10f0 eunrshzd - ok
11:09:24.0336 0x10f0 euuzkbhc - ok
11:09:24.0352 0x10f0 euznwgmd - ok
11:09:24.0352 0x10f0 evcxpuut - ok
11:09:24.0445 0x10f0 [ E12F22B73F153DECE721CD45EC05B4AF, 41887EEF4BB024329B4079AD50FC5FB705F0EB8BAF6C93A8242DC2A73D3AFD86 ] EventSystem C:\Windows\system32\es.dll
11:09:24.0476 0x10f0 EventSystem - ok
11:09:24.0476 0x10f0 evijtapc - ok
11:09:24.0492 0x10f0 ewcphitz - ok
11:09:24.0492 0x10f0 ewrxjntr - ok
11:09:24.0508 0x10f0 ewvbhwme - ok
11:09:24.0508 0x10f0 ewvqpyjg - ok
11:09:24.0554 0x10f0 [ 486844F47B6636044A42454614ED4523, 3E24E78584B199C0FAA59613EEB7DF67B3B878B277A0130C7A3FF608C130BA2F ] exfat C:\Windows\system32\drivers\exfat.sys
11:09:24.0601 0x10f0 exfat - ok
11:09:24.0601 0x10f0 exoqbicn - ok
11:09:24.0617 0x10f0 exynlxfd - ok
11:09:24.0617 0x10f0 eyinpkru - ok
11:09:24.0617 0x10f0 eyjfhijr - ok
11:09:24.0632 0x10f0 eyjrxehv - ok
11:09:24.0632 0x10f0 eylckuep - ok
11:09:24.0648 0x10f0 eyqzynpt - ok
11:09:24.0648 0x10f0 eythctap - ok
11:09:24.0664 0x10f0 ezissthu - ok
11:09:24.0664 0x10f0 ezkxdfbw - ok
11:09:24.0664 0x10f0 eznfqoqt - ok
11:09:24.0679 0x10f0 eztbktqw - ok
11:09:24.0710 0x10f0 ezxgcdnd - ok
11:09:24.0710 0x10f0 fadsktad - ok
11:09:24.0726 0x10f0 fafmemvm - ok
11:09:24.0726 0x10f0 fajuhcka - ok
11:09:24.0726 0x10f0 fakatdhf - ok
11:09:24.0742 0x10f0 faoavkmf - ok
11:09:24.0773 0x10f0 [ 1A4BEE34277784619DDAF0422C0C6E23, 3223E1B5DD4866D8E09F1B465FF82C911DDEE5B01B084543086E47B11D2AEA77 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:09:24.0835 0x10f0 fastfat - ok
11:09:24.0835 0x10f0 fawgrqwd - ok
11:09:24.0851 0x10f0 fbcjphhm - ok
11:09:24.0851 0x10f0 fbgdgesq - ok
11:09:24.0866 0x10f0 fbqulzpu - ok
11:09:24.0866 0x10f0 fbrmviki - ok
11:09:24.0866 0x10f0 fbvcridf - ok
11:09:24.0882 0x10f0 fbvvwgnb - ok
11:09:24.0898 0x10f0 fbwhtfuc - ok
11:09:24.0913 0x10f0 fcdbxpiu - ok
11:09:24.0913 0x10f0 fcfdrfly - ok
11:09:24.0929 0x10f0 fcfmqjju - ok
11:09:24.0929 0x10f0 fchkvtdu - ok
11:09:24.0944 0x10f0 fcixuubo - ok
11:09:24.0944 0x10f0 fcljiwwn - ok
11:09:24.0944 0x10f0 fcxuycwj - ok
11:09:25.0022 0x10f0 [ 81B79B6DF71FA1D2C6D688D830616E39, 62F8BC0DB918A49B10A5BE1724A2E2F17FA7D8208D5D86822FACB2DCD97B3591 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:09:25.0054 0x10f0 fdc - ok
11:09:25.0069 0x10f0 fdflbfrr - ok
11:09:25.0069 0x10f0 fdoyacfv - ok
11:09:25.0132 0x10f0 [ BB9267ACACD8B7533DD936C34A0CBA5E, 32DE6E10ABA540D62F0D8AE30DE8769D7BF29E547838BEBE67C04183CC0B32C7 ] fdPHost C:\Windows\system32\fdPHost.dll
11:09:25.0178 0x10f0 fdPHost - ok
11:09:25.0210 0x10f0 [ 300C80931EABBE1DB7591C516EFE8D0F, F031DA96B06B6FA8E0AD56D5E10E5A5882765C3FF258A4DE06A47EC34829FF04 ] FDResPub C:\Windows\system32\fdrespub.dll
11:09:25.0272 0x10f0 FDResPub - ok
11:09:25.0272 0x10f0 fdxoeesl - ok
11:09:25.0272 0x10f0 febylxdj - ok
11:09:25.0288 0x10f0 feczrkjr - ok
11:09:25.0288 0x10f0 fegblocg - ok
11:09:25.0303 0x10f0 fehjuqxb - ok
11:09:25.0303 0x10f0 felmbjht - ok
11:09:25.0319 0x10f0 feqiovog - ok
11:09:25.0319 0x10f0 fexzbvzn - ok
11:09:25.0319 0x10f0 ffbltsyw - ok
11:09:25.0334 0x10f0 ffsnvifg - ok
11:09:25.0334 0x10f0 fgqvmdoj - ok
11:09:25.0350 0x10f0 fhetgean - ok
11:09:25.0350 0x10f0 fhilesbz - ok
11:09:25.0366 0x10f0 fhlkjsba - ok
11:09:25.0366 0x10f0 fhpbnwev - ok
11:09:25.0366 0x10f0 fhqifint - ok
11:09:25.0381 0x10f0 fhtsadkp - ok
11:09:25.0381 0x10f0 fhubfcud - ok
11:09:25.0397 0x10f0 fiebtesu - ok
11:09:25.0397 0x10f0 fieileyv - ok
11:09:25.0412 0x10f0 fijoqxpx - ok
11:09:25.0428 0x10f0 [ 457B7D1D533E4BD62A99AED9C7BB4C59, 3933907DE163F8D3A81ED25169B693D723296C437C7C990BFE9DEFD60F7635FD ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:09:25.0444 0x10f0 FileInfo - ok
11:09:25.0490 0x10f0 [ D421327FD6EFCCAF884A54C58E1B0D7F, C2F3B72EA36BA8B74A30E128C088307CA768FDBE232BFA216CD78B0F9B7AF18A ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:09:25.0553 0x10f0 Filetrace - ok
11:09:25.0553 0x10f0 fiqbubku - ok
11:09:25.0568 0x10f0 firocczj - ok
11:09:25.0568 0x10f0 fivdiiod - ok
11:09:25.0584 0x10f0 fjjkdozx - ok
11:09:25.0584 0x10f0 fjjxudbv - ok
11:09:25.0600 0x10f0 fjlttyll - ok
11:09:25.0600 0x10f0 fjopnxbe - ok
11:09:25.0631 0x10f0 fjsspzuv - ok
11:09:25.0646 0x10f0 fjwjuwqw - ok
11:09:25.0646 0x10f0 fkaczhnt - ok
11:09:25.0662 0x10f0 fkjldjan - ok
11:09:25.0662 0x10f0 fkpzvfmr - ok
11:09:25.0678 0x10f0 fktmnfxl - ok
11:09:25.0678 0x10f0 fkwctjot - ok
11:09:25.0693 0x10f0 fkxsafel - ok
11:09:25.0693 0x10f0 fkyvppli - ok
11:09:25.0693 0x10f0 fkyyjmgv - ok
11:09:25.0709 0x10f0 flfivfjf - ok
11:09:25.0709 0x10f0 flgihgdp - ok
11:09:25.0724 0x10f0 flhaheqi - ok
11:09:25.0787 0x10f0 [ 230923EA2B80F79B0F88D90F87B87EBD, 1F3287970FEC73011F3B675C447BF0CA35416490D4740C6960595B091181059C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:09:25.0818 0x10f0 flpydisk - ok
11:09:25.0880 0x10f0 [ E3041BC26D6930D61F42AEDB79C91720, 3556C033BB78445EC8B2F98A82455914764AFC70CBFF634DDBD3539885A1E457 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:09:25.0912 0x10f0 FltMgr - ok
11:09:25.0912 0x10f0 fmbeufkh - ok
11:09:25.0927 0x10f0 fmkkaeew - ok
11:09:25.0927 0x10f0 fmqsnxrk - ok
11:09:25.0943 0x10f0 fmswlqhk - ok
11:09:25.0990 0x10f0 fmxzmrdj - ok
11:09:25.0990 0x10f0 fnmjdpir - ok
11:09:25.0990 0x10f0 fnoosuuo - ok
11:09:26.0005 0x10f0 fnusgsps - ok
11:09:26.0005 0x10f0 fnxzqrsj - ok
11:09:26.0114 0x10f0 [ F937F278E44138C0386FA1DE69B1F72B, 49180522CCCB5377B5B3A7EF8B9697FBE19A1E5D84BC282D24C39B3D52698851 ] FontCache C:\Windows\system32\FntCache.dll
11:09:26.0177 0x10f0 FontCache - ok
11:09:26.0270 0x10f0 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E, B21CA5F14BDB6CFD97A24C28BB2AD0D704C46058F13B01FF4203514FE8B92591 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:09:26.0286 0x10f0 FontCache3.0.0.0 - ok
11:09:26.0302 0x10f0 foojfmnd - ok
11:09:26.0302 0x10f0 foxiljat - ok
11:09:26.0317 0x10f0 fpcvtjlo - ok
11:09:26.0317 0x10f0 fpfalykm - ok
11:09:26.0317 0x10f0 fpiljrwp - ok
11:09:26.0333 0x10f0 fplnqatw - ok
11:09:26.0333 0x10f0 fqayixpt - ok
11:09:26.0348 0x10f0 fqhbgmdr - ok
11:09:26.0364 0x10f0 fqjrifxn - ok
11:09:26.0364 0x10f0 fqvgakkd - ok
11:09:26.0380 0x10f0 fqwahadp - ok
11:09:26.0380 0x10f0 fqwlziln - ok
11:09:26.0395 0x10f0 frijqmms - ok
11:09:26.0395 0x10f0 frkaosna - ok
11:09:26.0411 0x10f0 frnqihoq - ok
11:09:26.0411 0x10f0 frrcnarr - ok
11:09:26.0426 0x10f0 frtotump - ok
11:09:26.0426 0x10f0 fruvqgwu - ok
11:09:26.0442 0x10f0 fsfbrkyx - ok
11:09:26.0442 0x10f0 fsjlxobh - ok
11:09:26.0458 0x10f0 fsnrdpxi - ok
11:09:26.0629 0x10f0 [ 07DA62C960DDCCC2D35836AEAB4FC578, C67A29E928AF59BF7FB573FAC2176C5598F595406AA90DDB4A364A15BC89A6C4 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
11:09:26.0645 0x10f0 fssfltr - ok
11:09:27.0316 0x10f0 [ 28DDEEEC44E988657B732CF404D504CB, 47F83018E5449CDCED3DD447991788EBAAC92C418D4513FBA9408C45E9AB8E7E ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
11:09:27.0456 0x10f0 fsssvc - ok
11:09:27.0456 0x10f0 fszxecgb - ok
11:09:27.0534 0x10f0 [ 5779B86CD8B32519FBECB136394D946A, 68A395CD2287D22CB5C8CFE5A3006A61AC0C3FDAADF166C93240FF83C0315DCF ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:09:27.0550 0x10f0 Fs_Rec - ok
11:09:27.0550 0x10f0 fthtjzyk - ok
11:09:27.0565 0x10f0 ftlupgrt - ok
11:09:27.0565 0x10f0 ftmerdxn - ok
11:09:27.0581 0x10f0 fueegzyg - ok
11:09:27.0581 0x10f0 fujgdhdw - ok
11:09:27.0596 0x10f0 fumsaexk - ok
11:09:27.0659 0x10f0 fupdgpdd - ok
11:09:27.0674 0x10f0 fusyahil - ok
11:09:27.0674 0x10f0 futgxqrw - ok
11:09:27.0690 0x10f0 fuwmmwmr - ok
11:09:27.0690 0x10f0 fuxglngk - ok
11:09:27.0706 0x10f0 fuzvojlq - ok
11:09:27.0706 0x10f0 fvbafsyl - ok
11:09:27.0706 0x10f0 fvedeagv - ok
11:09:27.0721 0x10f0 fvksecdj - ok
11:09:27.0737 0x10f0 fvlyilla - ok
11:09:27.0830 0x10f0 fvpajvxr - ok
11:09:27.0846 0x10f0 fvsssdul - ok
11:09:27.0862 0x10f0 fvvtjgxy - ok
11:09:27.0862 0x10f0 fwcraynb - ok
11:09:27.0877 0x10f0 fwenljbc - ok
11:09:27.0893 0x10f0 fwkkzqpx - ok
11:09:27.0893 0x10f0 fwknlzyw - ok
11:09:27.0908 0x10f0 fxbwrwul - ok
11:09:27.0908 0x10f0 fxkjaitr - ok
11:09:27.0924 0x10f0 fxppnhyn - ok
11:09:27.0924 0x10f0 fxpwwqfg - ok
11:09:27.0924 0x10f0 fxqolcba - ok
11:09:27.0940 0x10f0 fyheklvb - ok
11:09:27.0940 0x10f0 fymfnfwk - ok
11:09:27.0955 0x10f0 fypretax - ok
11:09:27.0955 0x10f0 fyqqqgrp - ok
11:09:27.0971 0x10f0 fywgrxqf - ok
11:09:

Edited by brownhornet
Link to comment
Share on other sites

Can't see the entire log it's been cut off

What did the scan say?, did it find anything?

 

Look over this tutorial to show all files and folders, then proceed with instructions below.

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows-vista/

 

~~~

Please go to one of the below sites to scan the following files:

Virus Total (Recommended)

jotti.org

VirScan

click on Browse, and upload the following file for analysis:

 

C:\Windows\system32\drivers\apowqhqr.sys

 

 

Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.

If it says already scanned -- click "reanalyze now"

Please post the results in your next reply.

 

Also have this file scanned

C:\Windows\system32\drivers\bvcckxzu.sys

 

Post the results here. I think there is still alot going on that we're not seeing.

Link to comment
Share on other sites

full log scan i hope, will run other test now and post back

 

11:08:04.0025 0x0da4 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
11:08:08.0986 0x0da4 ============================================================
11:08:08.0986 0x0da4 Current date / time: 2015/02/12 11:08:08.0986
11:08:08.0986 0x0da4 SystemInfo:
11:08:08.0986 0x0da4
11:08:08.0986 0x0da4 OS Version: 6.0.6002 ServicePack: 2.0
11:08:08.0986 0x0da4 Product type: Workstation
11:08:08.0986 0x0da4 ComputerName: DEFAULT-PC
11:08:08.0986 0x0da4 UserName: Default
11:08:08.0986 0x0da4 Windows directory: C:\Windows
11:08:08.0986 0x0da4 System windows directory: C:\Windows
11:08:08.0986 0x0da4 Running under WOW64
11:08:08.0986 0x0da4 Processor architecture: Intel x64
11:08:08.0986 0x0da4 Number of processors: 2
11:08:08.0986 0x0da4 Page size: 0x1000
11:08:08.0986 0x0da4 Boot type: Normal boot
11:08:08.0986 0x0da4 ============================================================
11:08:09.0142 0x0da4 KLMD registered as C:\Windows\system32\drivers\25351510.sys
11:08:09.0438 0x0da4 System UUID: {3639A352-87F7-E1A9-E091-3DE6B72CBAD2}
11:08:09.0984 0x0da4 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:08:10.0016 0x0da4 ============================================================
11:08:10.0016 0x0da4 \Device\Harddisk0\DR0:
11:08:10.0016 0x0da4 MBR partitions:
11:08:10.0016 0x0da4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x389F6A7E
11:08:10.0016 0x0da4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x389F6ABD, BlocksNum 0x198E184
11:08:10.0016 0x0da4 ============================================================
11:08:10.0078 0x0da4 C: <-> \Device\Harddisk0\DR0\Partition1
11:08:10.0140 0x0da4 D: <-> \Device\Harddisk0\DR0\Partition2
11:08:10.0140 0x0da4 ============================================================
11:08:10.0140 0x0da4 Initialize success
11:08:10.0140 0x0da4 ============================================================
11:08:52.0026 0x10f0 ============================================================
11:08:52.0026 0x10f0 Scan started
11:08:52.0026 0x10f0 Mode: Manual; SigCheck; TDLFS;
11:08:52.0026 0x10f0 ============================================================
11:08:52.0026 0x10f0 KSN ping started
11:09:05.0973 0x10f0 KSN ping finished: true
11:09:06.0956 0x10f0 ================ Scan system memory ========================
11:09:06.0956 0x10f0 System memory - ok
11:09:06.0956 0x10f0 ================ Scan services =============================
11:09:07.0034 0x10f0 [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
11:09:07.0143 0x10f0 !SASCORE - ok
11:09:07.0346 0x10f0 aaitnpec - ok
11:09:07.0346 0x10f0 aakcbixx - ok
11:09:07.0361 0x10f0 aakseyra - ok
11:09:07.0361 0x10f0 aaoyrtzl - ok
11:09:07.0377 0x10f0 aauzykor - ok
11:09:07.0377 0x10f0 abakocns - ok
11:09:07.0439 0x10f0 abawojvx - ok
11:09:07.0455 0x10f0 abgiubzh - ok
11:09:07.0455 0x10f0 abvqpxnn - ok
11:09:07.0470 0x10f0 acalpwrh - ok
11:09:07.0470 0x10f0 acduhfso - ok
11:09:07.0517 0x10f0 acgaroke - ok
11:09:07.0626 0x10f0 [ 1965AAFFAB07E3FB03C77F81BEBA3547, 351A1EBB1B95C8E03ED125C8F997DEE810B4DF36AD290E7685FC01963B522BFC ] ACPI C:\Windows\system32\drivers\acpi.sys
11:09:07.0658 0x10f0 ACPI - ok
11:09:07.0658 0x10f0 acroctxh - ok
11:09:07.0689 0x10f0 acsdjoil - ok
11:09:07.0689 0x10f0 acslaxlr - ok
11:09:07.0704 0x10f0 actmizpc - ok
11:09:07.0704 0x10f0 adblgpdu - ok
11:09:07.0704 0x10f0 adirovea - ok
11:09:07.0720 0x10f0 adklclte - ok
11:09:07.0736 0x10f0 admpsidu - ok
11:09:07.0736 0x10f0 admskhgc - ok
11:09:07.0845 0x10f0 [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:09:07.0860 0x10f0 AdobeFlashPlayerUpdateSvc - ok
11:09:07.0923 0x10f0 [ F14215E37CF124104575073F782111D2, 7F624F7F0FE9909C07AB2E4C74727686FDA9DF33778A9CBBE35027D6579E4F71 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:09:07.0954 0x10f0 adp94xx - ok
11:09:08.0001 0x10f0 [ 7D05A75E3066861A6610F7EE04FF085C, 406F2CE539C306BA60C233FBCDB029153588F0499BBE91E66FC915E5C5D7D2A5 ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:09:08.0016 0x10f0 adpahci - ok
11:09:08.0032 0x10f0 adpaoivq - ok
11:09:08.0063 0x10f0 [ 820A201FE08A0C345B3BEDBC30E1A77C, 3170B308724CAA0AD50B74D045C837C48BD6A3A11ABA222670BEA82192A861BF ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
11:09:08.0079 0x10f0 adpu160m - ok
11:09:08.0094 0x10f0 [ 9B4AB6854559DC168FBB4C24FC52E794, 83CD75DE0A16AE66586837565ECA8B98BA9309519139C4C2032474B8DDF5A1AD ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:09:08.0110 0x10f0 adpu320 - ok
11:09:08.0157 0x10f0 adrcvhju - ok
11:09:08.0235 0x10f0 adzvbqnn - ok
11:09:08.0235 0x10f0 aebtcggm - ok
11:09:08.0250 0x10f0 aedgprnm - ok
11:09:08.0250 0x10f0 aehxulja - ok
11:09:08.0282 0x10f0 [ 0F421175574BFE0BF2F4D8E910A253BB, CEABE3A4F546EB6ACA079931AB532DC88FF757DEEF6F434991802220328A9CD6 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:09:08.0313 0x10f0 AeLookupSvc - ok
11:09:08.0313 0x10f0 aepezbci - ok
11:09:08.0328 0x10f0 aevjwvxv - ok
11:09:08.0328 0x10f0 afcgctnw - ok
11:09:08.0391 0x10f0 [ C4F6CE6087760AD70960C9EB130E7943, A2812502096FCA8CA8003DA34967CE7030CDEDC1D3B466F3A93C99EBACA4A2FE ] AFD C:\Windows\system32\drivers\afd.sys
11:09:08.0422 0x10f0 AFD - ok
11:09:08.0422 0x10f0 afigkgym - ok
11:09:08.0438 0x10f0 afktgyim - ok
11:09:08.0438 0x10f0 afoipuqm - ok
11:09:08.0438 0x10f0 afzazczk - ok
11:09:08.0453 0x10f0 agjrlssq - ok
11:09:08.0484 0x10f0 [ F6F6793B7F17B550ECFDBD3B229173F7, 7EB12A9372B7966440E39F1B567A43C21231D67DDFAA9C1DECC7E68627F82346 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:09:08.0500 0x10f0 agp440 - ok
11:09:08.0500 0x10f0 agsnomje - ok
11:09:08.0562 0x10f0 agszpvci - ok
11:09:08.0578 0x10f0 ahctjjgt - ok
11:09:08.0578 0x10f0 ahhgvfuv - ok
11:09:08.0594 0x10f0 ahmhlscf - ok
11:09:08.0594 0x10f0 ahqfknnv - ok
11:09:08.0594 0x10f0 ahskicvg - ok
11:09:08.0609 0x10f0 aiabwrod - ok
11:09:08.0625 0x10f0 aiazorak - ok
11:09:08.0672 0x10f0 [ 222CB641B4B8A1D1126F8033F9FD6A00, 8C7FD4BF87DC00893B99E64344C0E6A3F321DAD9BE60A99763629260E7C6312C ] aic78xx C:\Windows\system32\drivers\djsvs.sys
11:09:08.0687 0x10f0 aic78xx - ok
11:09:08.0703 0x10f0 aijvtjrj - ok
11:09:08.0703 0x10f0 ainvzghc - ok
11:09:08.0718 0x10f0 airxxmqq - ok
11:09:08.0734 0x10f0 ajdcvehf - ok
11:09:08.0734 0x10f0 ajfzucoh - ok
11:09:08.0734 0x10f0 ajhpygmc - ok
11:09:08.0750 0x10f0 ajrgdhit - ok
11:09:08.0750 0x10f0 ajxfxxmw - ok
11:09:08.0765 0x10f0 ajzipmun - ok
11:09:08.0765 0x10f0 akcathmx - ok
11:09:08.0781 0x10f0 akdrjctj - ok
11:09:08.0781 0x10f0 akeexlog - ok
11:09:08.0796 0x10f0 akiafucy - ok
11:09:08.0796 0x10f0 akmergnj - ok
11:09:08.0812 0x10f0 alcpgikt - ok
11:09:08.0812 0x10f0 alffhwbk - ok
11:09:08.0828 0x10f0 [ 5922F4F59B7868F3D74BBBBEB7B825A3, 71504BC8B596F540BF059059670BC0C138D8759C1DD9F99F1EC368FD5C53F573 ] ALG C:\Windows\System32\alg.exe
11:09:08.0874 0x10f0 ALG - ok
11:09:08.0890 0x10f0 alhirycg - ok
11:09:08.0921 0x10f0 [ 157D0898D4B73F075CE9FA26B482DF98, 84C3E163D7393FD306842F155C88A50B7D8AE88B59586F9014DB76B749CC33D5 ] aliide C:\Windows\system32\drivers\aliide.sys
11:09:08.0921 0x10f0 aliide - ok
11:09:08.0937 0x10f0 alklhxya - ok
11:09:08.0952 0x10f0 alkndprw - ok
11:09:08.0952 0x10f0 almtyzia - ok
11:09:08.0968 0x10f0 alzfnobt - ok
11:09:08.0968 0x10f0 amafadqp - ok
11:09:08.0984 0x10f0 amaqvwrn - ok
11:09:09.0015 0x10f0 [ DDEA39A56B801A675E118429AF6A30D2, D61A702E8777514A6926D1D5EB180F33C6317871013B355E7C17FE37C14C5D7F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:09:09.0046 0x10f0 AMD External Events Utility - ok
11:09:09.0093 0x10f0 [ 970FA5059E61E30D25307B99903E991E, CFB241803A63EA3469B2596462A42DDCA813B3ACF96E56BB34F5979BB34DDC32 ] amdide C:\Windows\system32\drivers\amdide.sys
11:09:09.0108 0x10f0 amdide - ok
11:09:09.0186 0x10f0 [ CDC3632A3A5EA4DBB83E46076A3165A1, 40BE3451A3F29CD3352360FF72165C54237E44D01006390805D493B0D06F51DB ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:09:09.0218 0x10f0 AmdK8 - ok
11:09:09.0701 0x10f0 [ 7F2BDD27F3611041D6B0D6C565A748A7, F74A3589253AAEDAFB15D5C439771339FC3B78B1CE51409A630822B653D4885D ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:09:10.0903 0x10f0 amdkmdag - ok
11:09:11.0013 0x10f0 [ 8E2A3479CF4E871F37D0F023692E6694, BE995D5679ABEF800E24208A068C44A10607305A8C328FF29A11DCAAB4D18FBB ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:09:11.0044 0x10f0 amdkmdap - ok
11:09:11.0075 0x10f0 amhnvjni - ok
11:09:11.0137 0x10f0 amjbvlry - ok
11:09:11.0137 0x10f0 amjjrcjv - ok
11:09:11.0153 0x10f0 amwrbvga - ok
11:09:11.0200 0x10f0 andjcdxw - ok
11:09:11.0200 0x10f0 anxmweak - ok
11:09:11.0200 0x10f0 anyxqhik - ok
11:09:11.0215 0x10f0 aoavmuzo - ok
11:09:11.0215 0x10f0 aofwaldl - ok
11:09:11.0231 0x10f0 aojscjmu - ok
11:09:11.0231 0x10f0 aolskbry - ok
11:09:11.0247 0x10f0 aoqkjfel - ok
11:09:11.0247 0x10f0 apdtihrl - ok
11:09:11.0247 0x10f0 apowqhqr - ok
11:09:11.0310 0x10f0 [ 9C37B3FD5615477CB9A0CD116CF43F5C, BD3F85A29931072F2B0C7283761E224E4621FE0D9D34D6D668A4516B28388484 ] Appinfo C:\Windows\System32\appinfo.dll
11:09:11.0326 0x10f0 Appinfo - ok
11:09:11.0435 0x10f0 [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:09:11.0450 0x10f0 Apple Mobile Device - ok
11:09:11.0466 0x10f0 apqxliea - ok
11:09:11.0466 0x10f0 apyktdiy - ok
11:09:11.0466 0x10f0 aqkgffsx - ok
11:09:11.0513 0x10f0 [ BA8417D4765F3988FF921F30F630E303, 876A8F34E578020DD9EDD64F7F77A0A3B4592EC568830B500D7EA844D3159C72 ] arc C:\Windows\system32\drivers\arc.sys
11:09:11.0528 0x10f0 arc - ok
11:09:11.0606 0x10f0 [ 9D41C435619733B34CC16A511E644B11, DEFFBBB5ECE33B7DF949DF979188AF3B6674E7580FC069397AB756EA84E24822 ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:09:11.0622 0x10f0 arcsas - ok
11:09:11.0638 0x10f0 aroegcgd - ok
11:09:11.0669 0x10f0 arpyctfi - ok
11:09:11.0669 0x10f0 arvxqwne - ok
11:09:11.0700 0x10f0 asdusdjy - ok
11:09:11.0716 0x10f0 aspnet_state - ok
11:09:11.0731 0x10f0 asrkmecj - ok
11:09:11.0747 0x10f0 assaqghx - ok
11:09:11.0794 0x10f0 [ 9BE9F2B83DE80E2752B1405CC427E2EC, 6015CA66553B3B882083B33F24FB338249A110D9769831C3D3D3C681AAFA9411 ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
11:09:11.0825 0x10f0 aswHwid - ok
11:09:11.0872 0x10f0 [ DE13ACC4B3EA66B4FBED7CF322807C90, E62AC03B66E69C43BBF275C10A79D88A6CCD782A8257114335464400E57A5639 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
11:09:11.0887 0x10f0 aswMonFlt - ok
11:09:11.0918 0x10f0 [ 879FBA8EFE252F02F9D1BBCE614A5B94, 34CAD7C8F7CDBFC7E7DBEB9839EEF14910ECE78B29BEEC38C67FDCDA31A3A82C ] aswRdr C:\Windows\system32\drivers\aswRdr.sys
11:09:11.0934 0x10f0 aswRdr - ok
11:09:11.0981 0x10f0 [ 1323269A92645705DEFA053F3596829D, 83EC58E0577A1E45D1FCBC0C0AF182099FB70B9005B9F8161166EBB4E9F58F35 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
11:09:11.0996 0x10f0 aswRvrt - ok
11:09:12.0215 0x10f0 [ E74FD717476B30E23F45354B8F3ACB30, 951D1655E1FA4CF0ACB29F2EEDDB3B42522D392F46DD826C63DCA8941E17ABA8 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
11:09:12.0262 0x10f0 aswSnx - ok
11:09:12.0324 0x10f0 [ B1881A01E301990B671694CA1623F1B6, 5299C713EA7CF96F0550943DB37E963CDA09258F65C471CCEEAB44C4736B7A08 ] aswSP C:\Windows\system32\drivers\aswSP.sys
11:09:12.0340 0x10f0 aswSP - ok
11:09:12.0402 0x10f0 [ B27B6E9062013BEDAEEB7C44BC38B9FD, 6264B0C71E3BD70A1305F4E469C087F54AA7B5354D97FF2A5E3A381FAE4E7D1A ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
11:09:12.0418 0x10f0 aswTdi - ok
11:09:12.0464 0x10f0 [ 1A5BDDE65B648DC3AD48B6ECAA3AE9C8, 858F674C3B775F9C8C782B7AFAC0B02AE9410C9F3B7F5B3AE1C4AD3BF6448C14 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
11:09:12.0496 0x10f0 aswVmm - ok
11:09:12.0511 0x10f0 [ 22D13FF3DAFEC2A80634752B1EAA2DE6, 503F7E5F1B14D3F7AEAB0982E812B19DABE38FD4104D93922F50F0B2D19BECFB ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:09:12.0558 0x10f0 AsyncMac - ok
11:09:12.0620 0x10f0 [ 1898FAE8E07D97F2F6C2D5326C633FAC, 62142E7B720C0A7FAD36577EE985B5793CB395574A3ECA9F2AF613C0F889D39C ] atapi C:\Windows\system32\drivers\atapi.sys
11:09:12.0636 0x10f0 atapi - ok
11:09:12.0683 0x10f0 atdhoswd - ok
11:09:12.0761 0x10f0 [ 917692CDF8E1CE00D9752FA40615338B, 13CC566C3DC5C5EAC956A6D7AC0181231388C018639372E273CEAEC55575EBB4 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH6.sys
11:09:12.0776 0x10f0 AtiHDAudioService - ok
11:09:13.0369 0x10f0 [ 7F2BDD27F3611041D6B0D6C565A748A7, F74A3589253AAEDAFB15D5C439771339FC3B78B1CE51409A630822B653D4885D ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:09:14.0414 0x10f0 atikmdag - ok
11:09:14.0446 0x10f0 atjiojel - ok
11:09:14.0477 0x10f0 attazjui - ok
11:09:14.0539 0x10f0 [ 79318C744693EC983D20E9337A2F8196, 94226786EF8A101C2E805C6BA3C1CF46628BAF1AFCECBC1FAB7A7E7E5E642608 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:09:14.0617 0x10f0 AudioEndpointBuilder - ok
11:09:14.0648 0x10f0 [ 79318C744693EC983D20E9337A2F8196, 94226786EF8A101C2E805C6BA3C1CF46628BAF1AFCECBC1FAB7A7E7E5E642608 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:09:14.0711 0x10f0 AudioSrv - ok
11:09:14.0726 0x10f0 auilbkqj - ok
11:09:14.0758 0x10f0 aukqqlhi - ok
11:09:14.0773 0x10f0 aukzhcxm - ok
11:09:14.0773 0x10f0 aushtvdh - ok
11:09:14.0789 0x10f0 autlkbco - ok
11:09:14.0789 0x10f0 auwbqokw - ok
11:09:14.0867 0x10f0 [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:09:14.0882 0x10f0 avast! Antivirus - ok
11:09:14.0898 0x10f0 avbzfeta - ok
11:09:14.0914 0x10f0 avhdxbfu - ok
11:09:14.0914 0x10f0 avjujbqz - ok
11:09:14.0929 0x10f0 avkfwwfk - ok
11:09:14.0929 0x10f0 avwiqknu - ok
11:09:14.0945 0x10f0 awbpzlys - ok
11:09:14.0945 0x10f0 awdcehom - ok
11:09:14.0960 0x10f0 awtrxkoq - ok
11:09:14.0992 0x10f0 awvldegy - ok
11:09:14.0992 0x10f0 axbfxtpu - ok
11:09:15.0007 0x10f0 axlawvvm - ok
11:09:15.0023 0x10f0 axwngkut - ok
11:09:15.0023 0x10f0 axznppkf - ok
11:09:15.0038 0x10f0 ayuqmrqr - ok
11:09:15.0038 0x10f0 azhkfebi - ok
11:09:15.0038 0x10f0 azizoxph - ok
11:09:15.0054 0x10f0 azmtuwjy - ok
11:09:15.0054 0x10f0 azxevlte - ok
11:09:15.0070 0x10f0 baehscip - ok
11:09:15.0070 0x10f0 bagwvyih - ok
11:09:15.0070 0x10f0 baibofaq - ok
11:09:15.0085 0x10f0 bakqucje - ok
11:09:15.0101 0x10f0 bavtfeup - ok
11:09:15.0101 0x10f0 bazrcdlw - ok
11:09:15.0132 0x10f0 bbayhaqv - ok
11:09:15.0132 0x10f0 bbcbebbe - ok
11:09:15.0148 0x10f0 bbdryifq - ok
11:09:15.0163 0x10f0 bbiscxre - ok
11:09:15.0179 0x10f0 bbrpriot - ok
11:09:15.0179 0x10f0 bbvkgijg - ok
11:09:15.0179 0x10f0 bbygoiua - ok
11:09:15.0194 0x0d2c Object required for P2P: [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI
11:09:15.0194 0x10f0 bcfdjwts - ok
11:09:15.0210 0x10f0 bcipjluv - ok
11:09:15.0210 0x10f0 bclpsyqv - ok
11:09:15.0304 0x10f0 [ 6163664C7E9CD110AF70180C126C3FDC, 9A801295CDE2BDE4EE0E96C610E4C01F6915DBDA2104D0E8873AFF1BC34A0FA1 ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
11:09:15.0319 0x10f0 BcmSqlStartupSvc - ok
11:09:15.0335 0x10f0 bcyagtdy - ok
11:09:15.0335 0x10f0 bczchigy - ok
11:09:15.0350 0x10f0 bczutmqv - ok
11:09:15.0350 0x10f0 bdcxooeh - ok
11:09:15.0366 0x10f0 bdqscjnr - ok
11:09:15.0366 0x10f0 Beep - ok
11:09:15.0382 0x10f0 beohfqgd - ok
11:09:15.0382 0x10f0 bewcvgbb - ok
11:09:15.0382 0x10f0 bewkjfqo - ok
11:09:15.0397 0x10f0 bewnmaxc - ok
11:09:15.0397 0x10f0 bfaqhzjc - ok
11:09:15.0413 0x10f0 bfcketri - ok
11:09:15.0475 0x10f0 [ FFB96C2589FFA60473EAD78B39FBDE29, 6A2792753E2CB580672B3107C0DBB9D26B6DAA14B37D5EC314BD0E304197E03E ] BFE C:\Windows\System32\bfe.dll
11:09:15.0522 0x10f0 BFE - ok
11:09:15.0538 0x10f0 bfetyuby - ok
11:09:15.0553 0x10f0 bfnvgwva - ok
11:09:15.0553 0x10f0 bfxvbsop - ok
11:09:15.0569 0x10f0 bgugefzf - ok
11:09:15.0584 0x10f0 bgwnfedv - ok
11:09:15.0584 0x10f0 bhbvjnsq - ok
11:09:15.0584 0x10f0 bhegrsug - ok
11:09:15.0600 0x10f0 bhgxyjma - ok
11:09:15.0616 0x10f0 bhkmsaox - ok
11:09:15.0631 0x10f0 bhljvjzw - ok
11:09:15.0631 0x10f0 bhsiypit - ok
11:09:15.0647 0x10f0 bhsomeom - ok
11:09:15.0647 0x10f0 bhtpgvit - ok
11:09:15.0647 0x10f0 biejkzbr - ok
11:09:15.0662 0x10f0 biroahmj - ok
11:09:15.0662 0x10f0 bistzwzb - ok
11:09:15.0740 0x10f0 [ 6D316F4859634071CC25C4FD4589AD2C, 73F69AC9E505F3B11A3CCFF8571930229A9058E672CD008A4BF26C0189564EAE ] BITS C:\Windows\system32\qmgr.dll
11:09:15.0818 0x10f0 BITS - ok
11:09:15.0818 0x10f0 biyvljqb - ok
11:09:15.0834 0x10f0 bjqodkku - ok
11:09:15.0834 0x10f0 bjusgfxu - ok
11:09:15.0865 0x10f0 bkclqepx - ok
11:09:15.0881 0x10f0 bkdujwyy - ok
11:09:15.0881 0x10f0 bkgdjwcp - ok
11:09:15.0896 0x10f0 bkhmehtw - ok
11:09:15.0896 0x10f0 bkjhaxya - ok
11:09:15.0912 0x10f0 bkjxozfb - ok
11:09:15.0912 0x10f0 bkkciuto - ok
11:09:15.0928 0x10f0 bknlwdga - ok
11:09:15.0928 0x10f0 bknzzstl - ok
11:09:15.0959 0x10f0 bkrzdotq - ok
11:09:15.0974 0x10f0 [ 79FEEB40056683F8F61398D81DDA65D2, 5EA3016194F71A2A2177C2B5129E82738EC621ACAD269809F4C131B72CFEB6C6 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
11:09:16.0006 0x10f0 blbdrive - ok
11:09:16.0021 0x10f0 blbtocbg - ok
11:09:16.0021 0x10f0 blckxzga - ok
11:09:16.0037 0x10f0 bldajpew - ok
11:09:16.0037 0x10f0 blpxfvrz - ok
11:09:16.0037 0x10f0 blrvjvpv - ok
11:09:16.0068 0x10f0 blwygwbq - ok
11:09:16.0084 0x10f0 blxwpfon - ok
11:09:16.0084 0x10f0 bmamnida - ok
11:09:16.0099 0x10f0 bmavyxgy - ok
11:09:16.0099 0x10f0 bmbixfti - ok
11:09:16.0115 0x10f0 bmharneq - ok
11:09:16.0115 0x10f0 bmpejquj - ok
11:09:16.0130 0x10f0 bnaykkue - ok
11:09:16.0146 0x10f0 bnmyyflh - ok
11:09:16.0146 0x10f0 bnpjxdqu - ok
11:09:16.0162 0x10f0 boddpjgg - ok
11:09:16.0162 0x10f0 bofqlxsr - ok
11:09:16.0177 0x10f0 boktthuv - ok
11:09:16.0177 0x10f0 bonftweh - ok
11:09:16.0240 0x10f0 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:09:16.0318 0x10f0 Bonjour Service - ok
11:09:16.0333 0x10f0 bonvzlmn - ok
11:09:16.0333 0x10f0 borxkjqt - ok
11:09:16.0349 0x10f0 botzahpe - ok
11:09:16.0349 0x10f0 bouvqeur - ok
11:09:16.0396 0x10f0 [ 2348447A80920B2493A9B582A23E81E1, 50F9242B7104607E633ABAF4E0A213C1C1226BF81F7FB4E216A9E878247B868C ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:09:16.0427 0x10f0 bowser - ok
11:09:16.0427 0x10f0 bpaqzkdj - ok
11:09:16.0427 0x10f0 bpkwaztg - ok
11:09:16.0442 0x10f0 bpsxdmer - ok
11:09:16.0442 0x10f0 bptsxrxn - ok
11:09:16.0458 0x10f0 bpynvglv - ok
11:09:16.0489 0x10f0 bqbvgvjs - ok
11:09:16.0505 0x10f0 bqjqqouf - ok
11:09:16.0505 0x10f0 brcuilax - ok
11:09:16.0536 0x10f0 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
11:09:16.0567 0x10f0 BrFiltLo - ok
11:09:16.0583 0x10f0 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
11:09:16.0630 0x10f0 BrFiltUp - ok
11:09:16.0645 0x10f0 brjnvbmo - ok
11:09:16.0645 0x10f0 brnodiaq - ok
11:09:16.0676 0x10f0 [ A1B39DE453433B115B4EA69EE0343816, 61441E7E9D5259A5987DBD3FC8D4E3221A57F42C7CC0F94DB48E80EEF96CA5D4 ] Browser C:\Windows\System32\browser.dll
11:09:16.0723 0x10f0 Browser - ok
11:09:16.0723 0x10f0 brrlhszm - ok
11:09:16.0801 0x10f0 [ F0F0BA4D815BE446AA6A4583CA3BCA9B, E0A5DB5A0C7D6AF93ED45F34D2597F77982DFF41E4FDAC827FE5D80323ADED60 ] Brserid C:\Windows\system32\drivers\brserid.sys
11:09:16.0848 0x10f0 Brserid - ok
11:09:16.0864 0x10f0 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
11:09:16.0910 0x10f0 BrSerWdm - ok
11:09:16.0942 0x10f0 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
11:09:16.0988 0x10f0 BrUsbMdm - ok
11:09:17.0004 0x10f0 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
11:09:17.0051 0x10f0 BrUsbSer - ok
11:09:17.0066 0x10f0 brwucpkc - ok
11:09:17.0066 0x10f0 bsdtnekh - ok
11:09:17.0082 0x10f0 bseeuoax - ok
11:09:17.0082 0x10f0 bsmzbvva - ok
11:09:17.0082 0x10f0 bsuocqqx - ok
11:09:17.0098 0x10f0 btawjfgj - ok
11:09:17.0144 0x10f0 [ E0777B34E05F8A82A21856EFC900C29F, A7ACE3C65D1773C50ACD98A13B3ADBDD2A6052D7F5D124CB6EE6E7C22151A424 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:09:17.0238 0x10f0 BTHMODEM - ok
11:09:17.0238 0x10f0 btiibvtv - ok
11:09:17.0254 0x10f0 btrjvqbd - ok
11:09:17.0269 0x10f0 btshbyea - ok
11:09:17.0269 0x10f0 btzufyrs - ok
11:09:17.0285 0x10f0 buixqics - ok
11:09:17.0285 0x10f0 bumankug - ok
11:09:17.0285 0x10f0 busymyoe - ok
11:09:17.0300 0x10f0 buvfilpg - ok
11:09:17.0300 0x10f0 buxefsxj - ok
11:09:17.0316 0x10f0 bvbqboky - ok
11:09:17.0316 0x10f0 bvcckxzu - ok
11:09:17.0332 0x10f0 bvdyggqn - ok
11:09:17.0347 0x10f0 bvjjbrfx - ok
11:09:17.0363 0x10f0 bvkelbcv - ok
11:09:17.0363 0x10f0 bvpakqyf - ok
11:09:17.0378 0x10f0 bvrwuggv - ok
11:09:17.0378 0x10f0 bvubgwks - ok
11:09:17.0378 0x10f0 bvvjmhka - ok
11:09:17.0394 0x10f0 bvyfuzjg - ok
11:09:17.0394 0x10f0 bvynbasd - ok
11:09:17.0410 0x10f0 bwhqituh - ok
11:09:17.0410 0x10f0 bwizgmqw - ok
11:09:17.0425 0x10f0 bwnypgva - ok
11:09:17.0425 0x10f0 bxabqpqa - ok
11:09:17.0441 0x10f0 bxdipfzq - ok
11:09:17.0441 0x10f0 bxnsqvyc - ok
11:09:17.0441 0x10f0 bxoexumr - ok
11:09:17.0456 0x10f0 bxpdllfa - ok
11:09:17.0456 0x10f0 bxrdjymj - ok
11:09:17.0472 0x10f0 bynwggnk - ok
11:09:17.0472 0x10f0 bywihiyk - ok
11:09:17.0472 0x10f0 bzfwpzhs - ok
11:09:17.0488 0x10f0 bzosbetv - ok
11:09:17.0488 0x10f0 bzukxoke - ok
11:09:17.0503 0x10f0 caanwrku - ok
11:09:17.0503 0x10f0 cabrfeei - ok
11:09:17.0519 0x10f0 cagupbao - ok
11:09:17.0519 0x10f0 canuhhja - ok
11:09:17.0519 0x10f0 canyjqrl - ok
11:09:17.0534 0x10f0 catchme - ok
11:09:17.0612 0x10f0 [ ACBADAB44C65E96983DBF5633318C355, 3EC0467EAE8B0F724FAB6A3861741A8771FCBC053C88AA04D53351D6D0F1211F ] CAXHWBS3 C:\Windows\system32\DRIVERS\CAXHWBS3.sys
11:09:17.0628 0x10f0 CAXHWBS3 - ok
11:09:17.0628 0x10f0 cbcdhgkv - ok
11:09:17.0644 0x10f0 cbmsfugk - ok
11:09:17.0644 0x10f0 cbypivgj - ok
11:09:17.0659 0x10f0 ccboksii - ok
11:09:17.0659 0x10f0 ccptpisn - ok
11:09:17.0659 0x10f0 ccsbinfw - ok
11:09:17.0675 0x10f0 cctlylmk - ok
11:09:17.0675 0x10f0 ccxkufuk - ok
11:09:17.0722 0x10f0 [ B4D787DB8D30793A4D4DF9FEED18F136, 2A956F7DCFE61E556F30BDA6D45592A05533541D6ED321C251C1C05F6CEA6DDC ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:09:17.0753 0x10f0 cdfs - ok
11:09:17.0784 0x10f0 cdnikbxd - ok
11:09:17.0831 0x10f0 [ C025AA69BE3D0D25C7A2E746EF6F94FC, F4754B23CC256ADF92FDD42A9BA80F1ACB74834A58FCBEA2C52650FAFC7F9483 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:09:17.0862 0x10f0 cdrom - ok
11:09:17.0878 0x10f0 cdtktqnc - ok
11:09:17.0893 0x10f0 cdyfmhvr - ok
11:09:17.0893 0x10f0 cedrglgs - ok
11:09:17.0909 0x10f0 celcliji - ok
11:09:17.0909 0x10f0 cerbephe - ok
11:09:17.0940 0x10f0 [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] CertPropSvc C:\Windows\System32\certprop.dll
11:09:17.0987 0x10f0 CertPropSvc - ok
11:09:17.0987 0x10f0 cevewasc - ok
11:09:18.0002 0x10f0 cfhsfkie - ok
11:09:18.0002 0x10f0 cfiihgti - ok
11:09:18.0018 0x10f0 cftrkfvf - ok
11:09:18.0034 0x10f0 cfwcgwjb - ok
11:09:18.0034 0x10f0 cgbanjaf - ok
11:09:18.0034 0x10f0 cgcsygmj - ok
11:09:18.0049 0x10f0 cgeywbjj - ok
11:09:18.0065 0x10f0 cggurdbm - ok
11:09:18.0065 0x10f0 chhljxao - ok
11:09:18.0065 0x10f0 chkwxzos - ok
11:09:18.0080 0x10f0 chlqenlk - ok
11:09:18.0080 0x10f0 chuchyxb - ok
11:09:18.0096 0x10f0 chwfzfwp - ok
11:09:18.0096 0x10f0 chxxrmsh - ok
11:09:18.0112 0x10f0 chyseiea - ok
11:09:18.0112 0x10f0 cidqhvrp - ok
11:09:18.0127 0x10f0 cifzuaqe - ok
11:09:18.0127 0x10f0 ciodkasc - ok
11:09:18.0143 0x10f0 ciotjdko - ok
11:09:18.0221 0x10f0 [ 02EA568D498BBDD4BA55BF3FCE34D456, 5A418B156CBB48D14E0F6B6AE6E03B8CD97AABE838F260757014479566C63F17 ] circlass C:\Windows\system32\drivers\circlass.sys
11:09:18.0283 0x10f0 circlass - ok
11:09:18.0299 0x10f0 cixhbgdt - ok
11:09:18.0299 0x10f0 cjbgfxda - ok
11:09:18.0299 0x10f0 cjhemwsg - ok
11:09:18.0314 0x10f0 cjsjwhdj - ok
11:09:18.0314 0x10f0 cjsspaop - ok
11:09:18.0330 0x10f0 cjvjynss - ok
11:09:18.0346 0x10f0 cjzbfqcy - ok
11:09:18.0361 0x10f0 cjzxcqar - ok
11:09:18.0361 0x10f0 ckdkzhzw - ok
11:09:18.0377 0x10f0 ckdrggin - ok
11:09:18.0377 0x0d2c Object send P2P result: true
11:09:18.0377 0x0d2c Object required for P2P: [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci
11:09:18.0377 0x10f0 cknikwsm - ok
11:09:18.0392 0x10f0 ckttrkrj - ok
11:09:18.0392 0x10f0 cktyoqxp - ok
11:09:18.0392 0x10f0 ckwpdcun - ok
11:09:18.0408 0x10f0 cldgwckn - ok
11:09:18.0408 0x10f0 clfrmifj - ok
11:09:18.0502 0x10f0 [ 3DCA9A18B204939CFB24BEA53E31EB48, 73CEDE020A6C8269EE8847A4E43071FD231179DA9430DE2983263B8345AD92B7 ] CLFS C:\Windows\system32\CLFS.sys
11:09:18.0533 0x10f0 CLFS - ok
11:09:18.0548 0x10f0 clozkggw - ok
11:09:18.0595 0x10f0 [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:09:18.0611 0x10f0 clr_optimization_v2.0.50727_32 - ok
11:09:18.0829 0x10f0 [ CE07A466201096F021CD09D631B21540, 1A11DDAB7000569A89F3FA26BDEE4D527FA6D57D3F91CDABAA9C02CACDDE5F6D ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:09:18.0845 0x10f0 clr_optimization_v2.0.50727_64 - ok
11:09:18.0985 0x10f0 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:09:19.0001 0x10f0 clr_optimization_v4.0.30319_32 - ok
11:09:19.0157 0x10f0 [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:09:19.0172 0x10f0 clr_optimization_v4.0.30319_64 - ok
11:09:19.0297 0x10f0 [ E5D5499A1C50A54B5161296B6AFE6192, 20A8A0478918063A9EE81565F21F4ACCAA7B6A8B2E9E084099879D85574BAB3E ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:09:19.0313 0x10f0 cmdide - ok
11:09:19.0313 0x10f0 cmoavnhm - ok
11:09:19.0313 0x10f0 cmwdbavm - ok
11:09:19.0328 0x10f0 cmyvuwrn - ok
11:09:19.0328 0x10f0 cnelwjer - ok
11:09:19.0344 0x10f0 cngfjczd - ok
11:09:19.0344 0x10f0 cnktuiow - ok
11:09:19.0344 0x10f0 cnpitchx - ok
11:09:19.0360 0x10f0 cnqyxsca - ok
11:09:19.0360 0x10f0 cnslpldr - ok
11:09:19.0375 0x10f0 cnyfmfxv - ok
11:09:19.0422 0x10f0 cohymzei - ok
11:09:19.0422 0x10f0 cojandpx - ok
11:09:19.0469 0x10f0 [ 7FB8AD01DB0EABE60C8A861531A8F431, E19353C686B07A0DBBA92CFCC88AB9B6BEBAF389416B78F4470BA673E7CD73C3 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
11:09:19.0484 0x10f0 Compbatt - ok
11:09:19.0500 0x10f0 comscrfk - ok
11:09:19.0500 0x10f0 COMSysApp - ok
11:09:19.0516 0x10f0 covzcmsn - ok
11:09:19.0547 0x10f0 coyegumj - ok
11:09:19.0547 0x10f0 cpfqeqin - ok
11:09:19.0547 0x10f0 cpgcgwhl - ok
11:09:19.0562 0x10f0 cpjlufzy - ok
11:09:19.0562 0x10f0 cpleevee - ok
11:09:19.0578 0x10f0 cpshnurd - ok
11:09:19.0578 0x10f0 cptfldkp - ok
11:09:19.0796 0x10f0 cpuz132 - ok
11:09:19.0796 0x10f0 cpzbmojt - ok
11:09:19.0812 0x10f0 cpzpdnue - ok
11:09:19.0812 0x10f0 cqighdfi - ok
11:09:19.0828 0x10f0 cqmhgvsm - ok
11:09:19.0828 0x10f0 cqxtmdlt - ok
11:09:19.0828 0x10f0 craujtrs - ok
11:09:19.0874 0x10f0 [ A8585B6412253803CE8EFCBD6D6DC15C, C3906B080D3BB06CB976FD98C62CBA97DAE74970A5559D51EF5111D773949322 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:09:19.0890 0x10f0 crcdisk - ok
11:09:19.0906 0x10f0 crhhkfmc - ok
11:09:19.0906 0x10f0 crhrwrvq - ok
11:09:19.0921 0x10f0 crmnaecd - ok
11:09:19.0921 0x10f0 crsjhzvd - ok
11:09:19.0937 0x10f0 crvbmypg - ok
11:09:20.0030 0x10f0 [ 5AAC48EAF8EACF247DB44FB61B900D89, D20FCD5C71CA18F284D3DFD0CED37F6888A296E76B7B0563F2F4668CF90FE752 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:09:20.0046 0x10f0 CryptSvc - ok
11:09:20.0062 0x10f0 crzmytzd - ok
11:09:20.0062 0x10f0 cscdnkhs - ok
11:09:20.0062 0x10f0 csdaharw - ok
11:09:20.0077 0x10f0 csenaqal - ok
11:09:20.0077 0x10f0 csfkpcor - ok
11:09:20.0093 0x10f0 csfpjayf - ok
11:09:20.0093 0x10f0 cshhofbj - ok
11:09:20.0108 0x10f0 csjutqru - ok
11:09:20.0108 0x10f0 cskdqplv - ok
11:09:20.0108 0x10f0 cskgbdzf - ok
11:09:20.0124 0x10f0 cspwkqzk - ok
11:09:20.0124 0x10f0 csvudbfs - ok
11:09:20.0140 0x10f0 ctcruwhk - ok
11:09:20.0140 0x10f0 ctjtixit - ok
11:09:20.0140 0x10f0 ctlykang - ok
11:09:20.0155 0x10f0 ctnyfsaw - ok
11:09:20.0155 0x10f0 ctobiukp - ok
11:09:20.0171 0x10f0 ctvyhtyo - ok
11:09:20.0171 0x10f0 ctzwqgpd - ok
11:09:20.0186 0x10f0 cucibjzn - ok
11:09:20.0186 0x10f0 cuglzawt - ok
11:09:20.0186 0x10f0 cuqdgvif - ok
11:09:20.0202 0x10f0 cuyqswjp - ok
11:09:20.0249 0x10f0 cuysjifv - ok
11:09:20.0264 0x10f0 cvirunid - ok
11:09:20.0264 0x10f0 cvmljqoq - ok
11:09:20.0264 0x10f0 cvouwsvu - ok
11:09:20.0280 0x10f0 cvoyojpy - ok
11:09:20.0280 0x10f0 cvrhwcjp - ok
11:09:20.0296 0x10f0 cwjjjrnu - ok
11:09:20.0296 0x10f0 cwzccnpy - ok
11:09:20.0311 0x10f0 cxgignxz - ok
11:09:20.0311 0x10f0 cxjegubj - ok
11:09:20.0327 0x10f0 cxkuayfb - ok
11:09:20.0327 0x10f0 cxnvbxsm - ok
11:09:20.0327 0x10f0 cxwmvovd - ok
11:09:20.0342 0x10f0 cyelsrut - ok
11:09:20.0342 0x10f0 cyelzlbf - ok
11:09:20.0358 0x10f0 cylwmkug - ok
11:09:20.0374 0x10f0 cynibrwt - ok
11:09:20.0374 0x10f0 cytpghkw - ok
11:09:20.0389 0x10f0 cywakmoj - ok
11:09:20.0405 0x10f0 cztkdxlc - ok
11:09:20.0405 0x10f0 czwevclv - ok
11:09:20.0420 0x10f0 dairguft - ok
11:09:20.0420 0x10f0 dalnutqm - ok
11:09:20.0436 0x10f0 daonjmun - ok
11:09:20.0436 0x10f0 dauyorsp - ok
11:09:20.0452 0x10f0 dauytjwv - ok
11:09:20.0452 0x10f0 davxytgm - ok
11:09:20.0452 0x10f0 dbbikocp - ok
11:09:20.0467 0x10f0 dbfyzhyn - ok
11:09:20.0467 0x10f0 dbgukjra - ok
11:09:20.0483 0x10f0 dbgysluh - ok
11:09:20.0483 0x10f0 dbiclijv - ok
11:09:20.0483 0x10f0 dbkaldqv - ok
11:09:20.0498 0x10f0 dbmnelet - ok
11:09:20.0498 0x10f0 dbrhjbfq - ok
11:09:20.0514 0x10f0 dbvmkbrn - ok
11:09:20.0514 0x10f0 dbwmqjos - ok
11:09:20.0530 0x10f0 dbwrwrtj - ok
11:09:20.0530 0x10f0 dbyqkcij - ok
11:09:20.0530 0x10f0 dcaolrta - ok
11:09:20.0545 0x10f0 dcfrdkxk - ok
11:09:20.0545 0x10f0 dckftgyf - ok
11:09:20.0576 0x10f0 dcluysia - ok
11:09:20.0592 0x10f0 dclwmwuf - ok
11:09:20.0592 0x10f0 dcmfbdie - ok
11:09:20.0592 0x10f0 dcnmcesz - ok
11:09:20.0654 0x10f0 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] DcomLaunch C:\Windows\system32\rpcss.dll
11:09:20.0701 0x10f0 DcomLaunch - ok
11:09:20.0717 0x10f0 dcpzhntd - ok
11:09:20.0717 0x10f0 dctjbbpz - ok
11:09:20.0732 0x10f0 dcufakot - ok
11:09:20.0748 0x10f0 ddcfmsaw - ok
11:09:20.0748 0x10f0 ddcpmqnp - ok
11:09:20.0764 0x10f0 dddnhkoz - ok
11:09:20.0764 0x10f0 ddhdvnle - ok
11:09:20.0764 0x10f0 ddixrbsq - ok
11:09:20.0779 0x10f0 ddmgtnot - ok
11:09:20.0779 0x10f0 ddpjvnea - ok
11:09:20.0795 0x10f0 ddpxrkzv - ok
11:09:20.0795 0x10f0 ddvwncum - ok
11:09:20.0795 0x10f0 ddxbdgdh - ok
11:09:20.0810 0x10f0 ddxusosm - ok
11:09:20.0810 0x10f0 debmligp - ok
11:09:20.0826 0x10f0 decjtmrf - ok
11:09:20.0826 0x10f0 declilzf - ok
11:09:20.0842 0x10f0 deevmcnj - ok
11:09:20.0842 0x10f0 deoahkdy - ok
11:09:20.0842 0x10f0 deyhdncv - ok
11:09:20.0857 0x10f0 dfeuhpab - ok
11:09:20.0857 0x10f0 dfpomhul - ok
11:09:20.0873 0x10f0 dfptzamn - ok
11:09:20.0935 0x10f0 [ 8B722BA35205C71E7951CDC4CDBADE19, 39720A60DFD0532F7E1A1976240E9828559BF9E0C6D1CFBF4D911965BFD94158 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:09:20.0951 0x10f0 DfsC - ok
11:09:21.0169 0x10f0 [ C647F468F7DE343DF8C143655C5557D4, E2D35FE49C408B952D8FE0C7EF70D42798229D30B89CEF9858BAC9F4F9E98EF2 ] DFSR C:\Windows\system32\DFSR.exe
11:09:21.0325 0x10f0 DFSR - ok
11:09:21.0341 0x10f0 dfuqpbop - ok
11:09:21.0341 0x10f0 dfxcstiw - ok
11:09:21.0356 0x10f0 dfzjbnuc - ok
11:09:21.0356 0x10f0 dghplmoj - ok
11:09:21.0372 0x10f0 dghqryec - ok
11:09:21.0372 0x10f0 dgohoypy - ok
11:09:21.0388 0x10f0 dgvxexzy - ok
11:09:21.0450 0x10f0 [ 3ED0321127CE70ACDAABBF77E157C2A7, 10973BD0AEF9597A4EA0A4947BDE922F9168F33D6ED97BFFEE6176AADAD78980 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
11:09:21.0528 0x10f0 Dhcp - ok
11:09:21.0528 0x10f0 dhoxzkni - ok
11:09:21.0544 0x10f0 dhrnauda - ok
11:09:21.0575 0x0d2c Object send P2P result: true
11:09:21.0575 0x0d2c Object required for P2P: [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320
11:09:21.0575 0x10f0 [ B0107E40ECDB5FA692EBF832F295D905, 76466BB9E4F12436ECCCB9D89EB20762B4785F82F02591B51A735A590E248264 ] disk C:\Windows\system32\drivers\disk.sys
11:09:21.0622 0x10f0 disk - ok
11:09:21.0622 0x10f0 ditoieer - ok
11:09:21.0637 0x10f0 djahgfpp - ok
11:09:21.0637 0x10f0 djatpigv - ok
11:09:21.0668 0x10f0 djjvhebu - ok
11:09:21.0684 0x10f0 djmoczrl - ok
11:09:21.0684 0x10f0 djqfjhcq - ok
11:09:21.0684 0x10f0 djrgsexo - ok
11:09:21.0700 0x10f0 djsyhcyj - ok
11:09:21.0700 0x10f0 dkahwsvz - ok
11:09:21.0715 0x10f0 dknmqdlm - ok
11:09:21.0715 0x10f0 dkvlcfgh - ok
11:09:21.0731 0x10f0 dlkdussh - ok
11:09:21.0731 0x10f0 dlmrlkjb - ok
11:09:21.0731 0x10f0 dlmrzmjw - ok
11:09:21.0746 0x10f0 dlzivkvw - ok
11:09:21.0746 0x10f0 dmilidhp - ok
11:09:21.0762 0x10f0 dmiumunj - ok
11:09:21.0762 0x10f0 dmlfpmnt - ok
11:09:21.0778 0x10f0 dmnprcso - ok
11:09:21.0778 0x10f0 dmubokla - ok
11:09:21.0778 0x10f0 dmvibfhd - ok
11:09:21.0793 0x10f0 dngznvqq - ok
11:09:21.0871 0x10f0 [ 06230F1B721494A6DF8D47FD395BB1B0, F6CA8270740E01D9CE2FE8E34BC067C7EDC15BA610F461860E1D17D135C8A379 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:09:21.0887 0x10f0 Dnscache - ok
11:09:21.0887 0x10f0 dntfdfqd - ok
11:09:21.0902 0x10f0 dobdkaqx - ok
11:09:21.0902 0x10f0 dobhanom - ok
11:09:21.0918 0x10f0 doeghvwd - ok
11:09:21.0918 0x10f0 doocyjce - ok
11:09:21.0918 0x10f0 dosvwsdw - ok
11:09:21.0965 0x10f0 [ 1A7156DD1E850E9914E5E991E3225B94, 99FF0C7125B01FCB0B92DC44756AE8FAA486F2E7F38DC6204F7EFE5918F8480A ] dot3svc C:\Windows\System32\dot3svc.dll
11:09:22.0074 0x10f0 dot3svc - ok
11:09:22.0074 0x10f0 dovithew - ok
11:09:22.0090 0x10f0 doydjzzy - ok
11:09:22.0090 0x10f0 dpaapelp - ok
11:09:22.0105 0x10f0 dpfxoaiz - ok
11:09:22.0105 0x10f0 dphqifqm - ok
11:09:22.0168 0x10f0 [ 1583B39790DB3EAEC7EDB0CB0140C708, F94F9AE7054A38602CD25D4E10FE7C7B574BD9ED8440C3FDAA7275A1D1E663E7 ] DPS C:\Windows\system32\dps.dll
11:09:22.0199 0x10f0 DPS - ok
11:09:22.0214 0x10f0 dpzdbcup - ok
11:09:22.0214 0x10f0 dqlswqwx - ok
11:09:22.0230 0x10f0 dqphksbj - ok
11:09:22.0230 0x10f0 dqylxcka - ok
11:09:22.0246 0x10f0 draoehli - ok
11:09:22.0261 0x10f0 drfeusov - ok
11:09:22.0261 0x10f0 drfwoclx - ok
11:09:22.0277 0x10f0 drgfcuck - ok
11:09:22.0277 0x10f0 drjhqgnk - ok
11:09:22.0324 0x10f0 [ F1A78A98CFC2EE02144C6BEC945447E6, D2E2AA13BE6319F967002476A5D3CF09B1B44350576DD8E1C1C531854F53B488 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:09:22.0339 0x10f0 drmkaud - ok
11:09:22.0355 0x10f0 dsbjsnid - ok
11:09:22.0355 0x10f0 dsdzyovv - ok
11:09:22.0370 0x10f0 dsjlynxq - ok
11:09:22.0370 0x10f0 dsmenwkn - ok
11:09:22.0370 0x10f0 dszlhsan - ok
11:09:22.0386 0x10f0 dthkdgto - ok
11:09:22.0386 0x10f0 dtmhgede - ok
11:09:22.0402 0x10f0 dtsbczsi - ok
11:09:22.0402 0x10f0 dufwjylf - ok
11:09:22.0417 0x10f0 dugmksgv - ok
11:09:22.0417 0x10f0 dugtitcd - ok
11:09:22.0417 0x10f0 duhjhdkc - ok
11:09:22.0433 0x10f0 dupiuuiz - ok
11:09:22.0433 0x10f0 duqtxnwv - ok
11:09:22.0448 0x10f0 dvbkwrrz - ok
11:09:22.0448 0x10f0 dvikalhn - ok
11:09:22.0448 0x10f0 dvrcfews - ok
11:09:22.0464 0x10f0 dvwxiirc - ok
11:09:22.0464 0x10f0 dwemodoo - ok
11:09:22.0480 0x10f0 dwfopklp - ok
11:09:22.0480 0x10f0 dwhhjrzh - ok
11:09:22.0480 0x10f0 dwjwogar - ok
11:09:22.0495 0x10f0 dwlkstlu - ok
11:09:22.0573 0x10f0 [ 0A3C78677FF62E9E0AE7CC25C790A968, 6A2D81BC3715FD4960D2C853870C056C5BFE581B25C4592CBF65EAC044DFEAB3 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:09:22.0604 0x10f0 DXGKrnl - ok
11:09:22.0620 0x10f0 dyfmruus - ok
11:09:22.0620 0x10f0 dyqmeeaa - ok
11:09:22.0636 0x10f0 dyywtbaf - ok
11:09:22.0636 0x10f0 dzcmgutk - ok
11:09:22.0651 0x10f0 dzijhkci - ok
11:09:22.0651 0x10f0 dzpkacet - ok
11:09:22.0698 0x10f0 dzuijpvq - ok
11:09:22.0714 0x10f0 dzxkiayh - ok
11:09:22.0823 0x10f0 [ 264CEE7B031A9D6C827F3D0CB031F2FE, 50CAD28A73D29E7E04A45330146CF713BA17101215955009121E36D43CD5C536 ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
11:09:22.0854 0x10f0 E1G60 - ok
11:09:22.0870 0x10f0 eaaoazar - ok
11:09:22.0870 0x10f0 eadfkbkd - ok
11:09:22.0885 0x10f0 EagleX64 - ok
11:09:22.0885 0x10f0 eaoqrvzq - ok
11:09:22.0932 0x10f0 [ C2303883FD9BE49DC36A6400643002EA, F062D1D6D503CF5195BDE8C1DC75B541F559CB8175ADABCDB7690E9F1CA3EA4E ] EapHost C:\Windows\System32\eapsvc.dll
11:09:22.0994 0x10f0 EapHost - ok
11:09:22.0994 0x10f0 eatfcdzf - ok
11:09:23.0010 0x10f0 eayuckhv - ok
11:09:23.0010 0x10f0 ebcgrzcr - ok
11:09:23.0026 0x10f0 ebiqsjcw - ok
11:09:23.0026 0x10f0 ebkkhwyl - ok
11:09:23.0026 0x10f0 ebldktwn - ok
11:09:23.0041 0x10f0 ebnhciqj - ok
11:09:23.0041 0x10f0 ebxlhpzc - ok
11:09:23.0104 0x10f0 [ 5F94962BE5A62DB6E447FF6470C4F48A, D00F9B3315DE8610BBE93FFD3CA3E2CF5B10697C518FC25FA4274CC6894D022B ] Ecache C:\Windows\system32\drivers\ecache.sys
11:09:23.0119 0x10f0 Ecache - ok
11:09:23.0135 0x10f0 ecbzizpv - ok
11:09:23.0135 0x10f0 eccdvzoo - ok
11:09:23.0150 0x10f0 ecgjruyh - ok
11:09:23.0150 0x10f0 ecljnacv - ok
11:09:23.0150 0x10f0 ecnrmwlm - ok
11:09:23.0166 0x10f0 ecsbtbwm - ok
11:09:23.0166 0x10f0 ectdjcai - ok
11:09:23.0197 0x10f0 ecthxtxy - ok
11:09:23.0197 0x10f0 edcqjfhr - ok
11:09:23.0213 0x10f0 edhusxhv - ok
11:09:23.0213 0x10f0 edosjinc - ok
11:09:23.0228 0x10f0 edsqzdai - ok
11:09:23.0228 0x10f0 edwgluxa - ok
11:09:23.0228 0x10f0 eedgqykx - ok
11:09:23.0244 0x10f0 eehfqqmh - ok
11:09:23.0244 0x10f0 eezqkrmf - ok
11:09:23.0260 0x10f0 efkxvtgk - ok
11:09:23.0260 0x10f0 eflmydps - ok
11:09:23.0275 0x10f0 efrgspth - ok
11:09:23.0275 0x10f0 eftzkakq - ok
11:09:23.0306 0x10f0 egdezkzs - ok
11:09:23.0306 0x10f0 egdgbdys - ok
11:09:23.0322 0x10f0 eglvqmit - ok
11:09:23.0322 0x10f0 egtocauk - ok
11:09:23.0322 0x10f0 egyfgzzz - ok
11:09:23.0338 0x10f0 ehgaoqaw - ok
11:09:23.0338 0x10f0 ehhwqeug - ok
11:09:23.0353 0x10f0 ehjwgkpn - ok
11:09:23.0353 0x10f0 ehlxeouu - ok
11:09:23.0353 0x10f0 ehmyleqg - ok
11:09:23.0416 0x10f0 [ 14CE384D2E27B64C256BDA4DC39C312D, D5FA9C2BB162F1C22E419D33671B8202AAC245A87F6B183B97F83F5BFA165B41 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:09:23.0462 0x10f0 ehRecvr - ok
11:09:23.0478 0x10f0 [ B93159C1313D66FDFBBE876F5189CD52, 51E39160EA56F6B08449267EDF2A0F604612663768D2348DE23554AB07BDBB62 ] ehSched C:\Windows\ehome\ehsched.exe
11:09:23.0494 0x10f0 ehSched - ok
11:09:23.0540 0x10f0 [ F5EE2527D74449868E3C3227A59BCD28, 11640E97EE9D8F9A5DC3FEA6BA7A737AA796A7235C7F5C7EF1ABFB51C9D730D3 ] ehstart C:\Windows\ehome\ehstart.dll
11:09:23.0556 0x10f0 ehstart - ok
11:09:23.0572 0x10f0 eiutgmkc - ok
11:09:23.0572 0x10f0 eiwvpqqd - ok
11:09:23.0587 0x10f0 eizutpte - ok
11:09:23.0587 0x10f0 ejibddck - ok
11:09:23.0587 0x10f0 ejpowano - ok
11:09:23.0603 0x10f0 ekeygjri - ok
11:09:23.0603 0x10f0 ekfxppjn - ok
11:09:23.0618 0x10f0 ekkwmkzc - ok
11:09:23.0618 0x10f0 ekldcicy - ok
11:09:23.0634 0x10f0 eldpilrl - ok
11:09:23.0634 0x10f0 elghgene - ok
11:09:23.0634 0x10f0 eljnfebh - ok
11:09:23.0650 0x10f0 elqductc - ok
11:09:23.0650 0x10f0 elwoougu - ok
11:09:23.0665 0x10f0 elwyujwg - ok
11:09:23.0728 0x10f0 [ C4636D6E10469404AB5308D9FD45ED07, 367D958D19F672395462206F27C1E138386C2F37B0FA77546F4217CF16D05C84 ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:09:23.0759 0x10f0 elxstor - ok
11:09:23.0821 0x10f0 [ A9B18B63A4FD6BAAB83326706D857FAB, 7721CC67C0F8CE3060D0EB35A10E4ADC1E3CB470C0797B17D606060C270F96D7 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
11:09:23.0852 0x10f0 EMDMgmt - ok
11:09:23.0899 0x10f0 emdnfajd - ok
11:09:23.0915 0x10f0 emkovjzg - ok
11:09:23.0915 0x10f0 emoxzksr - ok
11:09:23.0930 0x10f0 enehfdkp - ok
11:09:23.0930 0x10f0 ensuxwpt - ok
11:09:23.0930 0x10f0 entsiucg - ok
11:09:23.0946 0x10f0 enyumixv - ok
11:09:23.0977 0x10f0 eoebjfsm - ok
11:09:23.0993 0x10f0 eoepzasu - ok
11:09:23.0993 0x10f0 eofmnflc - ok
11:09:24.0008 0x10f0 eonwcbje - ok
11:09:24.0008 0x10f0 eooqmvnt - ok
11:09:24.0008 0x10f0 eooyvstq - ok
11:09:24.0024 0x10f0 eoselnoq - ok
11:09:24.0024 0x10f0 epaknpso - ok
11:09:24.0040 0x10f0 epqetrvd - ok
11:09:24.0040 0x10f0 epxejdxo - ok
11:09:24.0040 0x10f0 epzbnhpe - ok
11:09:24.0055 0x10f0 eqfcqlpz - ok
11:09:24.0055 0x10f0 eqgildpv - ok
11:09:24.0071 0x10f0 eqiiqrpx - ok
11:09:24.0071 0x10f0 eqjtymsn - ok
11:09:24.0086 0x10f0 eqntdmqz - ok
11:09:24.0086 0x10f0 eqoexjua - ok
11:09:24.0086 0x10f0 eqrhahtt - ok
11:09:24.0102 0x10f0 eqrvtklj - ok
11:09:24.0102 0x10f0 eqtlwytd - ok
11:09:24.0118 0x10f0 eqwigvqw - ok
11:09:24.0118 0x10f0 eraitjbc - ok
11:09:24.0133 0x10f0 erdhqtic - ok
11:09:24.0133 0x10f0 ericmpte - ok
11:09:24.0133 0x10f0 erljlxaz - ok
11:09:24.0149 0x10f0 ermjkmgt - ok
11:09:24.0196 0x10f0 [ BC3A58E938BB277E46BF4B3003B01ABD, 2BB054E632A96951DAB25B3BE8541AEC1B97A7739FC8D0E34BE8B9295600C8FC ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:09:24.0242 0x10f0 ErrDev - ok
11:09:24.0242 0x10f0 erujecug - ok
11:09:24.0258 0x10f0 eskmeebb - ok
11:09:24.0258 0x10f0 esnnkzaz - ok
11:09:24.0274 0x10f0 esrlqael - ok
11:09:24.0274 0x10f0 estbupjz - ok
11:09:24.0274 0x10f0 esyywzfq - ok
11:09:24.0289 0x10f0 etecpobn - ok
11:09:24.0289 0x10f0 eticrjgy - ok
11:09:24.0305 0x10f0 etkwcuzm - ok
11:09:24.0305 0x10f0 etvbakcr - ok
11:09:24.0320 0x10f0 euhnmplh - ok
11:09:24.0320 0x10f0 eujvfxmp - ok
11:09:24.0336 0x10f0 eunrshzd - ok
11:09:24.0336 0x10f0 euuzkbhc - ok
11:09:24.0352 0x10f0 euznwgmd - ok
11:09:24.0352 0x10f0 evcxpuut - ok
11:09:24.0445 0x10f0 [ E12F22B73F153DECE721CD45EC05B4AF, 41887EEF4BB024329B4079AD50FC5FB705F0EB8BAF6C93A8242DC2A73D3AFD86 ] EventSystem C:\Windows\system32\es.dll
11:09:24.0476 0x10f0 EventSystem - ok
11:09:24.0476 0x10f0 evijtapc - ok
11:09:24.0492 0x10f0 ewcphitz - ok
11:09:24.0492 0x10f0 ewrxjntr - ok
11:09:24.0508 0x10f0 ewvbhwme - ok
11:09:24.0508 0x10f0 ewvqpyjg - ok
11:09:24.0554 0x10f0 [ 486844F47B6636044A42454614ED4523, 3E24E78584B199C0FAA59613EEB7DF67B3B878B277A0130C7A3FF608C130BA2F ] exfat C:\Windows\system32\drivers\exfat.sys
11:09:24.0601 0x10f0 exfat - ok
11:09:24.0601 0x10f0 exoqbicn - ok
11:09:24.0617 0x10f0 exynlxfd - ok
11:09:24.0617 0x10f0 eyinpkru - ok
11:09:24.0617 0x10f0 eyjfhijr - ok
11:09:24.0632 0x10f0 eyjrxehv - ok
11:09:24.0632 0x10f0 eylckuep - ok
11:09:24.0648 0x10f0 eyqzynpt - ok
11:09:24.0648 0x10f0 eythctap - ok
11:09:24.0664 0x10f0 ezissthu - ok
11:09:24.0664 0x10f0 ezkxdfbw - ok
11:09:24.0664 0x10f0 eznfqoqt - ok
11:09:24.0679 0x10f0 eztbktqw - ok
11:09:24.0710 0x10f0 ezxgcdnd - ok
11:09:24.0710 0x10f0 fadsktad - ok
11:09:24.0726 0x10f0 fafmemvm - ok
11:09:24.0726 0x10f0 fajuhcka - ok
11:09:24.0726 0x10f0 fakatdhf - ok
11:09:24.0742 0x10f0 faoavkmf - ok
11:09:24.0773 0x10f0 [ 1A4BEE34277784619DDAF0422C0C6E23, 3223E1B5DD4866D8E09F1B465FF82C911DDEE5B01B084543086E47B11D2AEA77 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:09:24.0835 0x10f0 fastfat - ok
11:09:24.0835 0x10f0 fawgrqwd - ok
11:09:24.0851 0x10f0 fbcjphhm - ok
11:09:24.0851 0x10f0 fbgdgesq - ok
11:09:24.0866 0x10f0 fbqulzpu - ok
11:09:24.0866 0x10f0 fbrmviki - ok
11:09:24.0866 0x10f0 fbvcridf - ok
11:09:24.0882 0x10f0 fbvvwgnb - ok
11:09:24.0898 0x10f0 fbwhtfuc - ok
11:09:24.0913 0x10f0 fcdbxpiu - ok
11:09:24.0913 0x10f0 fcfdrfly - ok
11:09:24.0929 0x10f0 fcfmqjju - ok
11:09:24.0929 0x10f0 fchkvtdu - ok
11:09:24.0944 0x10f0 fcixuubo - ok
11:09:24.0944 0x10f0 fcljiwwn - ok
11:09:24.0944 0x10f0 fcxuycwj - ok
11:09:25.0022 0x10f0 [ 81B79B6DF71FA1D2C6D688D830616E39, 62F8BC0DB918A49B10A5BE1724A2E2F17FA7D8208D5D86822FACB2DCD97B3591 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:09:25.0054 0x10f0 fdc - ok
11:09:25.0069 0x10f0 fdflbfrr - ok
11:09:25.0069 0x10f0 fdoyacfv - ok
11:09:25.0132 0x10f0 [ BB9267ACACD8B7533DD936C34A0CBA5E, 32DE6E10ABA540D62F0D8AE30DE8769D7BF29E547838BEBE67C04183CC0B32C7 ] fdPHost C:\Windows\system32\fdPHost.dll
11:09:25.0178 0x10f0 fdPHost - ok
11:09:25.0210 0x10f0 [ 300C80931EABBE1DB7591C516EFE8D0F, F031DA96B06B6FA8E0AD56D5E10E5A5882765C3FF258A4DE06A47EC34829FF04 ] FDResPub C:\Windows\system32\fdrespub.dll
11:09:25.0272 0x10f0 FDResPub - ok
11:09:25.0272 0x10f0 fdxoeesl - ok
11:09:25.0272 0x10f0 febylxdj - ok
11:09:25.0288 0x10f0 feczrkjr - ok
11:09:25.0288 0x10f0 fegblocg - ok
11:09:25.0303 0x10f0 fehjuqxb - ok
11:09:25.0303 0x10f0 felmbjht - ok
11:09:25.0319 0x10f0 feqiovog - ok
11:09:25.0319 0x10f0 fexzbvzn - ok
11:09:25.0319 0x10f0 ffbltsyw - ok
11:09:25.0334 0x10f0 ffsnvifg - ok
11:09:25.0334 0x10f0 fgqvmdoj - ok
11:09:25.0350 0x10f0 fhetgean - ok
11:09:25.0350 0x10f0 fhilesbz - ok
11:09:25.0366 0x10f0 fhlkjsba - ok
11:09:25.0366 0x10f0 fhpbnwev - ok
11:09:25.0366 0x10f0 fhqifint - ok
11:09:25.0381 0x10f0 fhtsadkp - ok
11:09:25.0381 0x10f0 fhubfcud - ok
11:09:25.0397 0x10f0 fiebtesu - ok
11:09:25.0397 0x10f0 fieileyv - ok
11:09:25.0412 0x10f0 fijoqxpx - ok
11:09:25.0428 0x10f0 [ 457B7D1D533E4BD62A99AED9C7BB4C59, 3933907DE163F8D3A81ED25169B693D723296C437C7C990BFE9DEFD60F7635FD ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:09:25.0444 0x10f0 FileInfo - ok
11:09:25.0490 0x10f0 [ D421327FD6EFCCAF884A54C58E1B0D7F, C2F3B72EA36BA8B74A30E128C088307CA768FDBE232BFA216CD78B0F9B7AF18A ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:09:25.0553 0x10f0 Filetrace - ok
11:09:25.0553 0x10f0 fiqbubku - ok
11:09:25.0568 0x10f0 firocczj - ok
11:09:25.0568 0x10f0 fivdiiod - ok
11:09:25.0584 0x10f0 fjjkdozx - ok
11:09:25.0584 0x10f0 fjjxudbv - ok
11:09:25.0600 0x10f0 fjlttyll - ok
11:09:25.0600 0x10f0 fjopnxbe - ok
11:09:25.0631 0x10f0 fjsspzuv - ok
11:09:25.0646 0x10f0 fjwjuwqw - ok
11:09:25.0646 0x10f0 fkaczhnt - ok
11:09:25.0662 0x10f0 fkjldjan - ok
11:09:25.0662 0x10f0 fkpzvfmr - ok
11:09:25.0678 0x10f0 fktmnfxl - ok
11:09:25.0678 0x10f0 fkwctjot - ok
11:09:25.0693 0x10f0 fkxsafel - ok
11:09:25.0693 0x10f0 fkyvppli - ok
11:09:25.0693 0x10f0 fkyyjmgv - ok
11:09:25.0709 0x10f0 flfivfjf - ok
11:09:25.0709 0x10f0 flgihgdp - ok
11:09:25.0724 0x10f0 flhaheqi - ok
11:09:25.0787 0x10f0 [ 230923EA2B80F79B0F88D90F87B87EBD, 1F3287970FEC73011F3B675C447BF0CA35416490D4740C6960595B091181059C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:09:25.0818 0x10f0 flpydisk - ok
11:09:25.0880 0x10f0 [ E3041BC26D6930D61F42AEDB79C91720, 3556C033BB78445EC8B2F98A82455914764AFC70CBFF634DDBD3539885A1E457 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:09:25.0912 0x10f0 FltMgr - ok
11:09:25.0912 0x10f0 fmbeufkh - ok
11:09:25.0927 0x10f0 fmkkaeew - ok
11:09:25.0927 0x10f0 fmqsnxrk - ok
11:09:25.0943 0x10f0 fmswlqhk - ok
11:09:25.0990 0x10f0 fmxzmrdj - ok
11:09:25.0990 0x10f0 fnmjdpir - ok
11:09:25.0990 0x10f0 fnoosuuo - ok
11:09:26.0005 0x10f0 fnusgsps - ok
11:09:26.0005 0x10f0 fnxzqrsj - ok
11:09:26.0114 0x10f0 [ F937F278E44138C0386FA1DE69B1F72B, 49180522CCCB5377B5B3A7EF8B9697FBE19A1E5D84BC282D24C39B3D52698851 ] FontCache C:\Windows\system32\FntCache.dll
11:09:26.0177 0x10f0 FontCache - ok
11:09:26.0270 0x10f0 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E, B21CA5F14BDB6CFD97A24C28BB2AD0D704C46058F13B01FF4203514FE8B92591 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:09:26.0286 0x10f0 FontCache3.0.0.0 - ok
11:09:26.0302 0x10f0 foojfmnd - ok
11:09:26.0302 0x10f0 foxiljat - ok
11:09:26.0317 0x10f0 fpcvtjlo - ok
11:09:26.0317 0x10f0 fpfalykm - ok
11:09:26.0317 0x10f0 fpiljrwp - ok
11:09:26.0333 0x10f0 fplnqatw - ok
11:09:26.0333 0x10f0 fqayixpt - ok
11:09:26.0348 0x10f0 fqhbgmdr - ok
11:09:26.0364 0x10f0 fqjrifxn - ok
11:09:26.0364 0x10f0 fqvgakkd - ok
11:09:26.0380 0x10f0 fqwahadp - ok
11:09:26.0380 0x10f0 fqwlziln - ok
11:09:26.0395 0x10f0 frijqmms - ok
11:09:26.0395 0x10f0 frkaosna - ok
11:09:26.0411 0x10f0 frnqihoq - ok
11:09:26.0411 0x10f0 frrcnarr - ok
11:09:26.0426 0x10f0 frtotump - ok
11:09:26.0426 0x10f0 fruvqgwu - ok
11:09:26.0442 0x10f0 fsfbrkyx - ok
11:09:26.0442 0x10f0 fsjlxobh - ok
11:09:26.0458 0x10f0 fsnrdpxi - ok
11:09:26.0629 0x10f0 [ 07DA62C960DDCCC2D35836AEAB4FC578, C67A29E928AF59BF7FB573FAC2176C5598F595406AA90DDB4A364A15BC89A6C4 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
11:09:26.0645 0x10f0 fssfltr - ok
11:09:27.0316 0x10f0 [ 28DDEEEC44E988657B732CF404D504CB, 47F83018E5449CDCED3DD447991788EBAAC92C418D4513FBA9408C45E9AB8E7E ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
11:09:27.0456 0x10f0 fsssvc - ok
11:09:27.0456 0x10f0 fszxecgb - ok
11:09:27.0534 0x10f0 [ 5779B86CD8B32519FBECB136394D946A, 68A395CD2287D22CB5C8CFE5A3006A61AC0C3FDAADF166C93240FF83C0315DCF ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:09:27.0550 0x10f0 Fs_Rec - ok
11:09:27.0550 0x10f0 fthtjzyk - ok
11:09:27.0565 0x10f0 ftlupgrt - ok
11:09:27.0565 0x10f0 ftmerdxn - ok
11:09:27.0581 0x10f0 fueegzyg - ok
11:09:27.0581 0x10f0 fujgdhdw - ok
11:09:27.0596 0x10f0 fumsaexk - ok
11:09:27.0659 0x10f0 fupdgpdd - ok
11:09:27.0674 0x10f0 fusyahil - ok
11:09:27.0674 0x10f0 futgxqrw - ok
11:09:27.0690 0x10f0 fuwmmwmr - ok
11:09:27.0690 0x10f0 fuxglngk - ok
11:09:27.0706 0x10f0 fuzvojlq - ok
11:09:27.0706 0x10f0 fvbafsyl - ok
11:09:27.0706 0x10f0 fvedeagv - ok
11:09:27.0721 0x10f0 fvksecdj - ok
11:09:27.0737 0x10f0 fvlyilla - ok
11:09:27.0830 0x10f0 fvpajvxr - ok
11:09:27.0846 0x10f0 fvsssdul - ok
11:09:27.0862 0x10f0 fvvtjgxy - ok
11:09:27.0862 0x10f0 fwcraynb - ok
11:09:27.0877 0x10f0 fwenljbc - ok
11:09:27.0893 0x10f0 fwkkzqpx - ok
11:09:27.0893 0x10f0 fwknlzyw - ok
11:09:27.0908 0x10f0 fxbwrwul - ok
11:09:27.0908 0x10f0 fxkjaitr - ok
11:09:27.0924 0x10f0 fxppnhyn - ok
11:09:27.0924 0x10f0 fxpwwqfg - ok
11:09:27.0924 0x10f0 fxqolcba - ok
11:09:27.0940 0x10f0 fyheklvb - ok
11:09:27.0940 0x10f0 fymfnfwk - ok
11:09:27.0955 0x10f0 fypretax - ok
11:09:27.0955 0x10f0 fyqqqgrp - ok
11:09:27.0971 0x10f0 fywgrxqf - ok
11:09:27.0971 0x10f0 fyzaytxc - ok
11:09:27.0971 0x10f0 fzfxceae - ok
11:09:27.0986 0x10f0 fzkjdvav - ok
11:09:28.0002 0x10f0 fzmsdrxd - ok
11:09:28.0002 0x10f0 fzvvqjiq - ok
11:09:28.0018 0x10f0 gacdklwc - ok
11:09:28.0033 0x10f0 gafefsvj - ok
11:09:28.0096 0x10f0 [ C8E416668D3DC2BE3D4FE4C79224997F, 7DBC8E7687179A649638F606C9584F2E8EC2065762997CDF151F9BB99FA8D535 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:09:28.0642 0x10f0 gagp30kx - ok

Link to comment
Share on other sites

I don't know if the machine can handle this or not but, I'd like to see if it can do an online scan.

 

I think I see driver names and files with no information to be had ...

 

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.

Most reliable and thorough.

The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.

This scanner can take quite a bit of time to run, depending of course how full your computer is.

 

 

GzlsbnV.pngESET Online Scan

Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme.
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points.
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
======================================================
Link to comment
Share on other sites

Eset scan log:

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll.vir Win32/Toolbar.Babylon potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe.vir a variant of Win32/Toolbar.Babylon.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll.vir Win32/Toolbar.Babylon potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll.vir Win32/Toolbar.Babylon potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exe.vir a variant of Win32/SpeedingUpMyPC application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PC Speed Maximizer\SPMSmartScan.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\YontooIEClient.dll.vir a variant of Win32/Adware.Yontoo.A application
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\Downloads\Software\iLividSetup.exe Win32/Toolbar.SearchSuite potentially unwanted application
C:\FRST\Quarantine\C\Users\Default.Default-PC\AppData\Local\Temp\notepad.exe.xBAD multiple threats
C:\FRST\Quarantine\C\Users\Default.Default-PC\AppData\Local\{75F4020C-E2D7-4E46-8FBA-CE678BC38C6C}\{10DFCA9E-EFBA-4C73-B7DA-0C827B882010}\gponnpakpi.dll.xBAD Win32/TrojanDownloader.Tracur.V trojan
C:\Program Files (x86)\Steam\steamapps\downloading\211880\binaries\Win32\BulletRun.exe a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\Default.Default-PC\AppData\Local\Google\Chrome\User Data\Default\Users\hccefjdldjkfhankjlhkmlmdcillbeab\cs.js Win32/TrojanDownloader.Tracur.V trojan
C:\Users\Default.Default-PC\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com\components\xpcomponent.dll a variant of Win32/Adware.Gamevance.CZ potentially unwanted application
C:\Users\Default.Default-PC\Downloads\ccsetup320pro (1).exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Users\Default.Default-PC\Downloads\ccsetup320pro.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Users\Default.Default-PC\Downloads\PageRageSetupAff.exe multiple threats
C:\Users\Default.Default-PC\Downloads\palisades-guardian.exe a variant of Win32/InstallCore.Q potentially unwanted application
C:\Windows\System32\Adobe\Shockwave 11\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

Link to comment
Share on other sites

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

start

CloseProcesses:

C:\Program Files (x86)\Steam\steamapps\downloading\211880\binaries\Win32\BulletRun.exe

C:\Users\Default.Default-PC\AppData\Local\Google\Chrome\User Data\Default\Users\hccefjdldjkfhankjlhkmlmdcillbeab\cs.js

C:\Users\Default.Default-PC\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com\components\xpcomponent.dll

C:\Users\Default.Default-PC\Downloads\ccsetup320pro (1).exe

C:\Users\Default.Default-PC\Downloads\ccsetup320pro.exe

C:\Users\Default.Default-PC\Downloads\PageRageSetupAff.exe

C:\Users\Default.Default-PC\Downloads\palisades-guardian.exe

C:\Windows\System32\Adobe\Shockwave 11\gt.exe

C:\Windows\System32\Adobe\Shockwave 12\gt.exe

C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe

C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe

S1 aauzykor; \??\C:\Windows\system32\drivers\aauzykor.sys [X]

C:\Windows\system32\drivers\aauzykor.sys

2015-02-11 05:34 - 2013-04-16 14:37 - 00000000 ____D () C:\Users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus

2015-02-11 03:29 - 2013-11-11 14:47 - 00000000 ____D () C:\Users\Default.Default-PC\AppData\Local\M2Zz5MURIo

2013-11-11 14:54 - 2013-11-11 14:54 - 0300544 _____ () C:\Users\Default.Default-PC\AppData\Roaming\7dmDTxVfj

2013-11-12 10:20 - 2013-11-12 10:20 - 0299520 _____ () C:\Users\Default.Default-PC\AppData\Roaming\cY5mr8tJrBn

2013-11-11 14:47 - 2013-11-11 14:47 - 0299520 _____ () C:\Users\Default.Default-PC\AppData\Roaming\gSJZFIfpv

2013-11-11 14:59 - 2013-11-11 14:59 - 0300544 _____ () C:\Users\Default.Default-PC\AppData\Roaming\Ju6KByzi

CMD: ipconfig /flushdns

CMD: netsh winsock reset all

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

EmptyTemp:

Hosts:

End

Open FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

~~~~~~~~~~~~~~~~~~~`

 

Please download RogueKiller and save it to your desktop.

 

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Download RogueKiller to your desktop.
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.
Link to comment
Share on other sites

FRST scan log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 02
Ran by Default at 2015-02-13 03:43:28 Run:2
Running from C:\Users\Default.Default-PC\Desktop
Loaded Profiles: Default (Available profiles: Default)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\Program Files (x86)\Steam\steamapps\downloading\211880\binaries\Win32\BulletRun.exe
C:\Users\Default.Default-PC\AppData\Local\Google\Chrome\User Data\Default\Users\hccefjdldjkfhankjlhkmlmdcillbeab\cs.js
C:\Users\Default.Default-PC\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com\components\xpcomponent.dll
C:\Users\Default.Default-PC\Downloads\ccsetup320pro (1).exe
C:\Users\Default.Default-PC\Downloads\ccsetup320pro.exe
C:\Users\Default.Default-PC\Downloads\PageRageSetupAff.exe
C:\Users\Default.Default-PC\Downloads\palisades-guardian.exe
C:\Windows\System32\Adobe\Shockwave 11\gt.exe
C:\Windows\System32\Adobe\Shockwave 12\gt.exe
C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe
S1 aauzykor; \??\C:\Windows\system32\drivers\aauzykor.sys [X]
C:\Windows\system32\drivers\aauzykor.sys
2015-02-11 05:34 - 2013-04-16 14:37 - 00000000 ____D () C:\Users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus
2015-02-11 03:29 - 2013-11-11 14:47 - 00000000 ____D () C:\Users\Default.Default-PC\AppData\Local\M2Zz5MURIo
2013-11-11 14:54 - 2013-11-11 14:54 - 0300544 _____ () C:\Users\Default.Default-PC\AppData\Roaming\7dmDTxVfj
2013-11-12 10:20 - 2013-11-12 10:20 - 0299520 _____ () C:\Users\Default.Default-PC\AppData\Roaming\cY5mr8tJrBn
2013-11-11 14:47 - 2013-11-11 14:47 - 0299520 _____ () C:\Users\Default.Default-PC\AppData\Roaming\gSJZFIfpv
2013-11-11 14:59 - 2013-11-11 14:59 - 0300544 _____ () C:\Users\Default.Default-PC\AppData\Roaming\Ju6KByzi
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
Hosts:
End

*****************

Processes closed successfully.
C:\Program Files (x86)\Steam\steamapps\downloading\211880\binaries\Win32\BulletRun.exe => Moved successfully.
C:\Users\Default.Default-PC\AppData\Local\Google\Chrome\User Data\Default\Users\hccefjdldjkfhankjlhkmlmdcillbeab\cs.js => Moved successfully.
C:\Users\Default.Default-PC\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com\components\xpcomponent.dll => Moved successfully.
C:\Users\Default.Default-PC\Downloads\ccsetup320pro (1).exe => Moved successfully.
C:\Users\Default.Default-PC\Downloads\ccsetup320pro.exe => Moved successfully.
C:\Users\Default.Default-PC\Downloads\PageRageSetupAff.exe => Moved successfully.
C:\Users\Default.Default-PC\Downloads\palisades-guardian.exe => Moved successfully.
"C:\Windows\System32\Adobe\Shockwave 11\gt.exe" => File/Directory not found.
"C:\Windows\System32\Adobe\Shockwave 12\gt.exe" => File/Directory not found.
C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe => Moved successfully.
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe => Moved successfully.
aauzykor => Service deleted successfully.
"C:\Windows\system32\drivers\aauzykor.sys" => File/Directory not found.
C:\Users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus => Moved successfully.
C:\Users\Default.Default-PC\AppData\Local\M2Zz5MURIo => Moved successfully.
"C:\Users\Default.Default-PC\AppData\Roaming\7dmDTxVfj" => File/Directory not found.
"C:\Users\Default.Default-PC\AppData\Roaming\cY5mr8tJrBn" => File/Directory not found.
"C:\Users\Default.Default-PC\AppData\Roaming\gSJZFIfpv" => File/Directory not found.
"C:\Users\Default.Default-PC\AppData\Roaming\Ju6KByzi" => File/Directory not found.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh winsock reset all =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ipv4 reset =========

Reseting Echo Request, failed.
Access is denied.

Reseting Interface, OK!
A reboot is required to complete this action.

========= End of CMD: =========

========= netsh int ipv6 reset =========

Reseting Echo Request, OK!
A reboot is required to complete this action.

========= End of CMD: =========

"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 382 MB temporary data.

The system needed a reboot.

==== End of Fixlog 03:45:07 ====

 

 

ROGUEKILLER scan log:

 

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Default [Administrator]
Mode : Scan -- Date : 02/13/2015 04:02:14

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 29 ¤¤¤
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4263378259-964094001-1927029533-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4263378259-964094001-1927029533-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-4263378259-964094001-1927029533-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-4263378259-964094001-1927029533-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 [uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 [uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 [uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3A8F66D5-F45C-4E24-868B-CF81FABE01C1} | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 [uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3A8F66D5-F45C-4E24-868B-CF81FABE01C1} | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 [uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3A8F66D5-F45C-4E24-868B-CF81FABE01C1} | DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11 [uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)] -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4263378259-964094001-1927029533-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4263378259-964094001-1927029533-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4263378259-964094001-1927029533-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6b30EE} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4263378259-964094001-1927029533-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6b30EE} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4263378259-964094001-1927029533-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6b30EE} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4263378259-964094001-1927029533-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6b30EE} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 4022022e0e1dbda7e682e78ec22d07d6
[bSP] 309fdfd200901d3359dd1e035123a213 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 463853 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 949971645 | Size: 13084 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] d30d13e3ef8b23e51d609645c7e53aa2
[bSP] b63e1c8c71c70ddb4f978871c276825e : Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 2712 | Size: 14998 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

Link to comment
Share on other sites

it worked, not sure why it threw up an error code.

 

Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem.

Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.

This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

 

Click on this link Here to see a list of programs that should be disabled.

The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

 

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.

 

ClearJavaCache::

Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.

 

CFScriptB-4.gif

 

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

 

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

 

 

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

If there are internet issues afterward:

 

*In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

 

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

 

 

Chrome:

Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.

Link to comment
Share on other sites

ComboFix 15-02-09.01 - Default 02/13/2015 11:57:47.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2596 [GMT -8:00]
Running from: c:\users\Default.Default-PC\Desktop\ComboFix.exe
Command switches used :: c:\users\Default.Default-PC\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2015-01-13 to 2015-02-13 )))))))))))))))))))))))))))))))
.
.
2015-02-13 20:11 . 2015-02-13 20:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-13 13:16 . 2015-02-13 13:16 -------- d-----w- c:\windows\Migration
2015-02-13 13:02 . 2015-02-13 13:02 -------- d-----w- c:\windows\system32\SRSLabs
2015-02-13 13:02 . 2015-02-13 13:02 -------- d-----w- c:\windows\SysWow64\RTCOM
2015-02-13 13:02 . 2015-02-13 13:02 -------- d-----w- c:\program files\Realtek
2015-02-13 13:00 . 2009-11-24 17:55 518896 ----a-w- c:\windows\system32\SRSTSX64.dll
2015-02-13 13:00 . 2009-11-24 17:55 211184 ----a-w- c:\windows\system32\SRSTSH64.dll
2015-02-13 13:00 . 2009-11-24 17:55 198896 ----a-w- c:\windows\system32\SRSHP64.dll
2015-02-13 13:00 . 2009-11-24 17:55 155888 ----a-w- c:\windows\system32\SRSWOW64.dll
2015-02-13 12:53 . 2015-02-13 13:03 -------- d--h--w- c:\program files (x86)\Temp
2015-02-13 11:53 . 2015-02-13 11:53 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-02-13 11:53 . 2015-02-13 11:53 -------- d-----w- c:\programdata\RogueKiller
2015-02-13 11:36 . 2014-11-19 18:28 797400 ----a-w- c:\windows\system32\drivers\Rtlh64.sys
2015-02-13 11:36 . 2014-11-19 18:28 73800 ----a-w- c:\windows\system32\RtNicProp64.dll
2015-02-13 11:36 . 2014-11-19 18:28 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2015-02-13 09:38 . 2015-02-13 09:38 -------- d-----w- c:\users\Default.Default-PC\AppData\Local\Intel
2015-02-13 09:34 . 2015-02-13 09:34 -------- d-----w- c:\program files (x86)\Intel Driver Update Utility
2015-02-13 09:25 . 2015-02-13 09:25 -------- d-----w- c:\programdata\Package Cache
2015-02-13 08:32 . 2015-02-13 08:32 -------- d-----w- c:\users\Default\AppData\Roaming\AVAST Software
2015-02-13 07:23 . 2014-12-08 01:59 306176 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-02-13 07:23 . 2014-12-08 01:37 399360 ----a-w- c:\windows\system32\scesrv.dll
2015-02-13 07:19 . 2015-01-09 00:34 2790912 ----a-w- c:\windows\system32\win32k.sys
2015-02-13 07:09 . 2014-11-26 02:05 564224 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-02-13 07:09 . 2014-11-26 01:42 847360 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-13 07:08 . 2014-12-19 00:26 139776 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-02-13 07:08 . 2015-02-13 07:08 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-02-13 07:08 . 2015-02-13 07:08 -------- d-----r- c:\program files (x86)\Skype
2015-02-13 07:03 . 2014-08-23 01:05 304128 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-02-13 07:03 . 2014-08-23 00:42 390144 ----a-w- c:\windows\system32\gdi32.dll
2015-02-13 06:55 . 2014-11-04 00:35 2048 ----a-w- c:\windows\system32\tzres.dll
2015-02-13 06:55 . 2014-11-04 00:19 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2015-02-13 06:52 . 2015-01-13 01:51 1209856 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-13 06:52 . 2015-01-13 01:39 974848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-02-13 06:52 . 2014-08-12 02:25 729600 ----a-w- c:\windows\SysWow64\IMJP10K.DLL
2015-02-13 06:52 . 2014-08-12 02:11 923136 ----a-w- c:\windows\system32\IMJP10K.DLL
2015-02-13 06:39 . 2014-06-15 22:18 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll
2015-02-13 06:39 . 2014-06-15 22:18 1943696 ----a-w- c:\windows\system32\dfshim.dll
2015-02-13 06:39 . 2014-06-13 18:22 81560 ----a-w- c:\windows\SysWow64\mscories.dll
2015-02-13 06:39 . 2014-06-13 18:22 156824 ----a-w- c:\windows\SysWow64\mscorier.dll
2015-02-13 06:39 . 2014-06-13 17:36 73880 ----a-w- c:\windows\system32\mscories.dll
2015-02-13 06:39 . 2014-06-13 17:36 156312 ----a-w- c:\windows\system32\mscorier.dll
2015-02-13 06:39 . 2014-10-24 01:03 499200 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-02-13 06:39 . 2014-10-24 00:39 656384 ----a-w- c:\windows\system32\kerberos.dll
2015-02-13 06:24 . 2014-10-10 01:09 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-02-13 06:24 . 2014-10-10 01:00 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-02-13 06:24 . 2014-10-09 23:53 619520 ----a-w- c:\windows\system32\adtschema.dll
2015-02-13 06:24 . 2014-10-09 23:22 619520 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-02-13 06:24 . 2014-10-10 01:10 548352 ----a-w- c:\windows\system32\termsrv.dll
2015-02-13 06:19 . 2014-06-26 22:17 171152 ----a-w- c:\windows\system32\infocardapi.dll
2015-02-13 06:19 . 2014-06-26 22:17 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2015-02-13 06:19 . 2014-06-26 22:17 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2015-02-13 06:19 . 2014-06-26 22:17 8848 ----a-w- c:\windows\system32\icardres.dll
2015-02-13 06:19 . 2014-06-26 22:17 1389200 ----a-w- c:\windows\system32\icardagt.exe
2015-02-13 06:19 . 2014-06-26 22:17 619664 ----a-w- c:\windows\SysWow64\icardagt.exe
2015-02-13 06:19 . 2014-06-06 04:29 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-02-13 06:19 . 2014-06-06 04:28 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2015-02-13 06:17 . 2014-10-03 01:17 115712 ----a-w- c:\windows\SysWow64\AudioSes.dll
2015-02-13 06:17 . 2014-10-02 23:49 88576 ----a-w- c:\windows\SysWow64\audiodg.exe
2015-02-13 06:17 . 2014-10-03 01:18 274432 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2015-02-13 06:17 . 2014-10-03 01:17 396800 ----a-w- c:\windows\SysWow64\AudioEng.dll
2015-02-13 06:17 . 2014-10-03 01:03 313344 ----a-w- c:\windows\system32\AUDIOKSE.dll
2015-02-13 06:17 . 2014-10-03 01:02 201728 ----a-w- c:\windows\system32\EncDump.dll
2015-02-13 06:17 . 2014-10-03 01:01 474624 ----a-w- c:\windows\system32\AudioEng.dll
2015-02-13 06:17 . 2014-10-03 01:01 446976 ----a-w- c:\windows\system32\audiosrv.dll
2015-02-13 06:16 . 2014-12-06 03:14 48640 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-02-13 06:16 . 2014-12-06 03:14 93184 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-02-13 06:16 . 2014-12-06 02:54 61440 ----a-w- c:\windows\system32\nlaapi.dll
2015-02-13 06:16 . 2014-12-06 02:54 205824 ----a-w- c:\windows\system32\nlasvc.dll
2015-02-13 06:15 . 2014-12-06 02:54 178688 ----a-w- c:\windows\system32\profsvc.dll
2015-02-13 06:15 . 2014-10-24 01:04 67072 ----a-w- c:\windows\SysWow64\packager.dll
2015-02-13 06:15 . 2014-10-24 00:39 77312 ----a-w- c:\windows\system32\packager.dll
2015-02-13 06:14 . 2014-09-04 23:38 198656 ----a-w- c:\windows\system32\drivers\fastfat.sys
2015-02-13 06:14 . 2014-08-27 00:55 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-02-13 06:14 . 2014-08-27 00:41 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-02-13 06:14 . 2014-08-27 00:55 1249280 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-02-13 06:14 . 2014-08-27 00:41 1869824 ----a-w- c:\windows\system32\msxml3.dll
2015-02-13 06:13 . 2015-01-15 06:53 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2015-02-13 06:13 . 2015-01-15 04:08 516536 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-02-13 06:13 . 2014-12-03 02:06 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2015-02-13 06:13 . 2014-12-03 01:51 347136 ----a-w- c:\windows\system32\schannel.dll
2015-02-13 06:13 . 2014-10-10 01:09 1689600 ----a-w- c:\windows\system32\lsasrv.dll
2015-02-12 12:43 . 2015-02-13 20:11 -------- d-----w- c:\users\Default.Default-PC\AppData\Local\temp
2015-02-12 12:07 . 2014-06-02 21:30 1802752 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-02-12 12:07 . 2014-06-02 21:29 1487360 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2015-02-12 12:07 . 2014-06-02 21:29 1463808 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2015-02-12 12:07 . 2014-06-02 21:29 1435136 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-02-12 12:07 . 2014-06-02 10:30 937472 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2015-02-12 12:05 . 2014-02-06 04:21 1212416 ----a-w- c:\windows\system32\kernel32.dll
2015-02-12 12:05 . 2014-06-07 01:41 1871872 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2015-02-12 12:05 . 2014-06-07 01:41 120832 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2015-02-12 12:05 . 2014-06-07 01:41 206336 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2015-02-12 12:05 . 2014-06-07 00:22 10240 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2015-02-12 12:03 . 2013-10-22 09:31 79360 ----a-w- c:\windows\system32\imagehlp.dll
2015-02-12 12:03 . 2013-10-22 07:19 158208 ----a-w- c:\windows\SysWow64\imagehlp.dll
2015-02-12 12:02 . 2014-06-06 08:59 506880 ----a-w- c:\windows\SysWow64\qedit.dll
2015-02-12 12:02 . 2014-06-06 07:13 620032 ----a-w- c:\windows\system32\qedit.dll
2015-02-12 12:02 . 2014-06-14 00:56 901568 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2015-02-12 12:02 . 2014-06-14 00:51 47104 ----a-w- c:\windows\system32\cdd.dll
2015-02-12 12:01 . 2014-05-30 07:10 404992 ----a-w- c:\windows\system32\drivers\afd.sys
2015-02-12 06:10 . 2015-02-12 06:10 -------- d-----w- c:\users\Default.Default-PC\AppData\Roaming\ATI
2015-02-12 06:10 . 2015-02-12 06:10 -------- d-----w- c:\users\Default.Default-PC\AppData\Local\ATI
2015-02-12 06:10 . 2015-02-12 06:10 -------- d-----w- c:\programdata\ATI
2015-02-12 06:02 . 2015-02-12 06:02 -------- d-----w- c:\program files (x86)\ATI Technologies
2015-02-12 06:02 . 2015-02-12 06:02 -------- d-----w- c:\program files\ATI
2015-02-12 06:02 . 2015-02-12 06:06 -------- d-----w- c:\program files\ATI Technologies
2015-02-12 05:33 . 2013-10-30 04:34 374784 ----a-w- c:\windows\system32\SysFxUI.dll
2015-02-12 05:33 . 2013-10-30 03:55 122368 ----a-w- c:\windows\system32\drivers\drmk.sys
2015-02-12 05:33 . 2013-10-30 02:33 218112 ----a-w- c:\windows\system32\drivers\portcls.sys
2015-02-12 05:32 . 2014-06-02 21:30 3137536 ----a-w- c:\windows\system32\msi.dll
2015-02-12 05:32 . 2014-06-02 21:30 503296 ----a-w- c:\windows\system32\msihnd.dll
2015-02-12 05:32 . 2014-06-02 21:29 2280448 ----a-w- c:\windows\system32\authui.dll
2015-02-12 05:32 . 2014-06-02 21:29 45056 ----a-w- c:\windows\system32\appinfo.dll
2015-02-12 05:32 . 2014-06-02 20:29 87552 ----a-w- c:\windows\system32\consent.exe
2015-02-12 05:32 . 2014-06-02 10:31 332800 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-02-12 05:32 . 2014-06-02 10:31 2263552 ----a-w- c:\windows\SysWow64\msi.dll
2015-02-12 05:32 . 2014-06-02 10:30 1993728 ----a-w- c:\windows\SysWow64\authui.dll
2015-02-12 05:31 . 2015-02-12 05:31 -------- d-----w- c:\users\Default.Default-PC\AppData\Roaming\AVAST Software
2015-02-12 05:29 . 2015-02-12 05:28 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-02-12 05:29 . 2015-02-12 05:28 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-02-12 05:29 . 2015-02-12 05:28 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-02-12 05:29 . 2015-02-12 05:30 87912 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2015-02-12 05:29 . 2015-02-12 05:28 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-02-12 05:29 . 2015-02-12 05:28 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-02-12 05:29 . 2015-02-12 05:28 64752 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-02-12 05:29 . 2015-02-12 05:30 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-13 13:00 . 2002-08-27 16:10 525792 ----a-w- c:\windows\DIFxAPI.dll
2015-02-11 22:26 . 2010-06-24 19:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2015-02-11 22:16 . 2012-06-14 13:11 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-11 22:16 . 2011-06-04 19:18 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-30 01:49 . 2006-11-02 12:35 116773704 ----a-w- c:\windows\system32\mrt.exe
2014-11-18 22:56 . 2014-11-18 22:56 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-02-12 5227112]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-30 642304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - AFD
*Deregistered* - amdkmdag
*Deregistered* - aswHwid
*Deregistered* - aswMonFlt
*Deregistered* - aswRdr
*Deregistered* - aswRvrt
*Deregistered* - aswSnx
*Deregistered* - aswSP
*Deregistered* - aswTdi
*Deregistered* - aswVmm
*Deregistered* - bowser
*Deregistered* - cdfs
*Deregistered* - CLFS
*Deregistered* - crcdisk
*Deregistered* - DfsC
*Deregistered* - DXGKrnl
*Deregistered* - fastfat
*Deregistered* - FileInfo
*Deregistered* - FltMgr
*Deregistered* - HTTP
*Deregistered* - iScsiPrt
*Deregistered* - KSecDD
*Deregistered* - lltdio
*Deregistered* - luafv
*Deregistered* - mouclass
*Deregistered* - MountMgr
*Deregistered* - mpsdrv
*Deregistered* - MRxDAV
*Deregistered* - mrxsmb
*Deregistered* - mrxsmb10
*Deregistered* - mrxsmb20
*Deregistered* - Msfs
*Deregistered* - msisadrv
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NativeWifiP
*Deregistered* - NDIS
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - netbt
*Deregistered* - Npfs
*Deregistered* - nsiproxy
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PEAUTH
*Deregistered* - PptpMiniport
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasPppoe
*Deregistered* - RasSstp
*Deregistered* - rdbss
*Deregistered* - RDPCDD
*Deregistered* - RDPENCDD
*Deregistered* - rspndr
*Deregistered* - SASDIFSV
*Deregistered* - SASKUTIL
*Deregistered* - secdrv
*Deregistered* - Smb
*Deregistered* - spldr
*Deregistered* - srv
*Deregistered* - srv2
*Deregistered* - srvnet
*Deregistered* - swenum
*Deregistered* - Tcpip
*Deregistered* - tcpipreg
*Deregistered* - tdx
*Deregistered* - TermDD
*Deregistered* - tunmp
*Deregistered* - tunnel
*Deregistered* - umbus
*Deregistered* - VgaSave
*Deregistered* - volmgr
*Deregistered* - volmgrx
*Deregistered* - volsnap
*Deregistered* - Wanarpv6
*Deregistered* - Wdf01000
*Deregistered* - ws2ifsl
*Deregistered* - XAudio
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-11 22:37 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 22:16]
.
2015-02-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4263378259-964094001-1927029533-1000Core.job
- c:\users\Default.Default-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-25 11:57]
.
2015-02-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4263378259-964094001-1927029533-1000UA.job
- c:\users\Default.Default-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-25 11:57]
.
2015-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 22:31]
.
2015-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 22:31]
.
2013-06-08 c:\windows\Tasks\HPCeeScheduleForDefault.job
- c:\program files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2002-08-27 03:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-02-12 05:28 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-05-10 13672152]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-SITEguard - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2015-02-13 12:14:20
ComboFix-quarantined-files.txt 2015-02-13 20:14
ComboFix2.txt 2015-02-12 12:43
.
Pre-Run: 192,829,460,480 bytes free
Post-Run: 199,334,883,328 bytes free
.
- - End Of File - - 69126BF8104FB6F788176FA0177EFF72
03BA8F890B47C0BE359A4D5A636D214D

Link to comment
Share on other sites

Kinda running out of options here, next I want to try and see if ComboFix can see a couple of drivers I think need to be removed.

 

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

 

Driver::

X6va006

zzvwweat

yzmchvxa

Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.

 

CFScriptB-4.gif

 

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

 

Next

Open MBAM and allow it to connect to the internet and try to get the latest updates, then, disconnect from the internet and run a full scan.

 

Post ComboFix.txt

MBAM log

Link to comment
Share on other sites

scan logs and a pic:

 

 

ComboFix 15-02-09.01 - Default 02/13/2015 14:09:53.3.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2538 [GMT -8:00]
Running from: c:\users\Default.Default-PC\Desktop\ComboFix.exe
Command switches used :: c:\users\Default.Default-PC\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA006
-------\Service_yzmchvxa
-------\Service_zzvwweat
.
.
((((((((((((((((((((((((( Files Created from 2015-01-14 to 2015-02-14 )))))))))))))))))))))))))))))))
.
.
2015-02-13 22:23 . 2015-02-13 22:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-13 21:18 . 2015-01-23 04:07 2339840 ----a-w- c:\windows\system32\jscript9.dll
2015-02-13 21:18 . 2015-01-23 03:00 1810944 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-13 21:18 . 2015-01-23 03:59 816640 ----a-w- c:\windows\system32\jscript.dll
2015-02-13 13:16 . 2015-02-13 13:16 -------- d-----w- c:\windows\Migration
2015-02-13 13:02 . 2015-02-13 13:02 -------- d-----w- c:\windows\system32\SRSLabs
2015-02-13 13:02 . 2015-02-13 13:02 -------- d-----w- c:\windows\SysWow64\RTCOM
2015-02-13 13:02 . 2015-02-13 13:02 -------- d-----w- c:\program files\Realtek
2015-02-13 13:00 . 2009-11-24 17:55 518896 ----a-w- c:\windows\system32\SRSTSX64.dll
2015-02-13 13:00 . 2009-11-24 17:55 211184 ----a-w- c:\windows\system32\SRSTSH64.dll
2015-02-13 13:00 . 2009-11-24 17:55 198896 ----a-w- c:\windows\system32\SRSHP64.dll
2015-02-13 13:00 . 2009-11-24 17:55 155888 ----a-w- c:\windows\system32\SRSWOW64.dll
2015-02-13 12:53 . 2015-02-13 13:03 -------- d--h--w- c:\program files (x86)\Temp
2015-02-13 11:53 . 2015-02-13 11:53 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-02-13 11:53 . 2015-02-13 11:53 -------- d-----w- c:\programdata\RogueKiller
2015-02-13 11:36 . 2014-11-19 18:28 797400 ----a-w- c:\windows\system32\drivers\Rtlh64.sys
2015-02-13 11:36 . 2014-11-19 18:28 73800 ----a-w- c:\windows\system32\RtNicProp64.dll
2015-02-13 11:36 . 2014-11-19 18:28 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2015-02-13 09:38 . 2015-02-13 09:38 -------- d-----w- c:\users\Default.Default-PC\AppData\Local\Intel
2015-02-13 09:34 . 2015-02-13 09:34 -------- d-----w- c:\program files (x86)\Intel Driver Update Utility
2015-02-13 09:25 . 2015-02-13 09:25 -------- d-----w- c:\programdata\Package Cache
2015-02-13 08:32 . 2015-02-13 08:32 -------- d-----w- c:\users\Default\AppData\Roaming\AVAST Software
2015-02-13 07:23 . 2014-12-08 01:59 306176 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-02-13 07:23 . 2014-12-08 01:37 399360 ----a-w- c:\windows\system32\scesrv.dll
2015-02-13 07:19 . 2015-01-09 00:34 2790912 ----a-w- c:\windows\system32\win32k.sys
2015-02-13 07:09 . 2014-11-26 02:05 564224 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-02-13 07:09 . 2014-11-26 01:42 847360 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-13 07:08 . 2014-12-19 00:26 139776 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-02-13 07:08 . 2015-02-13 07:08 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-02-13 07:08 . 2015-02-13 07:08 -------- d-----r- c:\program files (x86)\Skype
2015-02-13 07:03 . 2014-08-23 01:05 304128 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-02-13 07:03 . 2014-08-23 00:42 390144 ----a-w- c:\windows\system32\gdi32.dll
2015-02-13 06:55 . 2014-11-04 00:35 2048 ----a-w- c:\windows\system32\tzres.dll
2015-02-13 06:55 . 2014-11-04 00:19 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2015-02-13 06:52 . 2015-01-13 01:51 1209856 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-13 06:52 . 2015-01-13 01:39 974848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-02-13 06:52 . 2014-08-12 02:25 729600 ----a-w- c:\windows\SysWow64\IMJP10K.DLL
2015-02-13 06:52 . 2014-08-12 02:11 923136 ----a-w- c:\windows\system32\IMJP10K.DLL
2015-02-13 06:39 . 2014-06-15 22:18 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll
2015-02-13 06:39 . 2014-06-15 22:18 1943696 ----a-w- c:\windows\system32\dfshim.dll
2015-02-13 06:39 . 2014-06-13 18:22 81560 ----a-w- c:\windows\SysWow64\mscories.dll
2015-02-13 06:39 . 2014-06-13 18:22 156824 ----a-w- c:\windows\SysWow64\mscorier.dll
2015-02-13 06:39 . 2014-06-13 17:36 73880 ----a-w- c:\windows\system32\mscories.dll
2015-02-13 06:39 . 2014-06-13 17:36 156312 ----a-w- c:\windows\system32\mscorier.dll
2015-02-13 06:39 . 2014-10-24 01:03 499200 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-02-13 06:39 . 2014-10-24 00:39 656384 ----a-w- c:\windows\system32\kerberos.dll
2015-02-13 06:24 . 2014-10-10 01:09 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-02-13 06:24 . 2014-10-10 01:00 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-02-13 06:24 . 2014-10-09 23:53 619520 ----a-w- c:\windows\system32\adtschema.dll
2015-02-13 06:24 . 2014-10-09 23:22 619520 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-02-13 06:24 . 2014-10-10 01:10 548352 ----a-w- c:\windows\system32\termsrv.dll
2015-02-13 06:19 . 2014-06-26 22:17 171152 ----a-w- c:\windows\system32\infocardapi.dll
2015-02-13 06:19 . 2014-06-26 22:17 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2015-02-13 06:19 . 2014-06-26 22:17 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2015-02-13 06:19 . 2014-06-26 22:17 8848 ----a-w- c:\windows\system32\icardres.dll
2015-02-13 06:19 . 2014-06-26 22:17 1389200 ----a-w- c:\windows\system32\icardagt.exe
2015-02-13 06:19 . 2014-06-26 22:17 619664 ----a-w- c:\windows\SysWow64\icardagt.exe
2015-02-13 06:19 . 2014-06-06 04:29 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-02-13 06:19 . 2014-06-06 04:28 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2015-02-13 06:17 . 2014-10-03 01:17 115712 ----a-w- c:\windows\SysWow64\AudioSes.dll
2015-02-13 06:17 . 2014-10-02 23:49 88576 ----a-w- c:\windows\SysWow64\audiodg.exe
2015-02-13 06:17 . 2014-10-03 01:18 274432 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2015-02-13 06:17 . 2014-10-03 01:17 396800 ----a-w- c:\windows\SysWow64\AudioEng.dll
2015-02-13 06:17 . 2014-10-03 01:03 313344 ----a-w- c:\windows\system32\AUDIOKSE.dll
2015-02-13 06:17 . 2014-10-03 01:02 201728 ----a-w- c:\windows\system32\EncDump.dll
2015-02-13 06:17 . 2014-10-03 01:01 474624 ----a-w- c:\windows\system32\AudioEng.dll
2015-02-13 06:17 . 2014-10-03 01:01 446976 ----a-w- c:\windows\system32\audiosrv.dll
2015-02-13 06:16 . 2014-12-06 03:14 48640 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-02-13 06:16 . 2014-12-06 03:14 93184 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-02-13 06:16 . 2014-12-06 02:54 61440 ----a-w- c:\windows\system32\nlaapi.dll
2015-02-13 06:16 . 2014-12-06 02:54 205824 ----a-w- c:\windows\system32\nlasvc.dll
2015-02-13 06:15 . 2014-12-06 02:54 178688 ----a-w- c:\windows\system32\profsvc.dll
2015-02-13 06:15 . 2014-10-24 01:04 67072 ----a-w- c:\windows\SysWow64\packager.dll
2015-02-13 06:15 . 2014-10-24 00:39 77312 ----a-w- c:\windows\system32\packager.dll
2015-02-13 06:14 . 2014-09-04 23:38 198656 ----a-w- c:\windows\system32\drivers\fastfat.sys
2015-02-13 06:14 . 2014-08-27 00:55 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-02-13 06:14 . 2014-08-27 00:41 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-02-13 06:14 . 2014-08-27 00:55 1249280 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-02-13 06:14 . 2014-08-27 00:41 1869824 ----a-w- c:\windows\system32\msxml3.dll
2015-02-13 06:13 . 2015-01-15 06:53 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2015-02-13 06:13 . 2015-01-15 04:08 516536 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-02-13 06:13 . 2014-12-03 02:06 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2015-02-13 06:13 . 2014-12-03 01:51 347136 ----a-w- c:\windows\system32\schannel.dll
2015-02-13 06:13 . 2014-10-10 01:09 1689600 ----a-w- c:\windows\system32\lsasrv.dll
2015-02-12 12:43 . 2015-02-14 02:14 -------- d-----w- c:\users\Default.Default-PC\AppData\Local\temp
2015-02-12 12:07 . 2014-06-02 21:30 1802752 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-02-12 12:07 . 2014-06-02 21:29 1487360 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2015-02-12 12:07 . 2014-06-02 21:29 1463808 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2015-02-12 12:07 . 2014-06-02 21:29 1435136 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-02-12 12:07 . 2014-06-02 10:30 937472 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2015-02-12 12:05 . 2014-02-06 04:21 1212416 ----a-w- c:\windows\system32\kernel32.dll
2015-02-12 12:05 . 2014-06-07 01:41 1871872 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2015-02-12 12:05 . 2014-06-07 01:41 120832 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2015-02-12 12:05 . 2014-06-07 01:41 206336 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2015-02-12 12:05 . 2014-06-07 00:22 10240 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2015-02-12 12:03 . 2013-10-22 09:31 79360 ----a-w- c:\windows\system32\imagehlp.dll
2015-02-12 12:03 . 2013-10-22 07:19 158208 ----a-w- c:\windows\SysWow64\imagehlp.dll
2015-02-12 12:02 . 2014-06-06 08:59 506880 ----a-w- c:\windows\SysWow64\qedit.dll
2015-02-12 12:02 . 2014-06-06 07:13 620032 ----a-w- c:\windows\system32\qedit.dll
2015-02-12 12:02 . 2014-06-14 00:56 901568 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2015-02-12 12:02 . 2014-06-14 00:51 47104 ----a-w- c:\windows\system32\cdd.dll
2015-02-12 12:01 . 2014-05-30 07:10 404992 ----a-w- c:\windows\system32\drivers\afd.sys
2015-02-12 06:10 . 2015-02-12 06:10 -------- d-----w- c:\users\Default.Default-PC\AppData\Roaming\ATI
2015-02-12 06:10 . 2015-02-12 06:10 -------- d-----w- c:\users\Default.Default-PC\AppData\Local\ATI
2015-02-12 06:10 . 2015-02-12 06:10 -------- d-----w- c:\programdata\ATI
2015-02-12 06:02 . 2015-02-12 06:02 -------- d-----w- c:\program files (x86)\ATI Technologies
2015-02-12 06:02 . 2015-02-12 06:02 -------- d-----w- c:\program files\ATI
2015-02-12 06:02 . 2015-02-12 06:06 -------- d-----w- c:\program files\ATI Technologies
2015-02-12 05:33 . 2013-10-30 04:34 374784 ----a-w- c:\windows\system32\SysFxUI.dll
2015-02-12 05:33 . 2013-10-30 03:55 122368 ----a-w- c:\windows\system32\drivers\drmk.sys
2015-02-12 05:33 . 2013-10-30 02:33 218112 ----a-w- c:\windows\system32\drivers\portcls.sys
2015-02-12 05:32 . 2014-06-02 21:30 3137536 ----a-w- c:\windows\system32\msi.dll
2015-02-12 05:32 . 2014-06-02 21:30 503296 ----a-w- c:\windows\system32\msihnd.dll
2015-02-12 05:32 . 2014-06-02 21:29 2280448 ----a-w- c:\windows\system32\authui.dll
2015-02-12 05:32 . 2014-06-02 21:29 45056 ----a-w- c:\windows\system32\appinfo.dll
2015-02-12 05:32 . 2014-06-02 20:29 87552 ----a-w- c:\windows\system32\consent.exe
2015-02-12 05:32 . 2014-06-02 10:31 332800 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-02-12 05:32 . 2014-06-02 10:31 2263552 ----a-w- c:\windows\SysWow64\msi.dll
2015-02-12 05:32 . 2014-06-02 10:30 1993728 ----a-w- c:\windows\SysWow64\authui.dll
2015-02-12 05:31 . 2015-02-12 05:31 -------- d-----w- c:\users\Default.Default-PC\AppData\Roaming\AVAST Software
2015-02-12 05:29 . 2015-02-12 05:28 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-02-12 05:29 . 2015-02-12 05:28 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-02-12 05:29 . 2015-02-12 05:28 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-02-12 05:29 . 2015-02-12 05:30 87912 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2015-02-12 05:29 . 2015-02-12 05:28 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-13 13:00 . 2002-08-27 16:10 525792 ----a-w- c:\windows\DIFxAPI.dll
2015-02-11 22:26 . 2010-06-24 19:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2015-02-11 22:16 . 2012-06-14 13:11 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-11 22:16 . 2011-06-04 19:18 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-30 01:49 . 2006-11-02 12:35 116773704 ----a-w- c:\windows\system32\mrt.exe
2014-11-18 22:56 . 2014-11-18 22:56 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-02-12 5227112]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-30 642304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - AFD
*Deregistered* - amdkmdag
*Deregistered* - aswHwid
*Deregistered* - aswMonFlt
*Deregistered* - aswRdr
*Deregistered* - aswRvrt
*Deregistered* - aswSnx
*Deregistered* - aswSP
*Deregistered* - aswTdi
*Deregistered* - aswVmm
*Deregistered* - bowser
*Deregistered* - cdfs
*Deregistered* - CLFS
*Deregistered* - crcdisk
*Deregistered* - DfsC
*Deregistered* - DXGKrnl
*Deregistered* - fastfat
*Deregistered* - FileInfo
*Deregistered* - FltMgr
*Deregistered* - HTTP
*Deregistered* - iScsiPrt
*Deregistered* - KSecDD
*Deregistered* - lltdio
*Deregistered* - luafv
*Deregistered* - mouclass
*Deregistered* - MountMgr
*Deregistered* - mpsdrv
*Deregistered* - MRxDAV
*Deregistered* - mrxsmb
*Deregistered* - mrxsmb10
*Deregistered* - mrxsmb20
*Deregistered* - Msfs
*Deregistered* - msisadrv
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NativeWifiP
*Deregistered* - NDIS
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - netbt
*Deregistered* - Npfs
*Deregistered* - nsiproxy
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PEAUTH
*Deregistered* - PptpMiniport
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasPppoe
*Deregistered* - RasSstp
*Deregistered* - rdbss
*Deregistered* - RDPCDD
*Deregistered* - RDPENCDD
*Deregistered* - rspndr
*Deregistered* - SASDIFSV
*Deregistered* - SASKUTIL
*Deregistered* - secdrv
*Deregistered* - Smb
*Deregistered* - spldr
*Deregistered* - srv
*Deregistered* - srv2
*Deregistered* - srvnet
*Deregistered* - swenum
*Deregistered* - Tcpip
*Deregistered* - tcpipreg
*Deregistered* - tdx
*Deregistered* - TermDD
*Deregistered* - tunmp
*Deregistered* - tunnel
*Deregistered* - umbus
*Deregistered* - VgaSave
*Deregistered* - volmgr
*Deregistered* - volmgrx
*Deregistered* - volsnap
*Deregistered* - Wanarpv6
*Deregistered* - Wdf01000
*Deregistered* - ws2ifsl
*Deregistered* - XAudio
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-11 22:37 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 22:16]
.
2015-02-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4263378259-964094001-1927029533-1000Core.job
- c:\users\Default.Default-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-25 11:57]
.
2015-02-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4263378259-964094001-1927029533-1000UA.job
- c:\users\Default.Default-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-25 11:57]
.
2015-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 22:31]
.
2015-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 22:31]
.
2013-06-08 c:\windows\Tasks\HPCeeScheduleForDefault.job
- c:\program files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2002-08-27 03:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-02-12 05:28 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-05-10 13672152]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-SITEguard - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
.
**************************************************************************
.
Completion time: 2015-02-13 18:23:16 - machine was rebooted
ComboFix-quarantined-files.txt 2015-02-14 02:23
ComboFix2.txt 2015-02-12 12:43
.
Pre-Run: 197,718,016,000 bytes free
Post-Run: 197,269,204,992 bytes free
.
- - End Of File - - 520E2D9084C1DC0D1759AD1512D8EEDF
03BA8F890B47C0BE359A4D5A636D214D

 

MB scan log:

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/13/2015
Scan Time: 6:34:45 PM
Logfile: mbscan.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.13.09
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Default

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 381540
Time Elapsed: 17 min, 30 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Edited by brownhornet
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...