Sponsored By

Sign in to follow this  
urtreasured

Fix my PC

Recommended Posts

ran malwarebytes one more time, here is the log:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.01.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18928
Owner :: GMB [administrator]

Protection: Enabled

12/2/2013 9:47:59 AM
mbam-log-2013-12-02 (09-47-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214537
Time elapsed: 16 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

MS Windows maliicious software removal tool <<< when did or where did you get this ! Lets just leave it alone for now ! Very busy this morning so i will have some more for you shortly,

Share this post


Link to post
Share on other sites

looking a lot better ! Lets see if we got anymore of Zero or its exploits left !!

 

Please read carefully and follow these steps. There is a difference between what you see in one of the images below and what I need you to do.

We are only creating a log - I do NOT want you to "cure" or try to fix anything in this step. It is very important that you don't choose Cure when presented with that option.

Download >>> http://support.kaspersky.com/downloads/utils/tdsskiller.zip <<< and save it to your Desktop.
* Extract its contents to your desktop.
* Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

    * Windows XP : Double click on the icon to run it.
    * Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

 Press Start Scan

    * Only if Malicious objects are found then ensure Cure is selected
    * Then click Continue > Reboot now

Copy and paste the log in your next reply !
A copy of the log will be saved automatically to the root of the drive (typically C:\)


 

 

 

NEXT

 

 



Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   
 

 

 

Post Next:

1.TDSSKiller log

2. OTL log(s)

 

Thanks

Chuck

Share this post


Link to post
Share on other sites

Will be popping in and out i guess today, honey do's !!

 

MS Windows maliicious software removal tool <<< this is sometimes a fake program that try's to sell you other software ! I think we delete/remove it !!

 

Chuck

Share this post


Link to post
Share on other sites

I was out for a few hourds and decided to run the malwarebytes full scan.  Here is the log.  I have a couple of errands to run then I will get back to the other items you sent me.

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.02.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18928
Owner :: GMB [administrator]

Protection: Enabled

12/2/2013 10:07:51 AM
mbam-log-2013-12-02 (10-07-51).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 408964
Time elapsed: 3 hour(s), 7 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files\RealArcade\Installer\bin\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

(end)

Share this post


Link to post
Share on other sites

TDDSKiller 1

 

17:27:47.0163 0x1170 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50

17:28:00.0710 0x1170 ============================================================

17:28:00.0710 0x1170 Current date / time: 2013/12/02 17:28:00.0710

17:28:00.0710 0x1170 SystemInfo:

17:28:00.0726 0x1170

17:28:00.0726 0x1170 OS Version: 6.0.6002 ServicePack: 2.0

17:28:00.0726 0x1170 Product type: Workstation

17:28:00.0726 0x1170 ComputerName: GMB

17:28:00.0726 0x1170 UserName: Owner

17:28:00.0726 0x1170 Windows directory: C:\Windows

17:28:00.0726 0x1170 System windows directory: C:\Windows

17:28:00.0726 0x1170 Processor architecture: Intel x86

17:28:00.0726 0x1170 Number of processors: 2

17:28:00.0726 0x1170 Page size: 0x1000

17:28:00.0726 0x1170 Boot type: Normal boot

17:28:00.0726 0x1170 ============================================================

17:28:02.0288 0x1170 KLMD registered as C:\Windows\system32\drivers\29410148.sys

17:28:05.0179 0x1170 System UUID: {77EBC544-6E0D-9C51-08F7-C01ADB17B583}

17:28:08.0101 0x1170 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

17:28:08.0101 0x1170 ============================================================

17:28:08.0101 0x1170 \Device\Harddisk0\DR0:

17:28:08.0101 0x1170 MBR partitions:

17:28:08.0101 0x1170 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x13D334F

17:28:08.0101 0x1170 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13D338E, BlocksNum 0x11645733

17:28:08.0101 0x1170 ============================================================

17:28:08.0132 0x1170 C: <-> \Device\Harddisk0\DR0\Partition2

17:28:08.0226 0x1170 D: <-> \Device\Harddisk0\DR0\Partition1

17:28:08.0226 0x1170 ============================================================

17:28:08.0226 0x1170 Initialize success

17:28:08.0226 0x1170 ============================================================

17:28:32.0163 0x1760 ============================================================

17:28:32.0163 0x1760 Scan started

17:28:32.0163 0x1760 Mode: Manual;

17:28:32.0163 0x1760 ============================================================

17:28:32.0163 0x1760 KSN ping started

17:28:38.0429 0x1760 KSN ping finished: true

17:28:38.0726 0x1760 ================ Scan system memory ========================

17:28:38.0726 0x1760 System memory - ok

17:28:38.0726 0x1760 ================ Scan services =============================

17:28:38.0991 0x1760 [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI C:\Windows\system32\drivers\acpi.sys

17:28:39.0007 0x1760 ACPI - ok

17:28:39.0179 0x1760 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB, 0342700760874683A6DF4F149DACACEF0569D40C45FC5958C67100B3C5D9BBBC ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

17:28:39.0210 0x1760 adp94xx - ok

17:28:39.0257 0x1760 [ B84088CA3CDCA97DA44A984C6CE1CCAD, 87009809FB101BF51483FA32318CBCD209386582880C82417BE4FFAD1B04C8C1 ] adpahci C:\Windows\system32\drivers\adpahci.sys

17:28:39.0273 0x1760 adpahci - ok

17:28:39.0320 0x1760 [ 7880C67BCCC27C86FD05AA2AFB5EA469, C8B06E203EEA6EAD19651F212432005ABADFF21E2AA5699E34040527394F2677 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

17:28:39.0366 0x1760 adpu160m - ok

17:28:39.0398 0x1760 [ 9AE713F8E30EFC2ABCCD84904333DF4D, B0C7801AC6E0811C38F0474703F34283914C8873D851F59EE232834F7C0D8087 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

17:28:39.0413 0x1760 adpu320 - ok

17:28:39.0476 0x1760 [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

17:28:39.0507 0x1760 AeLookupSvc - ok

17:28:39.0585 0x1760 [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD C:\Windows\system32\drivers\afd.sys

17:28:39.0601 0x1760 AFD - ok

17:28:39.0663 0x1760 [ EF23439CDD587F64C2C1B8825CEAD7D8, 762665CFC202B3E16CA2338887896FDF996331A363DC709F1EC088BF927133A3 ] agp440 C:\Windows\system32\drivers\agp440.sys

17:28:39.0663 0x1760 agp440 - ok

17:28:39.0710 0x1760 [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys

17:28:39.0710 0x1760 aic78xx - ok

17:28:39.0757 0x1760 [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe

17:28:39.0757 0x1760 ALG - ok

17:28:39.0788 0x1760 [ 90395B64600EBB4552E26E178C94B2E4, 73095893964DC7915983B58A567184FC51949C99341E7E0D04D70CC4C4F95E37 ] aliide C:\Windows\system32\drivers\aliide.sys

17:28:39.0788 0x1760 aliide - ok

17:28:39.0820 0x1760 [ 2B13E304C9DFDFA5EB582F6A149FA2C7, 196CCE13E0376526B79D9C43D4071990576C4DD210A48E9E922B438AA11C95E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys

17:28:39.0820 0x1760 amdagp - ok

17:28:39.0835 0x1760 [ 0577DF1D323FE75A739C787893D300EA, 079EF3CA18FB847DB7E62929071BFF007FAF390E1DBF4C59F28DAAC6B9C2DE51 ] amdide C:\Windows\system32\drivers\amdide.sys

17:28:39.0835 0x1760 amdide - ok

17:28:39.0882 0x1760 [ DC487885BCEF9F28EECE6FAC0E5DDFC5, 24A62F6E628AD46273BC226F7BC3453A9C7B76F81ABB9FB801EBEFADB2AB7C9B ] AmdK7 C:\Windows\system32\drivers\amdk7.sys

17:28:39.0882 0x1760 AmdK7 - ok

17:28:39.0929 0x1760 [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

17:28:39.0929 0x1760 AmdK8 - ok

17:28:39.0976 0x1760 [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo C:\Windows\System32\appinfo.dll

17:28:40.0007 0x1760 Appinfo - ok

17:28:40.0132 0x1760 [ B8E865D24F2753A35CC2A9A6A3CE1AD4, 07DF2B19F55F87B2038DA2D60B13062AC8E67F0B0D5028ABDBDFEF17209E54D6 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

17:28:40.0148 0x1760 Apple Mobile Device - ok

17:28:40.0195 0x1760 [ 5F673180268BB1FDB69C99B6619FE379, C4307A861163F96648109046A6C7D53AB1C9B10D0B841DD1A7D147D22F462649 ] arc C:\Windows\system32\drivers\arc.sys

17:28:40.0210 0x1760 arc - ok

17:28:40.0241 0x1760 [ 957F7540B5E7F602E44648C7DE5A1C05, F03C7708A6C9D2579ECE5A7413AFA068E1067D7191EC653A78BA4FEDE76CFBD8 ] arcsas C:\Windows\system32\drivers\arcsas.sys

17:28:40.0241 0x1760 arcsas - ok

17:28:40.0304 0x1760 [ CBA53C5E29AE0A0CE76F9A2BE3A40D9E, CE8D4943D9FC14223C4E7158CE817A82B8BC6320D924E74B20C087BECC5EA11D ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys

17:28:40.0335 0x1760 aswFsBlk - ok

17:28:40.0351 0x1760 [ 317F85FB68A3BE507E9CCEDE5E6D9EE0, 284F9E725B237158B4139DD171B56A2C3265B7779F19E55D97B9E0BA144846C5 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys

17:28:40.0351 0x1760 aswMonFlt - ok

17:28:40.0366 0x1760 [ B6E8C5874377A42756C282FAC2E20836, 4005634855127854F80F57F6AFE0BA07B6BC46E5C0061E91B21FC1023A1D7673 ] aswRdr C:\Windows\system32\drivers\aswRdr.sys

17:28:40.0382 0x1760 aswRdr - ok

17:28:40.0429 0x1760 [ B93A553C9B0F14263C8F016A44C3258C, F5F9100B36796577059BDC76CBD28C71104FF327584D5A439065CCF34D798017 ] aswSP C:\Windows\system32\drivers\aswSP.sys

17:28:40.0445 0x1760 aswSP - ok

17:28:40.0491 0x1760 [ 1408421505257846EB336FEEEF33352D, F252DB0D88285759A4F6E0DEE675DB8ED32C95EEF3568A2F7012124227975B46 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys

17:28:40.0507 0x1760 aswTdi - ok

17:28:40.0554 0x1760 [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

17:28:40.0554 0x1760 AsyncMac - ok

17:28:40.0648 0x1760 [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi C:\Windows\system32\drivers\atapi.sys

17:28:40.0663 0x1760 atapi - ok

17:28:40.0741 0x1760 [ A00CBBFA249F5B7944C4FAC1CB21B290, E6DBBFC8742AB0DA89106DEF30D01A2B5CE0D3D769701440F63E2150C5393BBD ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe

17:28:40.0804 0x1760 Ati External Event Utility - ok

17:28:40.0960 0x1760 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

17:28:40.0976 0x1760 AudioEndpointBuilder - ok

17:28:41.0007 0x1760 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv C:\Windows\System32\Audiosrv.dll

17:28:41.0007 0x1760 Audiosrv - ok

17:28:41.0101 0x1760 [ 25FB74EABCE5EC7836BA3CFB3C58449A, BAFB42756E92A1A5098FCAB9ED5BC47AFFAA880FC5EE722178897AA9706936D6 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

17:28:41.0101 0x1760 avast! Antivirus - ok

17:28:41.0179 0x1760 [ CF6A67C90951E3E763D2135DEDE44B85, DD31F105665C6980D4CEF5C5C0F29590CF1DC0B4AEB3809C8659915E5E95931B ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys

17:28:41.0210 0x1760 BCM43XV - ok

17:28:41.0273 0x1760 [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys

17:28:41.0273 0x1760 Beep - ok

17:28:41.0382 0x1760 [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE C:\Windows\System32\bfe.dll

17:28:41.0413 0x1760 BFE - ok

17:28:41.0538 0x1760 [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS C:\Windows\system32\qmgr.dll

17:28:41.0585 0x1760 BITS - ok

17:28:41.0585 0x1760 blbdrive - ok

17:28:41.0632 0x1760 [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

17:28:41.0632 0x1760 bowser - ok

17:28:41.0679 0x1760 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

17:28:41.0695 0x1760 BrFiltLo - ok

17:28:41.0710 0x1760 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

17:28:41.0710 0x1760 BrFiltUp - ok

17:28:41.0757 0x1760 [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll

17:28:41.0757 0x1760 Browser - ok

17:28:41.0804 0x1760 [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys

17:28:41.0804 0x1760 Brserid - ok

17:28:41.0835 0x1760 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

17:28:41.0851 0x1760 BrSerWdm - ok

17:28:41.0882 0x1760 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

17:28:41.0898 0x1760 BrUsbMdm - ok

17:28:41.0913 0x1760 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

17:28:41.0913 0x1760 BrUsbSer - ok

17:28:41.0929 0x1760 [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

17:28:41.0929 0x1760 BTHMODEM - ok

17:28:42.0101 0x1760 catchme - ok

17:28:42.0148 0x1760 [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

17:28:42.0148 0x1760 cdfs - ok

17:28:42.0210 0x1760 [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

17:28:42.0226 0x1760 cdrom - ok

17:28:42.0335 0x1760 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc C:\Windows\System32\certprop.dll

17:28:42.0351 0x1760 CertPropSvc - ok

17:28:42.0413 0x1760 [ DA8E0AFC7BAA226C538EF53AC2F90897, 2BBB9966671A3B8325D215DBC29FBD7D912C13ADC562A0D4521D1FF9A6F445C0 ] circlass C:\Windows\system32\drivers\circlass.sys

17:28:42.0413 0x1760 circlass - ok

17:28:42.0491 0x1760 [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS C:\Windows\system32\CLFS.sys

17:28:42.0507 0x1760 CLFS - ok

17:28:42.0601 0x1760 [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:28:42.0616 0x1760 clr_optimization_v2.0.50727_32 - ok

17:28:42.0757 0x1760 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

17:28:42.0773 0x1760 clr_optimization_v4.0.30319_32 - ok

17:28:42.0820 0x1760 [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

17:28:42.0835 0x1760 CmBatt - ok

17:28:42.0898 0x1760 [ 45201046C776FFDAF3FC8A0029C581C8, 68A68CF2B76598BC8610EB5B2D3FD5BDC9D51CFC6F51FB7A0B0C92A2BE910FC6 ] cmdide C:\Windows\system32\drivers\cmdide.sys

17:28:42.0898 0x1760 cmdide - ok

17:28:42.0960 0x1760 [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

17:28:42.0960 0x1760 Compbatt - ok

17:28:42.0976 0x1760 COMSysApp - ok

17:28:42.0991 0x1760 [ 2A213AE086BBEC5E937553C7D9A2B22C, 1F91ACC0426E0ED1717555B282F65629EF15021375B24A63C29C89ADE916EE2A ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

17:28:42.0991 0x1760 crcdisk - ok

17:28:43.0054 0x1760 [ 22A7F883508176489F559EE745B5BF5D, D6341E3FBC8A46D2D1F0477FA60EC4828B585D35B14609CD02868FD04ECD14DB ] Crusoe C:\Windows\system32\drivers\crusoe.sys

17:28:43.0070 0x1760 Crusoe - ok

17:28:43.0179 0x1760 [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc C:\Windows\system32\cryptsvc.dll

17:28:43.0195 0x1760 CryptSvc - ok

17:28:43.0304 0x1760 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch C:\Windows\system32\rpcss.dll

17:28:43.0335 0x1760 DcomLaunch - ok

17:28:43.0366 0x1760 [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

17:28:43.0382 0x1760 DfsC - ok

17:28:43.0554 0x1760 [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR C:\Windows\system32\DFSR.exe

17:28:43.0695 0x1760 DFSR - ok

17:28:43.0804 0x1760 [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp C:\Windows\System32\dhcpcsvc.dll

17:28:43.0820 0x1760 Dhcp - ok

17:28:43.0945 0x1760 [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk C:\Windows\system32\drivers\disk.sys

17:28:43.0960 0x1760 disk - ok

17:28:44.0054 0x1760 [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache C:\Windows\System32\dnsrslvr.dll

17:28:44.0070 0x1760 Dnscache - ok

17:28:44.0148 0x1760 [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc C:\Windows\System32\dot3svc.dll

17:28:44.0163 0x1760 dot3svc - ok

17:28:44.0257 0x1760 [ 4F59C172C094E1A1D46463A8DC061CBD, CE09A4ED1F8BA6242E152C384AFF5C3C95FBB8556DAE23765272F13BF158D8F9 ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys

17:28:44.0273 0x1760 Dot4 - ok

17:28:44.0320 0x1760 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5, 69BB5B07D03FA9F28591012F2AA4A583D3F086644C136D63A56D1A827121CC19 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys

17:28:44.0320 0x1760 Dot4Print - ok

17:28:44.0366 0x1760 [ C55004CA6B419B6695970DFE849B122F, 6E0C4A9E24DD09E9389E097AF63E7F5040A0658DDCEBBE963968B7118CFE9AB8 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys

17:28:44.0382 0x1760 dot4usb - ok

17:28:44.0460 0x1760 [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll

17:28:44.0476 0x1760 DPS - ok

17:28:44.0554 0x1760 [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

17:28:44.0554 0x1760 drmkaud - ok

17:28:44.0679 0x1760 [ 5DE0FAEC9E5D1AAE74F8568897891A01, 72E57A7F3591C8ABD3C4DF9842A661049A9B6883A534630EF460D60ACFAA4C9C ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

17:28:44.0757 0x1760 DXGKrnl - ok

17:28:44.0835 0x1760 [ F88FB26547FD2CE6D0A5AF2985892C48, F02E06E16830F5D3FAF61991F5A91E54BB3461F58AFE3BFB7A9066CD302B879F ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys

17:28:44.0835 0x1760 E1G60 - ok

17:28:44.0945 0x1760 [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll

17:28:44.0945 0x1760 EapHost - ok

17:28:45.0023 0x1760 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache C:\Windows\system32\drivers\ecache.sys

17:28:45.0023 0x1760 Ecache - ok

17:28:45.0038 0x1760 ecxmjqbg - ok

17:28:45.0116 0x1760 [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr C:\Windows\ehome\ehRecvr.exe

17:28:45.0132 0x1760 ehRecvr - ok

17:28:45.0195 0x1760 [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched C:\Windows\ehome\ehsched.exe

17:28:45.0210 0x1760 ehSched - ok

17:28:45.0241 0x1760 [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart C:\Windows\ehome\ehstart.dll

17:28:45.0241 0x1760 ehstart - ok

17:28:45.0288 0x1760 [ 7EC42EC12A4BAC14BCCA99FB06F2D125, 6C4761B6727430D11D463C2E3BD0202755BE6598F3585A2B4B8E24DBA6A2EF7B ] elagopro C:\Windows\system32\DRIVERS\elagopro.sys

17:28:45.0304 0x1760 elagopro - ok

17:28:45.0351 0x1760 [ DFEABB7CFFFADEA4A912AB95BDC3177A, 9A93956CF826F419ACB2B3CA8809917E345ACFD43B102EAB18DB46F49859D1C7 ] elaunidr C:\Windows\system32\DRIVERS\elaunidr.sys

17:28:45.0351 0x1760 elaunidr - ok

17:28:45.0382 0x1760 [ E8F3F21A71720C84BCF423B80028359F, 63114E6120F634224A0E83A5047B37C7D6F26CF99FE3C01CFC0AB8B1763BB084 ] elxstor C:\Windows\system32\drivers\elxstor.sys

17:28:45.0398 0x1760 elxstor - ok

17:28:45.0538 0x1760 [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt C:\Windows\system32\emdmgmt.dll

17:28:45.0601 0x1760 EMDMgmt - ok

17:28:45.0726 0x1760 [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem C:\Windows\system32\es.dll

17:28:45.0741 0x1760 EventSystem - ok

17:28:45.0820 0x1760 [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat C:\Windows\system32\drivers\exfat.sys

17:28:45.0820 0x1760 exfat - ok

17:28:45.0851 0x1760 [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat C:\Windows\system32\drivers\fastfat.sys

17:28:45.0851 0x1760 fastfat - ok

17:28:45.0991 0x1760 [ 63BDADA84951B9C03E641800E176898A, AD3EA20CAD0E0C438422D5D39AEA9E0AAD9E1DC866A696AE503C76F5FAC4BE6E ] fdc C:\Windows\system32\DRIVERS\fdc.sys

17:28:45.0991 0x1760 fdc - ok

17:28:46.0054 0x1760 [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll

17:28:46.0070 0x1760 fdPHost - ok

17:28:46.0132 0x1760 [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll

17:28:46.0163 0x1760 FDResPub - ok

17:28:46.0210 0x1760 [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

17:28:46.0210 0x1760 FileInfo - ok

17:28:46.0288 0x1760 [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

17:28:46.0288 0x1760 Filetrace - ok

17:28:46.0304 0x1760 [ 6603957EFF5EC62D25075EA8AC27DE68, B52D112301A6BFBD60959D7D2502AB2E1EB6BB7F5DCED46899F1F006C7F1E887 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

17:28:46.0304 0x1760 flpydisk - ok

17:28:46.0366 0x1760 [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

17:28:46.0382 0x1760 FltMgr - ok

17:28:46.0554 0x1760 [ 8CE364388C8ECA59B14B539179276D44, AD37AD512412A1A0955218A3DA0D6FBE1E30F373153CAF5912EFC076D348FED8 ] FontCache C:\Windows\system32\FntCache.dll

17:28:46.0601 0x1760 FontCache - ok

17:28:46.0695 0x1760 [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

17:28:46.0695 0x1760 FontCache3.0.0.0 - ok

17:28:46.0757 0x1760 [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

17:28:46.0757 0x1760 Fs_Rec - ok

17:28:46.0788 0x1760 [ 4E1CD0A45C50A8882616CAE5BF82F3C5, 1B909AF150F7119A5685999451A85012F4A92F15F38390A281EA507E2D247BAE ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

17:28:46.0804 0x1760 gagp30kx - ok

17:28:46.0898 0x1760 [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc C:\Windows\System32\gpsvc.dll

17:28:46.0945 0x1760 gpsvc - ok

17:28:47.0007 0x1760 [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

17:28:47.0023 0x1760 HdAudAddService - ok

17:28:47.0179 0x1760 [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

17:28:47.0226 0x1760 HDAudBus - ok

17:28:47.0257 0x1760 [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys

17:28:47.0257 0x1760 HidBth - ok

17:28:47.0288 0x1760 [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr C:\Windows\system32\drivers\hidir.sys

17:28:47.0288 0x1760 HidIr - ok

17:28:47.0366 0x1760 [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv C:\Windows\System32\hidserv.dll

17:28:47.0366 0x1760 hidserv - ok

17:28:47.0413 0x1760 [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

17:28:47.0413 0x1760 HidUsb - ok

17:28:47.0445 0x1760 [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll

17:28:47.0445 0x1760 hkmsvc - ok

17:28:47.0507 0x1760 [ DF353B401001246853763C4B7AAA6F50, 05C043493BDD99DEFBB0F5C3D8C475B06C2BF5629565ACF6F3B754002519B836 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

17:28:47.0507 0x1760 HpCISSs - ok

17:28:47.0663 0x1760 [ CC8A7D8A8DC9F357B57796583CF8B85F, 3B00CFBB57F54A2B0900397C219F771AA529DA584F2CDAFD06274D329DD4FE2B ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

17:28:47.0679 0x1760 hpqcxs08 - ok

17:28:47.0741 0x1760 [ 4C2CA71CAAFD2CF1A673FC8DBFD219C4, BA272FA56A9D9DE969B7330588A248BF16316BF48F0653CF09BDE09C2C937FE3 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

17:28:47.0741 0x1760 hpqddsvc - ok

17:28:47.0866 0x1760 [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP C:\Windows\system32\drivers\HTTP.sys

17:28:47.0882 0x1760 HTTP - ok

17:28:47.0929 0x1760 [ 324C2152FF2C61ABAE92D09F3CCA4D63, 2D09964C8003277F7DB1FFAA0DAEF15B205F3C4100FF601950BC9E544DC0B91F ] i2omp C:\Windows\system32\drivers\i2omp.sys

17:28:47.0960 0x1760 i2omp - ok

17:28:48.0023 0x1760 [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

17:28:48.0023 0x1760 i8042prt - ok

17:28:48.0054 0x1760 [ C957BF4B5D80B46C5017BF0101E6C906, 6B9186335E50E7E0DBAF574A224E524EC526B57AA02F509E4A8D0F905C9CE880 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

17:28:48.0070 0x1760 iaStorV - ok

17:28:48.0257 0x1760 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

17:28:48.0273 0x1760 IDriverT - ok

17:28:48.0413 0x1760 [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

17:28:48.0538 0x1760 idsvc - ok

17:28:48.0601 0x1760 [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys

17:28:48.0601 0x1760 iirsp - ok

17:28:48.0679 0x1760 [ 9908D8A397B76CD8D31D0D383C5773C9, FFA6996BE9F11A81CB63C849C2400EB44A07706D1EEB7A3502D4110DAC3684A2 ] IKEEXT C:\Windows\System32\ikeext.dll

17:28:48.0710 0x1760 IKEEXT - ok

17:28:48.0741 0x1760 [ 97469037714070E45194ED318D636401, DDB5AE39BE0BD37ECB44969A5FA740E5B1169342347D0DB3E5DF0353A6708271 ] intelide C:\Windows\system32\drivers\intelide.sys

17:28:48.0741 0x1760 intelide - ok

17:28:48.0773 0x1760 [ CE44CC04262F28216DD4341E9E36A16F, 2B316C4124DCFEAD7838B3D8FB8DBEC3F3B1EA8EA612AABB05B1275D0B230CCD ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

17:28:48.0773 0x1760 intelppm - ok

17:28:48.0820 0x1760 [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

17:28:48.0820 0x1760 IPBusEnum - ok

17:28:48.0866 0x1760 [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:28:48.0866 0x1760 IpFilterDriver - ok

17:28:48.0945 0x1760 [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] IpHlpSvc C:\Windows\System32\iphlpsvc.dll

17:28:48.0960 0x1760 IpHlpSvc - ok

17:28:48.0960 0x1760 IpInIp - ok

17:28:49.0007 0x1760 [ 40F34F8ABA2A015D780E4B09138B6C17, 22F86888C6B4F76836E863A90730D8F0DBD518305D87A399A159387E79E9D2F7 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

17:28:49.0023 0x1760 IPMIDRV - ok

17:28:49.0085 0x1760 [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

17:28:49.0101 0x1760 IPNAT - ok

17:28:49.0132 0x1760 [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys

17:28:49.0148 0x1760 IRENUM - ok

17:28:49.0163 0x1760 [ 350FCA7E73CF65BCEF43FAE1E4E91293, 68403FE3F4DC40919CD26A2CC42BE4386AE6874F47DD382348FFD79080721A13 ] isapnp C:\Windows\system32\drivers\isapnp.sys

17:28:49.0163 0x1760 isapnp - ok

17:28:49.0257 0x1760 [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

17:28:49.0273 0x1760 iScsiPrt - ok

17:28:49.0320 0x1760 [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

17:28:49.0320 0x1760 iteatapi - ok

17:28:49.0351 0x1760 [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys

17:28:49.0351 0x1760 iteraid - ok

17:28:49.0382 0x1760 [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

17:28:49.0382 0x1760 kbdclass - ok

17:28:49.0460 0x1760 [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

17:28:49.0460 0x1760 kbdhid - ok

17:28:49.0491 0x1760 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso C:\Windows\system32\lsass.exe

17:28:49.0491 0x1760 KeyIso - ok

17:28:49.0554 0x1760 [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

17:28:49.0570 0x1760 KSecDD - ok

17:28:49.0695 0x1760 [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll

17:28:49.0710 0x1760 KtmRm - ok

17:28:49.0757 0x1760 [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer C:\Windows\System32\srvsvc.dll

17:28:49.0757 0x1760 LanmanServer - ok

17:28:49.0820 0x1760 [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

17:28:49.0835 0x1760 LanmanWorkstation - ok

17:28:49.0898 0x1760 [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

17:28:49.0898 0x1760 lltdio - ok

17:28:49.0945 0x1760 [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll

17:28:49.0960 0x1760 lltdsvc - ok

17:28:50.0007 0x1760 [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll

17:28:50.0007 0x1760 lmhosts - ok

17:28:50.0085 0x1760 [ A2262FB9F28935E862B4DB46438C80D2, 792684A68726BC007ACABB584682FDF4F059AE60888FB5B47ED68A97EA0BB5E6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

17:28:50.0101 0x1760 LSI_FC - ok

17:28:50.0132 0x1760 [ 30D73327D390F72A62F32C103DAF1D6D, 7BB5BFB0DCF33AF9907539B52DF7BA1943C1E75A17715B58DBC702ACA6D406EA ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

17:28:50.0132 0x1760 LSI_SAS - ok

17:28:50.0195 0x1760 [ E1E36FEFD45849A95F1AB81DE0159FE3, DA02B23A881D156A02D3874B41E6D042F84AD558B434280A6A6AC6B619668647 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

17:28:50.0210 0x1760 LSI_SCSI - ok

17:28:50.0226 0x1760 [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys

17:28:50.0241 0x1760 luafv - ok

17:28:50.0304 0x1760 [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

17:28:50.0320 0x1760 MBAMProtector - ok

17:28:50.0429 0x1760 [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

17:28:50.0491 0x1760 MBAMScheduler - ok

17:28:50.0585 0x1760 [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

17:28:50.0632 0x1760 MBAMService - ok

17:28:50.0695 0x1760 [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

17:28:50.0695 0x1760 Mcx2Svc - ok

17:28:50.0726 0x1760 [ D153B14FC6598EAE8422A2037553ADCE, D5408B07B6EBA0146A605F11106497DC3DF8EC72E0DCC44BE1366A2A58ABE478 ] megasas C:\Windows\system32\drivers\megasas.sys

17:28:50.0741 0x1760 megasas - ok

17:28:50.0757 0x1760 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll

17:28:50.0757 0x1760 MMCSS - ok

17:28:50.0804 0x1760 [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys

17:28:50.0804 0x1760 Modem - ok

17:28:50.0835 0x1760 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

17:28:50.0835 0x1760 monitor - ok

17:28:50.0898 0x1760 [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

17:28:50.0898 0x1760 mouclass - ok

17:28:50.0945 0x1760 [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

17:28:50.0945 0x1760 mouhid - ok

17:28:50.0991 0x1760 [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

17:28:50.0991 0x1760 MountMgr - ok

17:28:51.0054 0x1760 [ E77DC03DD3C8E5A388BF9EED2A28F3D1, ED0DAA975D1EC35CE036F02596218E15CC6A054167628D12A0A5AD91B841F422 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

17:28:51.0070 0x1760 MpFilter - ok

17:28:51.0116 0x1760 [ 583A41F26278D9E0EA548163D6139397, 1F09D2FEEE1A8D4F1D9E53596158154099FD436A408F7E72E40F50778A3838A1 ] mpio C:\Windows\system32\drivers\mpio.sys

17:28:51.0132 0x1760 mpio - ok

17:28:51.0304 0x1760 [ 06D4F934E09C359B0EFBFB3146F1D910, 484F57CD6F8757137F3B3491B8AC8ECF6C6385A666CD1671833DDD9E962AAB4A ] MpKsle18e467f c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{38787966-FE1D-41D3-8D41-86A15C88B395}\MpKsle18e467f.sys

17:28:51.0304 0x1760 MpKsle18e467f - ok

17:28:51.0398 0x1760 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

17:28:51.0398 0x1760 mpsdrv - ok

17:28:51.0523 0x1760 [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc C:\Windows\system32\mpssvc.dll

17:28:51.0585 0x1760 MpsSvc - ok

17:28:51.0663 0x1760 [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

17:28:51.0663 0x1760 Mraid35x - ok

17:28:51.0726 0x1760 [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

17:28:51.0726 0x1760 MRxDAV - ok

17:28:51.0773 0x1760 [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

17:28:51.0773 0x1760 mrxsmb - ok

17:28:51.0835 0x1760 [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:28:51.0851 0x1760 mrxsmb10 - ok

17:28:51.0898 0x1760 [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:28:51.0898 0x1760 mrxsmb20 - ok

17:28:51.0929 0x1760 [ 742AED7939E734C36B7E8D6228CE26B7, 6F727144BBD42C9C5555087CA51DE8D501B5CBEFB9967866CC578733E3C5E681 ] msahci C:\Windows\system32\drivers\msahci.sys

17:28:51.0929 0x1760 msahci - ok

17:28:51.0945 0x1760 [ 3FC82A2AE4CC149165A94699183D3028, 8575BE62A209672A5D8C68D75BBBB4FF06220CA73A939B0793442DAD2272598C ] msdsm C:\Windows\system32\drivers\msdsm.sys

17:28:51.0960 0x1760 msdsm - ok

17:28:51.0991 0x1760 [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe

17:28:52.0023 0x1760 MSDTC - ok

17:28:52.0085 0x1760 [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys

17:28:52.0085 0x1760 Msfs - ok

17:28:52.0116 0x1760 [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

17:28:52.0116 0x1760 msisadrv - ok

17:28:52.0163 0x1760 [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

17:28:52.0179 0x1760 MSiSCSI - ok

17:28:52.0195 0x1760 msiserver - ok

17:28:52.0288 0x1760 [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

17:28:52.0304 0x1760 MSKSSRV - ok

17:28:52.0366 0x1760 [ B0F49DA36F30922F5DDC3B623B778FCE, EE025AEFA4A2095AFEABFB3A49639DA77D78068A3F5EEDA6C15D34853AFD5609 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

17:28:52.0366 0x1760 MsMpSvc - ok

17:28:52.0413 0x1760 [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

17:28:52.0413 0x1760 MSPCLOCK - ok

17:28:52.0476 0x1760 [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

17:28:52.0476 0x1760 MSPQM - ok

17:28:52.0570 0x1760 [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

17:28:52.0585 0x1760 MsRPC - ok

17:28:52.0648 0x1760 [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

17:28:52.0648 0x1760 mssmbios - ok

17:28:52.0663 0x1760 [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

17:28:52.0663 0x1760 MSTEE - ok

17:28:52.0726 0x1760 [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup C:\Windows\system32\Drivers\mup.sys

17:28:52.0726 0x1760 Mup - ok

17:28:52.0804 0x1760 [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent C:\Windows\system32\qagentRT.dll

17:28:52.0820 0x1760 napagent - ok

17:28:52.0913 0x1760 [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

17:28:52.0913 0x1760 NativeWifiP - ok

17:28:53.0007 0x1760 [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS C:\Windows\system32\drivers\ndis.sys

17:28:53.0023 0x1760 NDIS - ok

17:28:53.0070 0x1760 [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

17:28:53.0085 0x1760 NdisTapi - ok

17:28:53.0116 0x1760 [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

17:28:53.0116 0x1760 Ndisuio - ok

17:28:53.0195 0x1760 [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

17:28:53.0210 0x1760 NdisWan - ok

17:28:53.0257 0x1760 [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

17:28:53.0257 0x1760 NDProxy - ok

17:28:53.0320 0x1760 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3, 29ACA9D8A5426333F75858D9D3960A4DCDDA4ACC986B3E9E37D255E4FAECDB7C ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

17:28:53.0320 0x1760 Net Driver HPZ12 - ok

17:28:53.0382 0x1760 [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

17:28:53.0382 0x1760 NetBIOS - ok

17:28:53.0445 0x1760 [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt C:\Windows\system32\DRIVERS\netbt.sys

17:28:53.0460 0x1760 netbt - ok

17:28:53.0507 0x1760 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon C:\Windows\system32\lsass.exe

17:28:53.0507 0x1760 Netlogon - ok

17:28:53.0554 0x1760 [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll

17:28:53.0554 0x1760 Netman - ok

17:28:53.0632 0x1760 [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll

17:28:53.0648 0x1760 netprofm - ok

17:28:53.0710 0x1760 [ D6C4E4A39A36029AC0813D476FBD0248, A0907D98580D1CD3007365CBBB53E84BEF39001E05912776F68EB0564B54B6EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

17:28:53.0726 0x1760 NetTcpPortSharing - ok

17:28:53.0757 0x1760 [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

17:28:53.0773 0x1760 nfrd960 - ok

17:28:53.0820 0x1760 [ 32FF06EC6D946EF791D98D6C838A3090, 319BDD491CB22D0CCCCE76A2854CF469D7AF046289F9C56CD03AE3D3CBC0275E ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

17:28:53.0820 0x1760 NisDrv - ok

17:28:53.0882 0x1760 [ 42D33042371BFB1A7D40834590CAFD30, 53DA3618EC10293B2DF686E291A4EF6ACBBD41D116EC762D54106D201A784E87 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe

17:28:53.0882 0x1760 NisSrv - ok

17:28:53.0960 0x1760 [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc C:\Windows\System32\nlasvc.dll

17:28:53.0976 0x1760 NlaSvc - ok

17:28:54.0023 0x1760 [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs C:\Windows\system32\drivers\Npfs.sys

17:28:54.0038 0x1760 Npfs - ok

17:28:54.0101 0x1760 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll

17:28:54.0101 0x1760 nsi - ok

17:28:54.0132 0x1760 [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

17:28:54.0132 0x1760 nsiproxy - ok

17:28:54.0273 0x1760 [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

17:28:54.0382 0x1760 Ntfs - ok

17:28:54.0445 0x1760 [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys

17:28:54.0445 0x1760 ntrigdigi - ok

17:28:54.0491 0x1760 [ CF7E041663119E09D2E118521ADA9300, 0BDDEDA787CCBE34D515945717AF972143A3684F6D37F87B639D6A5371F381CC ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys

17:28:54.0491 0x1760 NuidFltr - ok

17:28:54.0538 0x1760 [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys

17:28:54.0538 0x1760 Null - ok

17:28:54.0554 0x1760 [ E69E946F80C1C31C53003BFBF50CBB7C, A0A4BC57822B2CBC75602A969E28DCEDE04B41CC084E1EF1532B1BCDAEAA43BB ] nvraid C:\Windows\system32\drivers\nvraid.sys

17:28:54.0554 0x1760 nvraid - ok

17:28:54.0570 0x1760 [ 9E0BA19A28C498A6D323D065DB76DFFC, EA9E33ED2820ED39932FAE114A9CF1D87780ED6605D0260A6F22F920B48F34E9 ] nvstor C:\Windows\system32\drivers\nvstor.sys

17:28:54.0585 0x1760 nvstor - ok

17:28:54.0648 0x1760 [ 07C186427EB8FCC3D8D7927187F260F7, 9AFDE1CB7B7232BD019804BFC691580B9CC2E51A5BC0E5584B23907D532600D8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

Share this post


Link to post
Share on other sites

TDSSKiller 2

 

17:28:54.0663 0x1760 nv_agp - ok

17:28:54.0679 0x1760 NwlnkFlt - ok

17:28:54.0679 0x1760 NwlnkFwd - ok

17:28:54.0866 0x1760 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

17:28:54.0913 0x1760 odserv - ok

17:28:55.0007 0x1760 [ 6F310E890D46E246E0E261A63D9B36B4, 7050B0C43CC0DF2DDAD3EB8D2FF9EEE425A627C68654CBB154D55A4B1A47AA08 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

17:28:55.0007 0x1760 ohci1394 - ok

17:28:55.0054 0x1760 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

17:28:55.0070 0x1760 ose - ok

17:28:55.0163 0x1760 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc C:\Windows\system32\p2psvc.dll

17:28:55.0226 0x1760 p2pimsvc - ok

17:28:55.0257 0x1760 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc C:\Windows\system32\p2psvc.dll

17:28:55.0288 0x1760 p2psvc - ok

17:28:55.0335 0x1760 [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport C:\Windows\system32\drivers\parport.sys

17:28:55.0335 0x1760 Parport - ok

17:28:55.0382 0x1760 [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr C:\Windows\system32\drivers\partmgr.sys

17:28:55.0382 0x1760 partmgr - ok

17:28:55.0398 0x1760 [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm C:\Windows\system32\drivers\parvdm.sys

17:28:55.0398 0x1760 Parvdm - ok

17:28:55.0460 0x1760 [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll

17:28:55.0460 0x1760 PcaSvc - ok

17:28:55.0538 0x1760 [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci C:\Windows\system32\drivers\pci.sys

17:28:55.0538 0x1760 pci - ok

17:28:55.0601 0x1760 [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide C:\Windows\system32\drivers\pciide.sys

17:28:55.0601 0x1760 pciide - ok

17:28:55.0726 0x1760 [ 3BB2244F343B610C29C98035504C9B75, DA61EC2600199DFA32020D0484E9BBF5E0742E7C8C952370BF6FAF91C914A999 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

17:28:55.0788 0x1760 pcmcia - ok

17:28:55.0866 0x1760 [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys

17:28:55.0945 0x1760 PEAUTH - ok

17:28:56.0101 0x1760 [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll

17:28:56.0163 0x1760 pla - ok

17:28:56.0210 0x1760 [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay C:\Windows\system32\umpnpmgr.dll

17:28:56.0226 0x1760 PlugPlay - ok

17:28:56.0335 0x1760 [ 79834AA2FBF9FE81EEBB229024F6F7FC, 4E243765C11AE9B5D003C3220B8AA0C4671B2627221D2323F80189CA3A307FEF ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

17:28:56.0351 0x1760 Pml Driver HPZ12 - ok

17:28:56.0398 0x1760 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

17:28:56.0460 0x1760 PNRPAutoReg - ok

17:28:56.0507 0x1760 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc C:\Windows\system32\p2psvc.dll

17:28:56.0523 0x1760 PNRPsvc - ok

17:28:56.0648 0x1760 [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

17:28:56.0679 0x1760 PolicyAgent - ok

17:28:56.0741 0x1760 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

17:28:56.0757 0x1760 PptpMiniport - ok

17:28:56.0820 0x1760 [ 6135B976E16F80C1B1363BE882344785, 57905ED033C9D1ADD439B9708EFE6E25C9F5B5EC9F85FF083A7FAE2E0DE99FE5 ] PrismXL C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

17:28:56.0820 0x1760 PrismXL - ok

17:28:56.0866 0x1760 [ 0E3CEF5D28B40CF273281D620C50700A, 8ADA99B4563AE2129B95136295EE92A94102B035EBBC83D4C8587ECE8B0DEE60 ] Processor C:\Windows\system32\drivers\processr.sys

17:28:56.0866 0x1760 Processor - ok

17:28:56.0929 0x1760 [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc C:\Windows\system32\profsvc.dll

17:28:56.0945 0x1760 ProfSvc - ok

17:28:56.0976 0x1760 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe

17:28:56.0976 0x1760 ProtectedStorage - ok

17:28:57.0038 0x1760 [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched C:\Windows\system32\DRIVERS\pacer.sys

17:28:57.0054 0x1760 PSched - ok

17:28:57.0163 0x1760 [ 35DD92AF8B4EC79162A6A013884797AF, 5BB447C279E1306010A5DB4EE181D729BC081DC0C44AA38BF4F80D99E624F497 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

17:28:57.0179 0x1760 QBCFMonitorService - ok

17:28:57.0241 0x1760 [ 6BEE1814470DC12FA20C53DFC3C97EBB, 91E8C22E54A090966E9B96395392B2C03A32DB1AF8DB2289E2EA9460F0A76C0F ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

17:28:57.0257 0x1760 QBFCService - ok

17:28:57.0429 0x1760 [ CCDAC889326317792480C0A67156A1EC, 3D3B561B6D4E12DE442C98993C929765F002AF5CFB5A00EFACE6ABE957F7E8AF ] ql2300 C:\Windows\system32\drivers\ql2300.sys

17:28:57.0538 0x1760 ql2300 - ok

17:28:57.0585 0x1760 [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

17:28:57.0601 0x1760 ql40xx - ok

17:28:57.0679 0x1760 [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll

17:28:57.0710 0x1760 QWAVE - ok

17:28:57.0773 0x1760 [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

17:28:57.0773 0x1760 QWAVEdrv - ok

17:28:58.0054 0x1760 [ 7E8137D2AC9A1EF283F2823B0F17E267, BBB67B4F7989737633724DB24A9C831828D160518DFFD4DB3987AB0FA463C05B ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys

17:28:58.0226 0x1760 R300 - ok

17:28:58.0273 0x1760 [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

17:28:58.0273 0x1760 RasAcd - ok

17:28:58.0335 0x1760 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll

17:28:58.0335 0x1760 RasAuto - ok

17:28:58.0382 0x1760 [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

17:28:58.0398 0x1760 Rasl2tp - ok

17:28:58.0476 0x1760 [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan C:\Windows\System32\rasmans.dll

17:28:58.0476 0x1760 RasMan - ok

17:28:58.0538 0x1760 [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

17:28:58.0554 0x1760 RasPppoe - ok

17:28:58.0601 0x1760 [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

17:28:58.0616 0x1760 RasSstp - ok

17:28:58.0679 0x1760 [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

17:28:58.0695 0x1760 rdbss - ok

17:28:58.0757 0x1760 [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

17:28:58.0757 0x1760 RDPCDD - ok

17:28:58.0851 0x1760 [ E8BD98D46F2ED77132BA927FCCB47D8B, 5187CF8F00AD67EDDF27DF675F3210C0D72E552578A89C58DF6953B1D5BEBCB8 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

17:28:58.0866 0x1760 rdpdr - ok

17:28:58.0882 0x1760 [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

17:28:58.0882 0x1760 RDPENCDD - ok

17:28:58.0929 0x1760 [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

17:28:58.0929 0x1760 RDPWD - ok

17:28:59.0007 0x1760 [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry C:\Windows\system32\regsvc.dll

17:28:59.0007 0x1760 RemoteRegistry - ok

17:28:59.0038 0x1760 [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe

17:28:59.0054 0x1760 RpcLocator - ok

17:28:59.0101 0x1760 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs C:\Windows\system32\rpcss.dll

17:28:59.0116 0x1760 RpcSs - ok

17:28:59.0163 0x1760 [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

17:28:59.0163 0x1760 rspndr - ok

17:28:59.0257 0x1760 [ 6D53F52B54BDE4D98C9820AAF883B758, B35231F21ECDCE84397BA4E06B8120BACF68DC850BA73C16494AAA1FD574F9BB ] RTL8187 C:\Windows\system32\DRIVERS\RTL8187.sys

17:28:59.0273 0x1760 RTL8187 - ok

17:28:59.0273 0x1760 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs C:\Windows\system32\lsass.exe

17:28:59.0273 0x1760 SamSs - ok

17:28:59.0320 0x1760 [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

17:28:59.0335 0x1760 sbp2port - ok

17:28:59.0413 0x1760 [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr C:\Windows\System32\SCardSvr.dll

17:28:59.0413 0x1760 SCardSvr - ok

17:28:59.0507 0x1760 [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule C:\Windows\system32\schedsvc.dll

17:28:59.0570 0x1760 Schedule - ok

17:28:59.0632 0x1760 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc C:\Windows\System32\certprop.dll

17:28:59.0648 0x1760 SCPolicySvc - ok

17:28:59.0679 0x1760 [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll

17:28:59.0679 0x1760 SDRSVC - ok

17:28:59.0741 0x1760 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys

17:28:59.0741 0x1760 secdrv - ok

17:28:59.0788 0x1760 [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll

17:28:59.0788 0x1760 seclogon - ok

17:28:59.0835 0x1760 [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\system32\sens.dll

17:28:59.0851 0x1760 SENS - ok

17:28:59.0882 0x1760 [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum C:\Windows\system32\drivers\serenum.sys

17:28:59.0882 0x1760 Serenum - ok

17:28:59.0960 0x1760 [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial C:\Windows\system32\drivers\serial.sys

17:28:59.0976 0x1760 Serial - ok

17:28:59.0991 0x1760 [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys

17:28:59.0991 0x1760 sermouse - ok

17:29:00.0054 0x1760 [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll

17:29:00.0070 0x1760 SessionEnv - ok

17:29:00.0085 0x1760 [ 103B79418DA647736EE95645F305F68A, E4D356FD8C62B616D3584FE84905995A1CEE452288E3A456CC358FF41FEAB1B7 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

17:29:00.0085 0x1760 sffdisk - ok

17:29:00.0101 0x1760 [ 8FD08A310645FE872EEEC6E08C6BF3EE, 702A148C9DE172E7B5E331F057487255E0729FD42F949BB0FF2D5A01775933CF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

17:29:00.0116 0x1760 sffp_mmc - ok

17:29:00.0116 0x1760 [ 9CFA05FCFCB7124E69CFC812B72F9614, E9CFCE695E4D1AF146781CFAA295878536E573F06AEA65438878DE29EC9959AD ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

17:29:00.0116 0x1760 sffp_sd - ok

17:29:00.0148 0x1760 [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

17:29:00.0148 0x1760 sfloppy - ok

17:29:00.0179 0x1760 [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess C:\Windows\System32\ipnathlp.dll

17:29:00.0195 0x1760 SharedAccess - ok

17:29:00.0288 0x1760 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

17:29:00.0288 0x1760 ShellHWDetection - ok

17:29:00.0335 0x1760 [ D2A595D6EEBEEAF4334F8E50EFBC9931, 851B8205C657BF806C4D815DC75356E99B4246016B6E1C1F51BAF8AD1E6D5299 ] sisagp C:\Windows\system32\drivers\sisagp.sys

17:29:00.0351 0x1760 sisagp - ok

17:29:00.0366 0x1760 [ CEDD6F4E7D84E9F98B34B3FE988373AA, E102977E6FAC30B5ABEEC0B412A9F2A10C5C42F4D9C3AD69296BF9E1E88B6141 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

17:29:00.0366 0x1760 SiSRaid2 - ok

17:29:00.0382 0x1760 [ DF843C528C4F69D12CE41CE462E973A7, A2BEC74FCB8D8B6B9D8DD4746C013DFDF1DD662AEFE9B88CA495E5B83B4A76F9 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

17:29:00.0382 0x1760 SiSRaid4 - ok

17:29:00.0679 0x1760 [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc C:\Windows\system32\SLsvc.exe

17:29:00.0788 0x1760 slsvc - ok

17:29:00.0882 0x1760 [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify C:\Windows\system32\SLUINotify.dll

17:29:00.0882 0x1760 SLUINotify - ok

17:29:00.0960 0x1760 [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb C:\Windows\system32\DRIVERS\smb.sys

17:29:00.0976 0x1760 Smb - ok

17:29:01.0070 0x1760 [ 63B3B77BDB67EE674771C0E6FB96DA9E, 2A207BBD42BBF3C926E8726F0D7D26CA6B76D2373AE20E8348D15434CCE4AABA ] smserial C:\Windows\system32\DRIVERS\smserial.sys

17:29:01.0101 0x1760 smserial - ok

17:29:01.0148 0x1760 [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

17:29:01.0148 0x1760 SNMPTRAP - ok

17:29:01.0179 0x1760 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys

17:29:01.0179 0x1760 spldr - ok

17:29:01.0241 0x1760 [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler C:\Windows\System32\spoolsv.exe

17:29:01.0257 0x1760 Spooler - ok

17:29:01.0398 0x1760 [ 71E276F6D189413266EA22171806597B, AF3DF0DEF023ADBC81D742424B57581D7680FA4FA64B761BEAEEE60C9FCD34BF ] sptd C:\Windows\system32\Drivers\sptd.sys

17:29:01.0413 0x1760 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\sptd.sys. md5: 71E276F6D189413266EA22171806597B, sha256: AF3DF0DEF023ADBC81D742424B57581D7680FA4FA64B761BEAEEE60C9FCD34BF

17:29:01.0413 0x1760 sptd - detected LockedFile.Multi.Generic ( 1 )

17:29:06.0866 0x1760 Detect skipped due to KSN trusted

17:29:06.0866 0x1760 sptd - ok

17:29:06.0945 0x1760 [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv C:\Windows\system32\DRIVERS\srv.sys

17:29:06.0976 0x1760 srv - ok

17:29:07.0085 0x1760 [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

17:29:07.0101 0x1760 srv2 - ok

17:29:07.0179 0x1760 [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

17:29:07.0195 0x1760 srvnet - ok

17:29:07.0257 0x1760 [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

17:29:07.0273 0x1760 SSDPSRV - ok

17:29:07.0335 0x1760 [ D3AD8D2E550B262694B024D1EB1EFFFC, 0D99EBC1783DAEAD31983F66D5EE120095D8F5ADA55618F7C6E30AA5D5C1B64F ] SSFS0BB9 C:\Windows\system32\Drivers\SSFS0BB9.SYS

17:29:07.0335 0x1760 SSFS0BB9 - ok

17:29:07.0366 0x1760 [ 4D0E7A4BEFAD963D3AECFAC12FDEFF16, 391DBAB92C9D398C56CB4822444C896494D913A739EF86A1285F8B05952835E3 ] SSHRMD C:\Windows\system32\Drivers\SSHRMD.SYS

17:29:07.0366 0x1760 SSHRMD - ok

17:29:07.0429 0x1760 [ 43EEDDC9B9B8ACCDB4A914BA893C73DE, E500217B3B20EFE329F500C0774C01AF31567F67CD771E77F3A846B8FDE4A836 ] SSIDRV C:\Windows\system32\Drivers\SSIDRV.SYS

17:29:07.0445 0x1760 SSIDRV - ok

17:29:07.0491 0x1760 [ 8564BC9598BE1705477B7FA61D657C2B, 6B032A9BCFC3806B6F97D6E5633391C4954230AD87EC4956C9621CF9982CB6EF ] SSKBFD C:\Windows\system32\Drivers\sskbfd.sys

17:29:07.0491 0x1760 SSKBFD - ok

17:29:07.0570 0x1760 [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc C:\Windows\system32\sstpsvc.dll

17:29:07.0585 0x1760 SstpSvc - ok

17:29:07.0695 0x1760 [ 569758FBABA0330D1B7F1E141B8BC2A0, 585606BECA40B37F5FCA9B694D879FF32358CF187C8E4CE1DC996A88168E24BC ] STHDA C:\Windows\system32\drivers\stwrt.sys

17:29:07.0773 0x1760 STHDA - ok

17:29:07.0866 0x1760 [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc C:\Windows\System32\wiaservc.dll

17:29:07.0898 0x1760 stisvc - ok

17:29:07.0945 0x1760 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum C:\Windows\system32\DRIVERS\swenum.sys

17:29:07.0960 0x1760 swenum - ok

17:29:08.0023 0x1760 [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv C:\Windows\System32\swprv.dll

17:29:08.0038 0x1760 swprv - ok

17:29:08.0070 0x1760 [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

17:29:08.0070 0x1760 Symc8xx - ok

17:29:08.0085 0x1760 [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

17:29:08.0101 0x1760 Sym_hi - ok

17:29:08.0116 0x1760 [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

17:29:08.0116 0x1760 Sym_u3 - ok

17:29:08.0163 0x1760 [ 1F452F22DF0C00DD2529867E1EA0DC25, 9DF1A505859F55F2235DD9A4165DAF0771F5DCBCEB8DF845E891BAF4607A6315 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

17:29:08.0163 0x1760 SynTP - ok

17:29:08.0288 0x1760 [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain C:\Windows\system32\sysmain.dll

17:29:08.0320 0x1760 SysMain - ok

17:29:08.0382 0x1760 [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll

17:29:08.0398 0x1760 TabletInputService - ok

17:29:08.0460 0x1760 [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv C:\Windows\System32\tapisrv.dll

17:29:08.0476 0x1760 TapiSrv - ok

17:29:08.0507 0x1760 [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS C:\Windows\System32\tbssvc.dll

17:29:08.0523 0x1760 TBS - ok

17:29:08.0601 0x1760 [ EE7E10BED85C312C1D5D30C435BDDA9F, 091EDBE02845E462CB2A30B02D51741F1E6B9CD4B4D2EB683BE9FBD9BD27132A ] Tcpip C:\Windows\system32\drivers\tcpip.sys

17:29:08.0695 0x1760 Tcpip - ok

17:29:08.0773 0x1760 [ EE7E10BED85C312C1D5D30C435BDDA9F, 091EDBE02845E462CB2A30B02D51741F1E6B9CD4B4D2EB683BE9FBD9BD27132A ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

17:29:08.0804 0x1760 Tcpip6 - ok

17:29:08.0882 0x1760 [ 2C2D4CFF5E09C73908F9B5AF49A51365, C356BBF68146188D06E48C3E5C4027FC80743DCC2EFF05BC6A88C0A05B908B32 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

17:29:08.0882 0x1760 tcpipreg - ok

17:29:08.0945 0x1760 [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

17:29:08.0945 0x1760 TDPIPE - ok

17:29:08.0991 0x1760 [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

17:29:08.0991 0x1760 TDTCP - ok

17:29:09.0070 0x1760 [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

17:29:09.0085 0x1760 tdx - ok

17:29:09.0148 0x1760 [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

17:29:09.0148 0x1760 TermDD - ok

17:29:09.0226 0x1760 [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService C:\Windows\System32\termsrv.dll

17:29:09.0257 0x1760 TermService - ok

17:29:09.0320 0x1760 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes C:\Windows\system32\shsvcs.dll

17:29:09.0335 0x1760 Themes - ok

17:29:09.0366 0x1760 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER C:\Windows\system32\mmcss.dll

17:29:09.0366 0x1760 THREADORDER - ok

17:29:09.0398 0x1760 [ F779BA4CD37963AB4600C9871B7752A3, 57CDADC5F089D03A800EF52F02C0B2F77B0AA9EFDF3CFD837452D699404A058E ] tifm21 C:\Windows\system32\drivers\tifm21.sys

17:29:09.0398 0x1760 tifm21 - ok

17:29:09.0445 0x1760 [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks C:\Windows\System32\trkwks.dll

17:29:09.0445 0x1760 TrkWks - ok

17:29:09.0570 0x1760 [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

17:29:09.0570 0x1760 TrustedInstaller - ok

17:29:09.0616 0x1760 [ DCF0F056A2E4F52287264F5AB29CF206, D9F770BD65AE4320A8C130DEA1D093AA4E37FCA573BBE6A59D6D045452EA711D ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

17:29:09.0632 0x1760 tssecsrv - ok

17:29:09.0710 0x1760 [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

17:29:09.0710 0x1760 tunmp - ok

17:29:09.0741 0x1760 [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

17:29:09.0741 0x1760 tunnel - ok

17:29:09.0788 0x1760 [ C3ADE15414120033A36C0F293D4A4121, 74A002C4B5EBD94E33EDEACB6639AF44ED72A8DDE3083C6DE71C1EE937EF1A9C ] uagp35 C:\Windows\system32\drivers\uagp35.sys

17:29:09.0788 0x1760 uagp35 - ok

17:29:09.0851 0x1760 [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs C:\Windows\system32\DRIVERS\udfs.sys

17:29:09.0851 0x1760 udfs - ok

17:29:09.0898 0x1760 [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

17:29:09.0913 0x1760 UI0Detect - ok

17:29:09.0929 0x1760 [ 75E6890EBFCE0841D3291B02E7A8BDB0, FDF9CDCCCCC0AA2A52623C5A67AC5F5224557EE4C8F6487CB13CAEB012575E2A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

17:29:09.0945 0x1760 uliagpkx - ok

17:29:10.0023 0x1760 [ 3CD4EA35A6221B85DCC25DAA46313F8D, 100A7E12B8EA395F70A00874328E87B930CE88FF442F3576FE88B105A22E04C5 ] uliahci C:\Windows\system32\drivers\uliahci.sys

17:29:10.0038 0x1760 uliahci - ok

17:29:10.0101 0x1760 [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata C:\Windows\system32\drivers\ulsata.sys

17:29:10.0101 0x1760 UlSata - ok

17:29:10.0163 0x1760 [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

17:29:10.0163 0x1760 ulsata2 - ok

17:29:10.0226 0x1760 [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus C:\Windows\system32\DRIVERS\umbus.sys

17:29:10.0241 0x1760 umbus - ok

17:29:10.0304 0x1760 [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost C:\Windows\System32\upnphost.dll

17:29:10.0335 0x1760 upnphost - ok

17:29:10.0398 0x1760 [ CAF811AE4C147FFCD5B51750C7F09142, BD670CF88D8F932AD1C6BA91FB68A7204BC473657C6A057C92AFB84D164D393C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

17:29:10.0398 0x1760 usbccgp - ok

17:29:10.0413 0x1760 [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir C:\Windows\system32\drivers\usbcir.sys

17:29:10.0429 0x1760 usbcir - ok

17:29:10.0507 0x1760 [ 79E96C23A97CE7B8F14D310DA2DB0C9B, EB441D3B93965CD927E0C181031AD1082F59F9885BF35CABFDCA08C6C76B0DAF ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

17:29:10.0507 0x1760 usbehci - ok

17:29:10.0570 0x1760 [ 4673BBCB006AF60E7ABDDBE7A130BA42, 0B7DED0D887A3530AA5497FDBCB69389486FB9E2B6FAE3163E33713256D575BA ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

17:29:10.0585 0x1760 usbhub - ok

17:29:10.0648 0x1760 [ CE697FEE0D479290D89BEC80DFE793B7, D10F6BAD0467672CCE4F97C7F2E13437CE89AC754C895EAE05F0726B6DC617B1 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

17:29:10.0648 0x1760 usbohci - ok

17:29:10.0695 0x1760 [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

17:29:10.0695 0x1760 usbprint - ok

17:29:10.0741 0x1760 [ A508C9BD8724980512136B039BBA65E9, B39B72471C468AC997AEC528599EDC98A031F5A7EB91C4F9471402D48D2D4E3E ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

17:29:10.0741 0x1760 usbscan - ok

17:29:10.0788 0x1760 [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:29:10.0788 0x1760 USBSTOR - ok

17:29:10.0851 0x1760 [ 325DBBACB8A36AF9988CCF40EAC228CC, 22FE5658A12296634FBE9D8565485BEE8CB200C47182F70DC9D2B0442E10C4AA ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

17:29:10.0866 0x1760 usbuhci - ok

17:29:10.0929 0x1760 [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms C:\Windows\System32\uxsms.dll

17:29:10.0945 0x1760 UxSms - ok

17:29:10.0991 0x1760 [ 9BF2EA54E5ED5ACDF96F1DEC84C117C4, 75522AD77ACD8D090582D6721CE985EE55389CCA856DF6E42CFBE35A78831063 ] VClone C:\Windows\system32\DRIVERS\VClone.sys

17:29:10.0991 0x1760 VClone - ok

17:29:11.0101 0x1760 [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds C:\Windows\System32\vds.exe

17:29:11.0132 0x1760 vds - ok

17:29:11.0195 0x1760 [ 7D92BE0028ECDEDEC74617009084B5EF, D0749CE6FA3415BA4364299F8D6D53F133E8D2F44C6F1057996243415A540A53 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

17:29:11.0195 0x1760 vga - ok

17:29:11.0241 0x1760 [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave C:\Windows\System32\drivers\vga.sys

17:29:11.0241 0x1760 VgaSave - ok

17:29:11.0257 0x1760 [ 045D9961E591CF0674A920B6BA3BA5CB, EBF498A0424CEA0F7ECBAAE144A8669CE6B5DD67115DE22CEC5A46AED26CD90B ] viaagp C:\Windows\system32\drivers\viaagp.sys

17:29:11.0288 0x1760 viaagp - ok

17:29:11.0320 0x1760 [ 56A4DE5F02F2E88182B0981119B4DD98, 36FC94BCFD41907838DBCB02E6EA24065FDED4224239CD19E90D14433BE9108B ] ViaC7 C:\Windows\system32\drivers\viac7.sys

17:29:11.0320 0x1760 ViaC7 - ok

17:29:11.0335 0x1760 [ FD2E3175FCADA350C7AB4521DCA187EC, 1C914B184478611A27E0141F90EBC34FC63DFB2A83441DD36DFA43D945FB1C52 ] viaide C:\Windows\system32\drivers\viaide.sys

17:29:11.0335 0x1760 viaide - ok

17:29:11.0366 0x1760 [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr C:\Windows\system32\drivers\volmgr.sys

17:29:11.0382 0x1760 volmgr - ok

17:29:11.0491 0x1760 [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

17:29:11.0507 0x1760 volmgrx - ok

17:29:11.0570 0x1760 [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap C:\Windows\system32\drivers\volsnap.sys

17:29:11.0601 0x1760 volsnap - ok

17:29:11.0679 0x1760 [ D984439746D42B30FC65A4C3546C6829, B134A9890638C2B4964A9C30812A2828A3E0CC641690CBF22D9FCE65EE3C2385 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

17:29:11.0679 0x1760 vsmraid - ok

17:29:11.0804 0x1760 [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS C:\Windows\system32\vssvc.exe

17:29:11.0913 0x1760 VSS - ok

17:29:11.0991 0x1760 [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time C:\Windows\system32\w32time.dll

17:29:12.0007 0x1760 W32Time - ok

17:29:12.0038 0x1760 [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

17:29:12.0038 0x1760 WacomPen - ok

17:29:12.0085 0x1760 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

17:29:12.0085 0x1760 Wanarp - ok

17:29:12.0101 0x1760 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

17:29:12.0101 0x1760 Wanarpv6 - ok

17:29:12.0179 0x1760 [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc C:\Windows\System32\wcncsvc.dll

17:29:12.0195 0x1760 wcncsvc - ok

17:29:12.0273 0x1760 [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

17:29:12.0273 0x1760 WcsPlugInService - ok

17:29:12.0335 0x1760 [ AFC5AD65B991C1E205CF25CFDBF7A6F4, 544173AE85A11B99B9221DB30B6803DAEB3EB7FCA57FE62F0D13EF70B9C69A89 ] Wd C:\Windows\system32\drivers\wd.sys

17:29:12.0351 0x1760 Wd - ok

17:29:12.0507 0x1760 [ A840213F1ACDCC175B4D1D5AAEAC0D7A, B20F7CAEEA790290072BC170EBEEADB4C19E1C40DB0B3FE0D4A640D0D82300D6 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

17:29:12.0538 0x1760 Wdf01000 - ok

17:29:12.0585 0x1760 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost C:\Windows\system32\wdi.dll

17:29:12.0585 0x1760 WdiServiceHost - ok

17:29:12.0601 0x1760 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost C:\Windows\system32\wdi.dll

17:29:12.0601 0x1760 WdiSystemHost - ok

17:29:12.0663 0x1760 [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient C:\Windows\System32\webclnt.dll

17:29:12.0679 0x1760 WebClient - ok

17:29:13.0023 0x1760 [ 36DE9BB8535A25A35F1BD034B9235A44, EB36C38148703758D2B09E1DD708E91DE383823FE9CE091A76B97B8D6864DF3D ] WebrootSpySweeperService C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

17:29:13.0148 0x1760 WebrootSpySweeperService - ok

17:29:13.0210 0x1760 [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc C:\Windows\system32\wecsvc.dll

17:29:13.0226 0x1760 Wecsvc - ok

17:29:13.0273 0x1760 [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport C:\Windows\System32\wercplsupport.dll

17:29:13.0288 0x1760 wercplsupport - ok

17:29:13.0351 0x1760 [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc C:\Windows\System32\WerSvc.dll

17:29:13.0351 0x1760 WerSvc - ok

17:29:13.0538 0x1760 [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

17:29:13.0632 0x1760 WinDefend - ok

17:29:13.0648 0x1760 WinHttpAutoProxySvc - ok

17:29:13.0788 0x1760 [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

17:29:13.0788 0x1760 Winmgmt - ok

17:29:13.0960 0x1760 [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM C:\Windows\system32\WsmSvc.dll

17:29:14.0038 0x1760 WinRM - ok

17:29:14.0116 0x1760 [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc C:\Windows\System32\wlansvc.dll

17:29:14.0179 0x1760 Wlansvc - ok

17:29:14.0241 0x1760 [ 701A9F884A294327E9141D73746EE279, C8A46B8C32F9EAC7848D385473F6B5C4B6DA719A941A75AD5F081757FC07A09D ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

17:29:14.0273 0x1760 WmiAcpi - ok

17:29:14.0335 0x1760 [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

17:29:14.0335 0x1760 wmiApSrv - ok

17:29:14.0491 0x1760 [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

17:29:14.0570 0x1760 WMPNetworkSvc - ok

17:29:14.0632 0x1760 [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc C:\Windows\System32\wpcsvc.dll

17:29:14.0648 0x1760 WPCSvc - ok

17:29:14.0710 0x1760 [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

17:29:14.0726 0x1760 WPDBusEnum - ok

17:29:14.0773 0x1760 [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys

17:29:14.0773 0x1760 WpdUsb - ok

17:29:15.0007 0x1760 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

17:29:15.0054 0x1760 WPFFontCache_v0400 - ok

17:29:15.0085 0x1760 [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

17:29:15.0101 0x1760 ws2ifsl - ok

17:29:15.0163 0x1760 [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc C:\Windows\system32\wscsvc.dll

17:29:15.0163 0x1760 wscsvc - ok

17:29:15.0288 0x1760 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7, B010DCC7B802C26A701A7DE1CA1B21D6B43D99FE88524D015C9228376B0BDA6E ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys

17:29:15.0288 0x1760 WSDPrintDevice - ok

17:29:15.0304 0x1760 WSearch - ok

17:29:15.0554 0x1760 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll

17:29:15.0648 0x1760 wuauserv - ok

17:29:15.0741 0x1760 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

17:29:15.0741 0x1760 WudfPf - ok

17:29:15.0804 0x1760 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

17:29:15.0820 0x1760 WUDFRd - ok

17:29:15.0866 0x1760 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll

17:29:15.0882 0x1760 wudfsvc - ok

17:29:15.0929 0x1760 [ A4822191C7CEA271903C2A4FB6D9809D, 8CC7A83CA38FFFB2019DB048754C886635E5E2C7F6FFDFE205E45CEB7DCE692E ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys

17:29:15.0960 0x1760 yukonwlh - ok

17:29:16.0007 0x1760 ================ Scan global ===============================

17:29:16.0054 0x1760 [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll

17:29:16.0132 0x1760 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll

17:29:16.0210 0x1760 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll

17:29:16.0304 0x1760 [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe

17:29:16.0320 0x1760 [ Global ] - ok

17:29:16.0320 0x1760 ================ Scan MBR ==================================

17:29:16.0351 0x1760 [ D0A37B66A9B60F135B25640CB1AA1477 ] \Device\Harddisk0\DR0

17:29:16.0913 0x1760 \Device\Harddisk0\DR0 - ok

17:29:16.0913 0x1760 ================ Scan VBR ==================================

17:29:16.0929 0x1760 [ 1927BB612E2F81CE1F71A4AEEB3C39EB ] \Device\Harddisk0\DR0\Partition1

17:29:16.0929 0x1760 \Device\Harddisk0\DR0\Partition1 - ok

17:29:16.0945 0x1760 [ F554049663FF476E2D4A0CBCDE51FBD0 ] \Device\Harddisk0\DR0\Partition2

17:29:16.0960 0x1760 \Device\Harddisk0\DR0\Partition2 - ok

17:29:16.0960 0x1760 Waiting for KSN requests completion. In queue: 100

17:29:17.0960 0x1760 Waiting for KSN requests completion. In queue: 100

17:29:18.0960 0x1760 Waiting for KSN requests completion. In queue: 100

17:29:19.0960 0x1760 Waiting for KSN requests completion. In queue: 100

17:29:20.0960 0x1760 Waiting for KSN requests completion. In queue: 100

17:29:21.0960 0x1760 Waiting for KSN requests completion. In queue: 100

17:29:23.0429 0x1760 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.4.304.0 ), 0x61000 ( enabled : updated )

17:29:23.0476 0x1760 AV detected via SS2: avast! Antivirus, C:\Program Files\Alwil Software\Avast5\VisthAux.exe ( 5.0.121.0 ), 0x41000 ( enabled : updated )

17:29:23.0601 0x1760 Win FW state via NFP2: enabled

17:29:29.0101 0x1760 ============================================================

17:29:29.0101 0x1760 Scan finished

17:29:29.0101 0x1760 ============================================================

17:29:29.0101 0x0314 Detected object count: 0

17:29:29.0101 0x0314 Actual detected object count: 0

Share this post


Link to post
Share on other sites

Hey treasured the TDSSKiller came out clean, i think we are gonna get it clean !!

 

Chuck

 

Now the OTL log !!

Share this post


Link to post
Share on other sites

OTL logfile created on: 12/2/2013 5:40:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.87 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 48.86% Memory free
2.82 Gb Paging File | 1.72 Gb Available in Paging File | 61.02% Paging File free
Paging file location(s): c:\pagefile.sys 1024 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.14 Gb Total Space | 53.84 Gb Free Space | 38.69% Space Free | Partition Type: NTFS
Drive D: | 9.91 Gb Total Space | 4.63 Gb Free Space | 46.68% Space Free | Partition Type: NTFS
 
Computer Name: GMB | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/12/02 17:36:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com
PRC - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/27 05:42:42 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
PRC - [2011/01/13 00:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 00:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/09/03 00:09:42 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/04 20:56:52 | 003,572,592 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2007/03/15 18:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2007/01/23 03:41:58 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2007/01/16 23:34:18 | 000,634,880 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007/01/02 21:38:02 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2007/01/02 21:38:02 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2006/12/28 04:00:30 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2006/12/19 20:16:04 | 000,073,728 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/01/13 00:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/09/03 00:09:42 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/04 20:56:52 | 003,572,592 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2007/01/23 03:41:58 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (IpInIp)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ecxmjqbg.sys -- (ecxmjqbg)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (a4sh028p)
DRV - [2013/12/02 17:28:08 | 000,040,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{38787966-FE1D-41D3-8D41-86A15C88B395}\MpKsle18e467f.sys -- (MpKsle18e467f)
DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/01/13 00:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 00:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 00:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 00:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 00:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/01/21 22:21:04 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/01/18 23:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/04 20:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2008/01/04 20:34:34 | 000,163,696 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ssidrv.sys -- (SSIDRV)
DRV - [2008/01/04 20:34:34 | 000,021,872 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sshrmd.sys -- (SSHRMD)
DRV - [2008/01/04 20:34:34 | 000,020,336 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SSFS0BB9.sys -- (SSFS0BB9)
DRV - [2007/11/19 06:59:12 | 000,288,256 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2007/01/16 23:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2007/01/02 01:44:30 | 000,649,216 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/12/28 04:08:20 | 002,307,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/07/05 22:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6452
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{C34CD5BE-E4A9-44E8-8243-E11A4138261C}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://nbcnews.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {C34CD5BE-E4A9-44E8-8243-E11A4138261C}
IE - HKCU\..\SearchScopes\{38AA11EC-0F47-4804-BB4E-D7AE8B823B49}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
IE - HKCU\..\SearchScopes\{AC7EFF43-D352-491B-AD0C-6A969CF47978}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20131249,20028,0,8,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/12 19:50:14 | 000,000,000 | ---D | M]
 
[2008/12/09 20:16:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\extensions
[2008/12/09 20:16:30 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.38\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/12/02 08:53:19 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Fast Search) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A852085-0994-4D10-A7C7-3AFD957332FD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7840614F-02D1-4405-9E3B-A5D2CEF6D027}: DhcpNameServer = 4.2.2.1 4.2.2.2 4.2.2.3
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - (WRLogonNTF.dll) - C:\Windows\System32\WRLogonNtf.dll (Webroot Software, Inc.)
O24 - Desktop WallPaper: C:\Users\Owner\P1010009.JPG
O24 - Desktop BackupWallPaper: C:\Users\Owner\P1010009.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/02 17:36:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com
[2013/12/02 17:23:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\tdsskiller
[2013/12/02 16:02:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Computer Maintenance
[2013/12/02 08:58:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/12/02 08:58:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/12/02 08:33:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/12/02 08:33:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/12/02 08:33:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/12/02 08:28:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/12/02 08:28:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/12/02 08:23:27 | 005,149,261 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2013/12/02 08:20:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CrashDumps
[2013/12/01 21:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\Surf Canyon
[2013/12/01 21:36:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Surf_Canyon
[2013/12/01 21:01:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Winferno
[2013/12/01 20:56:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2013/12/01 20:56:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Association Manager
[2013/12/01 20:56:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Association Manager
[2013/12/01 20:55:30 | 000,516,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CapiCom.dll
[2013/12/01 20:55:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\FileAssociationManager
[2013/12/01 20:55:25 | 000,000,000 | ---D | C] -- C:\Program Files\FileAssociationManager
[2013/12/01 20:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013/12/01 20:54:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\css
[2013/12/01 20:54:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\modules
[2013/12/01 20:54:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\js
[2013/12/01 09:16:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2013/12/01 09:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/01 09:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/12/01 09:16:22 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/12/01 09:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/12/01 08:52:52 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/12/01 08:29:44 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/02 17:46:59 | 000,004,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/02 17:46:59 | 000,004,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/02 17:36:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com
[2013/12/02 17:27:24 | 004,101,441 | ---- | M] () -- C:\Users\Owner\Desktop\tdsskiller 2.zip
[2013/12/02 17:25:53 | 004,101,441 | ---- | M] () -- C:\Users\Owner\Desktop\tdsskiller.zip
[2013/12/02 17:21:04 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2714304592-1191437367-953324204-1000UA.job
[2013/12/02 15:46:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/02 08:53:19 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/12/02 08:23:45 | 005,149,261 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2013/12/02 08:03:59 | 000,002,593 | ---- | M] () -- C:\Users\Owner\Desktop\Outlook 2007.lnk
[2013/12/02 04:21:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2714304592-1191437367-953324204-1000Core.job
[2013/12/01 13:43:18 | 000,607,694 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/01 13:43:18 | 000,105,302 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/19 03:21:30 | 000,230,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/11/14 15:28:51 | 000,002,044 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/14 15:28:50 | 000,002,042 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2013/11/13 03:14:02 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/04 06:35:14 | 000,002,587 | ---- | M] () -- C:\Users\Owner\Desktop\Word 2007.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/12/02 17:27:20 | 004,101,441 | ---- | C] () -- C:\Users\Owner\Desktop\tdsskiller 2.zip
[2013/12/02 17:22:49 | 004,101,441 | ---- | C] () -- C:\Users\Owner\Desktop\tdsskiller.zip
[2013/12/02 08:33:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/12/02 08:33:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/12/02 08:33:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/12/02 08:33:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/12/02 08:33:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/12 05:39:33 | 000,010,962 | -HS- | C] () -- C:\Users\Owner\AppData\Local\0163b28fk544b8504p86848yx01eobd88h7eo31
[2011/05/12 05:39:33 | 000,010,962 | -HS- | C] () -- C:\ProgramData\0163b28fk544b8504p86848yx01eobd88h7eo31
[2011/01/23 03:36:27 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/06/24 10:09:38 | 000,004,096 | -H-- | C] () -- C:\Users\Owner\AppData\Local\keyfile3.drm
[2010/05/04 22:19:24 | 000,001,976 | ---- | C] () -- C:\Users\Owner\QuickBooks Pro 2010.lnk
[2010/04/14 05:43:18 | 000,140,587 | ---- | C] () -- C:\Users\Owner\Greg Bessler 2009 W2.pdf
[2009/01/22 07:22:16 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/01/13 00:23:52 | 000,001,740 | ---- | C] () -- C:\Users\Owner\Employee Scheduling Assistant.lnk
[2008/12/25 19:00:25 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2008/07/11 14:14:55 | 000,000,108 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2007/07/16 16:24:22 | 000,048,283 | ---- | C] () -- C:\Users\Owner\P1010009.JPG
[2007/04/20 09:55:13 | 000,031,744 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2007/12/16 21:53:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Autodesk
[2011/09/06 17:31:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Command and Conquer 4
[2009/01/22 06:06:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools
[2009/01/24 06:59:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
[2009/01/22 06:06:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Pro
[2010/11/11 08:17:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Digital Support
[2013/12/01 20:55:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FileAssociationManager
[2013/05/09 07:13:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Image Zone Express
[2008/02/21 16:10:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Printer Info Cache
[2011/07/18 23:07:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Rubberduck
[2007/04/20 09:47:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SampleView
[2011/09/26 01:13:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Sling Media
[2013/05/08 08:00:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\spotmau
[2008/07/11 14:14:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2009/01/13 17:45:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\XemiComputers
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:A82AE908

< End of report >

Share this post


Link to post
Share on other sites

OTL Extras logfile created on: 12/2/2013 5:40:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.87 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 48.86% Memory free
2.82 Gb Paging File | 1.72 Gb Available in Paging File | 61.02% Paging File free
Paging file location(s): c:\pagefile.sys 1024 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.14 Gb Total Space | 53.84 Gb Free Space | 38.69% Space Free | Partition Type: NTFS
Drive D: | 9.91 Gb Total Space | 4.63 Gb Free Space | 46.68% Space Free | Partition Type: NTFS
 
Computer Name: GMB | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2714304592-1191437367-953324204-1000]
"EnableNotificationsRef" = 3
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2714304592-1191437367-953324204-500]
"EnableNotificationsRef" = 2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{384CAB1C-05E5-49A3-A61B-F1189644C619}" = lport=2869 | protocol=6 | dir=in | app=system |
"{847B1CD2-C0B8-4B01-957A-8697D4AEB4A7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{B1D2250E-6CA7-4C06-82A6-19F48C289D35}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{BBCF06E3-EF71-4434-8A05-D3FB450C25FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26B59AA4-E5DD-4AB9-94C4-6FCEDB29719D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{41AB7489-11A9-4ACB-97E7-80457C3259B7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9B9A6739-5612-4DFB-B027-C47055BBB300}" = protocol=6 | dir=out | app=system |
"{ADAA42AC-7F81-4EB8-AE2E-AB0EE9A0B408}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BDEFDFBD-5601-4605-8F50-2E127A89B377}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{CA288B18-0C49-4873-A5EB-E9E6C83CD8D7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D936C7EB-5132-4490-A9B4-427635ED5DEE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DE7A985D-2566-4216-B0ED-82D68D150C1C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E27A0AC8-AA11-4366-B012-061B92AA9EB7}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"TCP Query User{1A692F99-E591-4B14-AB1F-E23481B5A2BB}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{5CD4AC4A-9C86-40A2-8975-03046EF0505C}C:\program files\ea games\command & conquer the first decade\command & conquer tiberian sun\sun\game.exe" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer tiberian sun\sun\game.exe |
"TCP Query User{A3CF12CE-D4E7-47C2-A3EF-F81458968C76}C:\program files\ea games\command & conquer the first decade\command & conquer red alert ii\ra2\game.exe" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer red alert ii\ra2\game.exe |
"TCP Query User{B7D2E7DA-D1F7-46E3-BCFF-E688415A946B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D31EABA8-8BF9-465E-A6EE-612D5A0B2A28}C:\program files\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=6 | dir=in | app=c:\program files\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game |
"TCP Query User{E77E1494-7B7A-455B-AFF7-2D5D6294530D}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{0830FDEE-F172-4649-822C-5290711C1D9C}C:\program files\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=17 | dir=in | app=c:\program files\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game |
"UDP Query User{2936EA15-F7AC-45D6-9190-CC2AEF8908B7}C:\program files\ea games\command & conquer the first decade\command & conquer red alert ii\ra2\game.exe" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer red alert ii\ra2\game.exe |
"UDP Query User{86993654-A4B8-475D-8297-AB626BD6EAC8}C:\program files\ea games\command & conquer the first decade\command & conquer tiberian sun\sun\game.exe" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer tiberian sun\sun\game.exe |
"UDP Query User{9E7F76BC-A932-4F67-97B3-BDAB0B5C3143}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{ABA78A5B-B550-4CE9-A24F-3569EFF786C4}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{BB3A569C-C9C8-4B4F-BB85-A5E25619349A}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228288D-975E-42F7-9993-E91A82E6BBD9}" = CWA Reminder by We-Care.com v4.1.24.3
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{06FE1146-4FF8-45DF-B0D9-CBA8E38C708C}" = REALTEK RTL8187 Wireless LAN Driver
"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
"{082D9EBA-BA0C-E6CE-DF60-F450D3B4C427}" = CCC Help Dutch
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = TIPCI
"{0E55C4CC-6543-63A3-96D9-0BD0E72C0CF5}" = ccc-localization-da
"{0E7D2293-9FAA-1322-0294-ABE2F86AC3F6}" = Catalyst Control Center Localization Czech
"{0ED5203A-41A3-1ED9-A413-23A656011945}" = Catalyst Control Center Core Implementation
"{1011C9E2-B8A8-C5CC-CAA1-CEC7B072389A}" = Catalyst Control Center Localization Arabic
"{13BBBB38-22D8-4BF1-80CA-7D54152C2980}" = WebSlingPlayer ActiveX
"{16891F82-D618-EF86-7F38-9FE19874357E}" = Catalyst Control Center Graphics Previews Vista
"{16A9A137-9100-AFB0-E944-05351D0D6154}" = CCC Help Swedish
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1E6727FE-9FBE-50FA-FCE1-4290F0CB68F2}" = CCC Help Russian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24557DC0-0839-496f-82F9-C4EB72EFE4FA}" = HP Deskjet All-In-One Software 8.0
"{26D9EF97-45C1-D508-1EE7-CE4004287255}" = CCC Help Norwegian
"{2B5CE128-136C-78CB-C612-6D8C51E8C327}" = CCC Help Polish
"{2E302857-945A-0610-D455-88E1BD0B5C44}" = Catalyst Control Center Localization Chinese Traditional
"{2EF1BDD0-02F1-4D2D-1D42-D02D1ABE1522}" = Catalyst Control Center Localization Arabic
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
"{355845B8-4352-6D7E-2C6B-CACD91297B1C}" = CCC Help Spanish
"{3733D893-EBBF-6A31-EF05-086E66FC3D9E}" = CCC Help English
"{37CC93E9-6560-9FE3-B07B-4883A4BFD8CC}" = Catalyst Control Center Localization Greek
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{408A092D-40C9-D97F-8468-44A409C23F32}" = Catalyst Control Center Localization German
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{43B5E32B-6518-E34B-E691-BDDDC8F7099B}" = Catalyst Control Center Localization Arabic
"{44C05309-60F4-410B-BC32-31733CFF1A41}" = Microsoft Digital Image Starter Edition 2006 Editor
"{4A0AEE30-988F-AE8C-5269-2FD262D68A22}" = ccc-utility
"{4CD72BE1-78B0-A817-D273-9C3257C1927E}" = CCC Help Danish
"{4E139886-91CE-3923-AE4A-70047CD4E6F9}" = CCC Help Korean
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB251}" = Microsoft Digital Image Starter Edition 2006 Library
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53298391-2283-737E-426A-47406AF9C9BF}" = CCC Help Chinese Traditional
"{56069453-23FA-FB2A-613B-0739874F2664}" = CCC Help French
"{59BB72CD-9519-C50D-DFDF-9454503FD291}" = Catalyst Control Center Localization Finnish
"{5ACDC2AD-8424-491E-53B6-43839CBC6E21}" = Catalyst Control Center Localization Spanish
"{5AECAA2C-2D43-5DE6-5FA7-B17F0C99238D}" = Catalyst Control Center Graphics Full Existing
"{5C758C75-E8A6-3CBD-F78B-36568FD3D588}" = CCC Help Thai
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{65FA2ED6-F6A6-B6D1-D342-3DD6FC1CF235}" = CCC Help Japanese
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{68C192DD-3270-615F-8073-CFAEF47C350C}" = CCC Help Czech
"{6C317D5D-E09E-CEAB-9900-AC55EEB06381}" = Catalyst Control Center Localization Arabic
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E22AFBF-D6AC-DB16-4EDA-05D79EB8972B}" = Catalyst Control Center Graphics Light
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{76F8CB2B-6516-4E1E-B6F1-AED4ABDB4B0A}_is1" = Spy Sweeper
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DDEABFB-0621-4321-B385-CB86D3A6F90F}" = F4100
"{7EF5E936-F6E3-ED2D-D897-D019F93BFED3}" = Catalyst Control Center Localization Japanese
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{80D1F147-58DE-59DF-959A-2B2DA16304B2}" = CCC Help Finnish
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquerâ„¢ 4 Tiberian Twilight
"{827A23C2-5F06-D673-E06A-13C8FE4A6313}" = Catalyst Control Center Localization Italian
"{847D5140-1D9A-AD4D-A383-D8A76AC9FAA6}" = Catalyst Control Center Localization Korean
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9046E7F5-F4C0-E330-C79E-0AE7FBEEE87F}" = Catalyst Control Center Graphics Full New
"{905E2D3F-A433-5A0C-534E-D3812F344003}" = Catalyst Control Center Localization Hungarian
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92628887-5BBC-EBE4-4AE4-017FF30C87D1}" = CCC Help Turkish
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EB1C655-331C-5034-CCF8-436FA4B4A3DA}" = ccc-core-static
"{9ECB4705-B9CB-405A-B6D4-33BDF707308E}" = DJ_AIO_Software
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACE22C48-49D7-4531-BE20-5C3D03393AB6}" = F4100_Help
"{B036B9C2-FD5D-AC72-A873-9DADFC039142}" = CCC Help Italian
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B27E389E-7F8B-7F66-2370-D15814FE7946}" = CCC Help Chinese Standard
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C6F6B84A-5905-FBFE-2884-2F9D954B23AA}" = CCC Help Greek
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4135FD2-8B19-0B8E-A7D3-5102077E8177}" = Skins
"{DA43CFF6-91F4-CD70-4FE6-B0872B0A728B}" = Catalyst Control Center Localization Chinese Standard
"{DC83F417-8068-4074-BA2F-C4F8AB872556}" = DJ_AIO_Software_min
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E213AB89-3ABA-0318-E05E-CD44794E5372}" = Catalyst Control Center Localization Arabic
"{E341A22D-80F7-946D-9131-B03684195564}" = Catalyst Control Center Localization French
"{E4382B39-C869-D696-6A53-E3D677242626}" = CCC Help German
"{E452AE0E-C9AF-CF4A-09A3-A6C110512C8A}" = Catalyst Control Center Localization Arabic
"{E5016937-B03B-17BB-7708-051AB5A92EBC}" = CCC Help Portuguese
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EF958332-BBFF-75BA-6852-8C2939CE1972}" = CCC Help Hungarian
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F39CAF22-C695-D655-D469-F432AF5A42D2}" = Catalyst Control Center Localization Arabic
"{FCD9FF6C-CB0C-BD3A-4A21-8A06B8489CF6}" = Catalyst Control Center Localization Arabic
"{FDA11A0A-9D5A-4E0E-9975-3FF131B03461}" = HGTV Home & Landscape Platinum Suite
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ATI Uninstaller" = ATI Uninstaller
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Digital Support" = PC Fixer
"DISH Optimizer_is1" = DISH Optimizer Ver 2011-06-01
"DivX Free Codec" = DivX Free Codec
"DivX Setup" = DivX Setup
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"Employee Scheduling Assistant" = Employee Scheduling Assistant
"FileAssociationManager" = File Association Manager
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HTC_WModemDriver" = WModem Driver Installer
"InstallShield_{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FDA11A0A-9D5A-4E0E-9975-3FF131B03461}" = HGTV Home & Landscape Platinum Suite
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Money2006b" = Microsoft Money 2006
"PictureItSuiteTrial_v12" = Microsoft Digital Image Starter Edition 2006
"SMSERIAL" = Motorola SM56 Data Fax Modem
"STANDARDR" = Microsoft Office Standard 2007
"Surf Canyon" = Search Manager Service
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TimeCurve Scheduler Demo" = TimeCurve Scheduler Demo
"transformer_ie" = Widevine Media Transformer Plugin 5.0.0
"Uninstall_is1" = Uninstall 1.0.0.1
"Zip995" = Zip995
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/1/2013 1:34:36 PM | Computer Name = GMB | Source = Application Hang | ID = 1002
Description = The program mbam.exe version 1.75.0.1 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Problem Reports and Solutions control panel.  Process
ID: 103c  Start Time: 01ceeeb6d0d93dc5  Termination Time: 47
 
Error - 12/1/2013 1:56:30 PM | Computer Name = GMB | Source = Application Hang | ID = 1002
Description = The program mbam.exe version 1.75.0.1 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Problem Reports and Solutions control panel.  Process
ID: cf0  Start Time: 01ceeebba1893ae6  Termination Time: 16
 
Error - 12/1/2013 2:26:51 PM | Computer Name = GMB | Source = Application Hang | ID = 1002
Description = The program mbam.exe version 1.75.0.1 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Problem Reports and Solutions control panel.  Process
ID: 12c4  Start Time: 01ceeebeb016860b  Termination Time: 0
 
Error - 12/2/2013 12:36:33 AM | Computer Name = GMB | Source = VSS | ID = 8194
Description =
 
Error - 12/2/2013 9:55:34 AM | Computer Name = GMB | Source = Application Hang | ID = 1002
Description = The program SLOW-PCfighter.exe version 2.3.125.63 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: b84  Start Time: 01ceef65aa67e646  Termination Time: 15
 
Error - 12/2/2013 11:20:52 AM | Computer Name = GMB | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18928, time stamp
 0x4bdfa327, faulting module OLEAUT32.dll, version 6.0.6002.18508, time stamp 0x4e5674e4,
 exception code 0xc0000005, fault offset 0x00003e74,  process id 0xbd4, application
 start time 0x01ceef6f66962626.
 
Error - 12/2/2013 11:27:06 AM | Computer Name = GMB | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18928, time stamp
 0x4bdfa327, faulting module OLEAUT32.dll, version 6.0.6002.18508, time stamp 0x4e5674e4,
 exception code 0xc0000005, fault offset 0x00003e74,  process id 0xd20, application
 start time 0x01ceef721daa16f9.
 
Error - 12/2/2013 12:02:47 PM | Computer Name = GMB | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18928, time stamp
 0x4bdfa327, faulting module OLEAUT32.dll, version 6.0.6002.18508, time stamp 0x4e5674e4,
 exception code 0xc0000005, fault offset 0x00003e74,  process id 0x172c, application
 start time 0x01ceef7784e958fc.
 
[ OSession Events ]
Error - 8/11/2009 11:05:24 AM | Computer Name = GMB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 2185
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 8/11/2009 11:07:00 AM | Computer Name = GMB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 70
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 8/11/2009 12:25:33 PM | Computer Name = GMB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 4705
 seconds with 1020 seconds of active time.  This session ended with a crash.
 
Error - 2/12/2010 11:42:37 AM | Computer Name = GMB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 135
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 9/14/2010 4:34:32 AM | Computer Name = GMB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 46
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 9/14/2010 4:35:22 AM | Computer Name = GMB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 23
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 9/14/2010 4:35:54 AM | Computer Name = GMB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 9/14/2010 7:26:59 AM | Computer Name = GMB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 1/27/2011 6:16:36 AM | Computer Name = GMB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 51780
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 4/13/2012 6:40:09 PM | Computer Name = GMB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 28034
 seconds with 780 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 12/2/2013 6:46:28 PM | Computer Name = GMB | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
 a page  file on the boot partition and that is large enough to contain all physical
memory.
 
Error - 12/2/2013 6:46:31 PM | Computer Name = GMB | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 12/2/2013 6:46:40 PM | Computer Name = GMB | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 12/2/2013 6:46:42 PM | Computer Name = GMB | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 12/2/2013 6:46:43 PM | Computer Name = GMB | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
 a page  file on the boot partition and that is large enough to contain all physical
memory.
 
Error - 12/2/2013 6:48:45 PM | Computer Name = GMB | Source = DCOM | ID = 10016
Description =
 
Error - 12/2/2013 6:51:26 PM | Computer Name = GMB | Source = Service Control Manager | ID = 7009
Description =
 
Error - 12/2/2013 6:51:26 PM | Computer Name = GMB | Source = Service Control Manager | ID = 7009
Description =
 
Error - 12/2/2013 6:51:26 PM | Computer Name = GMB | Source = Service Control Manager | ID = 7000
Description =
 
Error - 12/2/2013 8:51:53 PM | Computer Name = GMB | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
 
< End of report >
 

Share this post


Link to post
Share on other sites

Go to add/remove and uninstall: if present >>> SpySweeper

 

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the customFix.png.  text box of the OTL tool/program ! Start with and include the colon plus OTL . :OTL

:OTLDRV - File not found [Kernel | On_Demand | Stopped] --  -- (NwlnkFwd)DRV - File not found [Kernel | On_Demand | Stopped] --  -- (NwlnkFlt)DRV - File not found [Kernel | On_Demand | Stopped] --  -- (IpInIp)DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ecxmjqbg.sys -- (ecxmjqbg)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\catchme.sys -- (catchme)DRV - File not found [Kernel | On_Demand | Unknown] --  -- (a4sh028p)IE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{C34CD5BE-E4A9-44E8-8243-E11A4138261C}: "URL" = http://www.google.co...Page={startPage}IE - HKCU\..\SearchScopes,DefaultScope = {C34CD5BE-E4A9-44E8-8243-E11A4138261C}IE - HKCU\..\SearchScopes\{38AA11EC-0F47-4804-BB4E-D7AE8B823B49}: "URL" = http://www.google.co...Page={startPage}IE - HKCU\..\SearchScopes\{AC7EFF43-D352-491B-AD0C-6A969CF47978}: "URL" = http://search.yahoo....249,20028,0,8,0[2008/12/09 20:16:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\extensions[2008/12/09 20:16:30 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.38\CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.  :Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click btnOK.png
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.


Post the OTL fix log next !

 

 

Chuck

Share this post


Link to post
Share on other sites

Ok lets do some cleanup !!

 

Clean up with OTL


    Right-click OTL.exe and select " Run as administrator " to run it.
    This will remove all the tools we used to clean your pc.
    Close all other programs apart from OTL as this step will require a reboot
    On the OTL main screen, press the CleanUp! button
    Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.

 

Reboot & tell me how it's running and any other problems you have !!

 

Chuck

Share this post


Link to post
Share on other sites

Here are the names of the files it left on my desktop.  the are sorta greyed out

 

 

Recap.docx
~WRL0003.tmp
desktop.ini
ehthumbs_vista.db
~$Recap.docx
~$terials at 4.doc
desktop.ini
~$Contribution List.xlsx
~$watering Basics.doc
~WRL0001.tmp

 

 

Share this post


Link to post
Share on other sites

Let me know if they come back after the OTL cleanup ??

And you can remove/delete any programs we used in the cleaning !

 

How's it running ?

 

Got just a little to do after i hear from you !!

 

Chuck

Share this post


Link to post
Share on other sites

just got back on.  had a power outage.  ran the cleanup  it removed the doc from my desktop.  but the MS Security program is back & and now when I open IE a "Manage add-ons" program pops up.  Back to the MS Security essentials program shows that it is located at: "C:\windows\system32\MRT.exe"/r/re

Share this post


Link to post
Share on other sites

That MS program is safe to run !! It's usually downloaded when you download the updates.

Share this post


Link to post
Share on other sites

Untreasured, Yes go ahead & run it !!

 

Internet Explorer 8 Out of date! >>> Internet Explorer 10 Out of date! ........ Update >>>  This update is up to you for now till MS makes it mandatory !!
Download your language & version >>> http://windows.micro...dwide-languages

======================

Java version out of Date!

Java version out of Date! ......... Update Java Runtime
Make sure you uncheck any boxes that want you to install tool bars or anything other than Java
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system.

   1. Go to http://java.sun.com/javase/downloads/index.jsp
   2. Click to Download  Java SE Runtime Environment
 

============================

Adobe Reader 8 Adobe Reader out of Date!

Update Adobe Reader >>> http://www.adobe.com/support/downloads/thankyou.jsp?ftpID=5440&fileID=5441

Make sure you uncheck the box to install McAfee Security Scan Plus

   1. Please uninstall unless you already have Adobe Reader XXX XXX xxx before installing the latest version by going to Start > Control Panel and double clicking on Add/Remove Programs. Locate Adobe Reader XX xxx xx and click on Change/Remove to uninstall it.
   2. Click here to download the latest version of Adobe Acrobat Reader.
   3. Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you.
   4. If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
   5. Close your Internet browser and open it again.

==============================

 

Let me know how it's running ???

 

Chuck
 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this