Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win7, Chrome hijacked by yahoo, cannot reinstall chrome


  • This topic is locked This topic is locked
33 replies to this topic

#1 Tami73

Tami73

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 01 December 2013 - 02:03 PM

So I have tried uninstalling chrome and reinstalling it. I can't reinstall it and Yahoo still has my browser hijacked. I have run malwarebytes, chameleon and rootkit but they all come up clean. The following is my DDS file and I am attaching it as well. Could someone please help? Thank you in advance!

 

Tami

 

.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 GAMER™ 2010
Boot Device: \Device\HarddiskVolume1
Install Date: 12/31/2011 10:14:25 AM
System Uptime: 12/1/2013 1:31:15 AM (10 hours ago)
.
Motherboard: Intel Corp. |  | Base Board Product Name
Processor: Intel® Core™2 Duo CPU     T5870  @ 2.00GHz | CPU | 780/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 115.356 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\TOS1901\2&DABA3FF&3
Manufacturer:
Name:
PNP Device ID: ACPI\TOS1901\2&DABA3FF&3
Service:
.
==== System Restore Points ===================
.
RP44: 11/19/2013 8:18:35 PM - Installed Java 7 Update 45
RP45: 11/22/2013 8:29:09 PM - Windows Update
RP46: 11/22/2013 9:03:25 PM - Configured TOSHIBA Supervisor Password
RP47: 11/24/2013 1:09:29 PM - Driver Booster : Intel® ICH8M 3 port Serial ATA Storage Controller - 2828
RP48: 11/27/2013 2:16:57 AM - Driver Booster : High Definition Audio Device
RP49: 11/29/2013 6:40:43 PM - Removed IObit Apps Toolbar v8.3.
RP50: 12/1/2013 12:22:52 AM - Windows Modules Installer
.
==== Installed Programs ======================
.
7-Zip 9.09 (x64 edition)
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Internet Security
Bonjour
Cole2k Media - Codec Pack (Advanced) 7.9.0
Combined Community Codec Pack 2009-09-09
Compact Wireless-G USB Network Adapter with SpeedBooster Driver - WUSB54GSC
Google Chrome
Google Update Helper
Intel® Graphics Media Accelerator Driver
iTunes
Java 7 Update 45
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MotoHelper MergeModules
MSXML 4.0 SP2 (KB973688)
PreReq
Rosetta Stone Version 3
Synaptics Pointing Device Driver
TOSHIBA Supervisor Password
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 1.0.3
WD SmartWare
Windows Live Messenger
WinRAR arkivering
.
==== Event Viewer Messages From Past Week ========
.
12/1/2013 1:34:20 AM, Error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The system cannot find the file specified.
12/1/2013 1:32:00 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  aswSnx
12/1/2013 1:31:50 AM, Error: Service Control Manager [7000]  - The Advanced SystemCare Service service failed to start due to the following error:  The system cannot find the file specified.
11/30/2013 11:06:16 PM, Error: mbamchameleon [61440]  -
11/29/2013 7:01:10 PM, Error: Service Control Manager [7034]  - The RzKLService service terminated unexpectedly.  It has done this 1 time(s).
11/29/2013 6:14:49 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================
 

Attached Files


Edited by hamluis, 01 December 2013 - 04:51 PM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:21 PM

Posted 05 December 2013 - 07:51 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
Run a new scan with DDS and post the new DDS.txt log that will be created.   :)
----------
 

weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------
 

81mYIKe.jpg  AdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 Tami73

Tami73
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 06 December 2013 - 10:07 AM

Thank you Jeff here are the logs-

 

 

 
19:39:08.0869 0x0e0c  ============================================================
19:39:08.0869 0x0e0c  Current date / time: 2013/12/05 19:39:08.0869
19:39:08.0869 0x0e0c  SystemInfo:
19:39:08.0869 0x0e0c  
19:39:08.0869 0x0e0c  OS Version: 6.1.7600 ServicePack: 0.0
19:39:08.0869 0x0e0c  Product type: Workstation
19:39:08.0869 0x0e0c  ComputerName: TAMI-PC
19:39:08.0870 0x0e0c  UserName: Tammi
19:39:08.0870 0x0e0c  Windows directory: C:\Windows
19:39:08.0870 0x0e0c  System windows directory: C:\Windows
19:39:08.0870 0x0e0c  Running under WOW64
19:39:08.0870 0x0e0c  Processor architecture: Intel x64
19:39:08.0870 0x0e0c  Number of processors: 2
19:39:08.0870 0x0e0c  Page size: 0x1000
19:39:08.0870 0x0e0c  Boot type: Normal boot
19:39:08.0870 0x0e0c  ============================================================
19:39:13.0090 0x0e0c  KLMD registered as C:\Windows\system32\drivers\46155835.sys
19:39:13.0791 0x0e0c  System UUID: {16E541D5-EEF6-6990-E2DC-FEADD9C2E90A}
19:39:16.0262 0x0e0c  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:39:16.0609 0x0e0c  Drive \Device\Harddisk2\DR2 - Size: 0x1DD400000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:39:16.0616 0x0e0c  ============================================================
19:39:16.0616 0x0e0c  \Device\Harddisk0\DR0:
19:39:16.0639 0x0e0c  MBR partitions:
19:39:16.0639 0x0e0c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:39:16.0639 0x0e0c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
19:39:16.0639 0x0e0c  \Device\Harddisk2\DR2:
19:39:16.0640 0x0e0c  MBR partitions:
19:39:16.0640 0x0e0c  \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x800, BlocksNum 0xEE838D
19:39:16.0640 0x0e0c  ============================================================
19:39:16.0711 0x0e0c  C: <-> \Device\Harddisk0\DR0\Partition2
19:39:16.0754 0x0e0c  ============================================================
19:39:16.0754 0x0e0c  Initialize success
19:39:16.0754 0x0e0c  ============================================================
19:39:20.0185 0x0cd0  ============================================================
19:39:20.0185 0x0cd0  Scan started
19:39:20.0185 0x0cd0  Mode: Manual; 
19:39:20.0185 0x0cd0  ============================================================
19:39:20.0186 0x0cd0  KSN ping started
19:39:23.0886 0x0cd0  KSN ping finished: true
19:39:24.0406 0x0cd0  ================ Scan system memory ========================
19:39:24.0406 0x0cd0  System memory - ok
19:39:24.0407 0x0cd0  ================ Scan services =============================
19:39:24.0768 0x0cd0  [ 1B00662092F9F9568B995902F0CC40D5, D345014CF146FA57B2682C189D5E7F27D4C78F321F2723D912D623E777C2BB70 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
19:39:24.0787 0x0cd0  1394ohci - ok
19:39:24.0890 0x0cd0  [ 6F11E88748CDEFD2F76AA215F97DDFE5, BD0B3561EDCDE5EFD89372793CFD09DF879709BF469542F4A049705CBA9FD060 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
19:39:24.0915 0x0cd0  ACPI - ok
19:39:24.0938 0x0cd0  [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
19:39:24.0941 0x0cd0  AcpiPmi - ok
19:39:25.0077 0x0cd0  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:39:25.0085 0x0cd0  AdobeARMservice - ok
19:39:25.0264 0x0cd0  [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:39:25.0282 0x0cd0  AdobeFlashPlayerUpdateSvc - ok
19:39:25.0365 0x0cd0  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:39:25.0401 0x0cd0  adp94xx - ok
19:39:25.0462 0x0cd0  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:39:25.0489 0x0cd0  adpahci - ok
19:39:25.0527 0x0cd0  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:39:25.0544 0x0cd0  adpu320 - ok
19:39:25.0580 0x0cd0  AdvancedSystemCareService - ok
19:39:25.0627 0x0cd0  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:39:25.0635 0x0cd0  AeLookupSvc - ok
19:39:25.0715 0x0cd0  [ B9384E03479D2506BC924C16A3DB87BC, AB5FD2BC1F005E7D664F5DE3D5CB54499024A83B716DD52C56582DB7EFB4F01B ] AFD             C:\Windows\system32\drivers\afd.sys
19:39:25.0752 0x0cd0  AFD - ok
19:39:25.0910 0x0cd0  [ 98022774D9930ECBB292E70DB7601DF6, BE64A40B9BE997D73C0FC14D97E204C9D886EDA07EC4C9391A70CE477084E5F1 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
19:39:25.0995 0x0cd0  AgereSoftModem - ok
19:39:26.0050 0x0cd0  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
19:39:26.0057 0x0cd0  agp440 - ok
19:39:26.0114 0x0cd0  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
19:39:26.0125 0x0cd0  ALG - ok
19:39:26.0144 0x0cd0  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
19:39:26.0150 0x0cd0  aliide - ok
19:39:26.0182 0x0cd0  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
19:39:26.0190 0x0cd0  amdide - ok
19:39:26.0206 0x0cd0  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:39:26.0214 0x0cd0  AmdK8 - ok
19:39:26.0247 0x0cd0  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:39:26.0254 0x0cd0  AmdPPM - ok
19:39:26.0308 0x0cd0  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9, 786B30C86FA7FEC6BA2569FF818044AA0F7C134693304ED0FF7BD0541F9A755F ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:39:26.0318 0x0cd0  amdsata - ok
19:39:26.0357 0x0cd0  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:39:26.0375 0x0cd0  amdsbs - ok
19:39:26.0399 0x0cd0  [ DB27766102C7BF7E95140A2AA81D042E, 489F812B596EA06E53D891CD05047AA17CDF752854BBD553BA65D10799AF78DF ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:39:26.0404 0x0cd0  amdxata - ok
19:39:26.0439 0x0cd0  [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID           C:\Windows\system32\drivers\appid.sys
19:39:26.0446 0x0cd0  AppID - ok
19:39:26.0487 0x0cd0  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:39:26.0491 0x0cd0  AppIDSvc - ok
19:39:26.0524 0x0cd0  [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo         C:\Windows\System32\appinfo.dll
19:39:26.0531 0x0cd0  Appinfo - ok
19:39:26.0645 0x0cd0  [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:39:26.0651 0x0cd0  Apple Mobile Device - ok
19:39:26.0686 0x0cd0  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
19:39:26.0701 0x0cd0  AppMgmt - ok
19:39:26.0734 0x0cd0  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:39:26.0741 0x0cd0  arc - ok
19:39:26.0788 0x0cd0  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:39:26.0797 0x0cd0  arcsas - ok
19:39:26.0820 0x0cd0  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:39:26.0825 0x0cd0  AsyncMac - ok
19:39:26.0877 0x0cd0  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
19:39:26.0879 0x0cd0  atapi - ok
19:39:26.0978 0x0cd0  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:39:27.0041 0x0cd0  AudioEndpointBuilder - ok
19:39:27.0117 0x0cd0  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:39:27.0167 0x0cd0  AudioSrv - ok
19:39:27.0210 0x0cd0  [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:39:27.0220 0x0cd0  AxInstSV - ok
19:39:27.0290 0x0cd0  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
19:39:27.0325 0x0cd0  b06bdrv - ok
19:39:27.0395 0x0cd0  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:39:27.0427 0x0cd0  b57nd60a - ok
19:39:27.0478 0x0cd0  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:39:27.0519 0x0cd0  Beep - ok
19:39:27.0619 0x0cd0  [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE             C:\Windows\System32\bfe.dll
19:39:27.0671 0x0cd0  BFE - ok
19:39:27.0774 0x0cd0  [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS            C:\Windows\System32\qmgr.dll
19:39:27.0847 0x0cd0  BITS - ok
19:39:27.0881 0x0cd0  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:39:27.0887 0x0cd0  blbdrive - ok
19:39:28.0065 0x0cd0  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:39:28.0099 0x0cd0  Bonjour Service - ok
19:39:28.0151 0x0cd0  [ 19D20159708E152267E53B66677A4995, 6401FA5C3EFF26BED075FEC68F868CD8D0598FDB45EA9381810615F7252F7A9A ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:39:28.0160 0x0cd0  bowser - ok
19:39:28.0190 0x0cd0  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:39:28.0195 0x0cd0  BrFiltLo - ok
19:39:28.0209 0x0cd0  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:39:28.0218 0x0cd0  BrFiltUp - ok
19:39:28.0257 0x0cd0  [ 94FBC06F294D58D02361918418F996E3, 62C7CC2AF8F5A0BB0C262DACDE3F72C6AC318C3840CE60E46EE2064B32BDA5EF ] Browser         C:\Windows\System32\browser.dll
19:39:28.0269 0x0cd0  Browser - ok
19:39:28.0325 0x0cd0  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:39:28.0348 0x0cd0  Brserid - ok
19:39:28.0366 0x0cd0  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:39:28.0372 0x0cd0  BrSerWdm - ok
19:39:28.0386 0x0cd0  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:39:28.0394 0x0cd0  BrUsbMdm - ok
19:39:28.0411 0x0cd0  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:39:28.0428 0x0cd0  BrUsbSer - ok
19:39:28.0494 0x0cd0  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
19:39:28.0499 0x0cd0  BthEnum - ok
19:39:28.0521 0x0cd0  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:39:28.0529 0x0cd0  BTHMODEM - ok
19:39:28.0588 0x0cd0  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
19:39:28.0599 0x0cd0  BthPan - ok
19:39:28.0696 0x0cd0  [ D59773C7FDD3D795D6FE402EEEA8D71E, 9A26A1A3254D7BCDFADFFC9FD5D1A53A3DF12AC874FB2525AD33B87E42EFC5B1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
19:39:28.0737 0x0cd0  BTHPORT - ok
19:39:28.0776 0x0cd0  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
19:39:28.0785 0x0cd0  bthserv - ok
19:39:28.0817 0x0cd0  [ 8504842634DD144C075B6B0C982CCEC4, BFBB8D67F146FBD4813BB8B29A3865C222966DA2B043732A5BCD759A40F4E5CE ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
19:39:28.0826 0x0cd0  BTHUSB - ok
19:39:28.0853 0x0cd0  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:39:28.0861 0x0cd0  cdfs - ok
19:39:28.0919 0x0cd0  [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:39:28.0932 0x0cd0  cdrom - ok
19:39:28.0959 0x0cd0  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:39:28.0967 0x0cd0  CertPropSvc - ok
19:39:29.0000 0x0cd0  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:39:29.0006 0x0cd0  circlass - ok
19:39:29.0071 0x0cd0  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
19:39:29.0100 0x0cd0  CLFS - ok
19:39:29.0180 0x0cd0  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:39:29.0196 0x0cd0  clr_optimization_v2.0.50727_32 - ok
19:39:29.0268 0x0cd0  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:39:29.0278 0x0cd0  clr_optimization_v2.0.50727_64 - ok
19:39:29.0318 0x0cd0  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:39:29.0324 0x0cd0  CmBatt - ok
19:39:29.0342 0x0cd0  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
19:39:29.0346 0x0cd0  cmdide - ok
19:39:29.0408 0x0cd0  [ F95FD4CB7DA00BA2A63CE9F6B5C053E1, D1FBCA0416D38B9CA510FB01CF251E60B244D38080E6668948ED927D2350ED49 ] CNG             C:\Windows\system32\Drivers\cng.sys
19:39:29.0451 0x0cd0  CNG - ok
19:39:29.0476 0x0cd0  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:39:29.0486 0x0cd0  Compbatt - ok
19:39:29.0509 0x0cd0  [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:39:29.0515 0x0cd0  CompositeBus - ok
19:39:29.0529 0x0cd0  COMSysApp - ok
19:39:29.0562 0x0cd0  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:39:29.0567 0x0cd0  crcdisk - ok
19:39:29.0626 0x0cd0  [ BAF19B633933A9FB4883D27D66C39E9A, 2D8ABB5161736CCCADA67B3E6A8D70B0B5E1E3FE6084561891F394DA191B3439 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:39:29.0666 0x0cd0  CryptSvc - ok
19:39:29.0737 0x0cd0  [ 4A6173C2279B498CD8F57CAE504564CB, FF3CD404FD91EDE38C21780362CE892BFBBC2526B146BEBD139C7413EB29A216 ] CSC             C:\Windows\system32\drivers\csc.sys
19:39:29.0776 0x0cd0  CSC - ok
19:39:29.0861 0x0cd0  [ 873FBF927C06E5CEE04DEC617502F8FD, 8B452ED5D003337E66634EEC3D5C9FBA4D05FF5AE776239F3B769FAA505E729C ] CscService      C:\Windows\System32\cscsvc.dll
19:39:29.0915 0x0cd0  CscService - ok
19:39:29.0999 0x0cd0  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:39:30.0042 0x0cd0  DcomLaunch - ok
19:39:30.0130 0x0cd0  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
19:39:30.0154 0x0cd0  defragsvc - ok
19:39:30.0204 0x0cd0  [ 3F1DC527070ACB87E40AFE46EF6DA749, 5CB9CB94854AF06BEA02AF3E0562B8ECF72B2B23ED657A3F5E17CD3552F3EF84 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:39:30.0214 0x0cd0  DfsC - ok
19:39:30.0268 0x0cd0  [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:39:30.0294 0x0cd0  Dhcp - ok
19:39:30.0328 0x0cd0  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
19:39:30.0337 0x0cd0  discache - ok
19:39:30.0366 0x0cd0  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:39:30.0378 0x0cd0  Disk - ok
19:39:30.0428 0x0cd0  [ 85CF424C74A1D5EC33533E1DBFF9920A, 882D5FA0D5EC053D76A0C46A6047A621D607651693CF94E5506219EECCC8D079 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:39:30.0449 0x0cd0  Dnscache - ok
19:39:30.0501 0x0cd0  [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:39:30.0527 0x0cd0  dot3svc - ok
19:39:30.0565 0x0cd0  [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS             C:\Windows\system32\dps.dll
19:39:30.0580 0x0cd0  DPS - ok
19:39:30.0666 0x0cd0  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:39:30.0675 0x0cd0  drmkaud - ok
19:39:30.0802 0x0cd0  [ 1633B9ABF52784A1331476397A48CBEF, 697780697C4C55FCCF5FB65C93FB37B3F5A43BF0C59FDBB9EF822D0E993E47BD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:39:30.0897 0x0cd0  DXGKrnl - ok
19:39:30.0946 0x0cd0  [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD, 967829CE37158020F6026C588260FCFC6F9852DDDACD622FAF7AB75121DF5B3D ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
19:39:30.0964 0x0cd0  E1G60 - ok
19:39:31.0039 0x0cd0  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
19:39:31.0050 0x0cd0  EapHost - ok
19:39:31.0361 0x0cd0  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
19:39:31.0903 0x0cd0  ebdrv - ok
19:39:32.0018 0x0cd0  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] EFS             C:\Windows\System32\lsass.exe
19:39:32.0025 0x0cd0  EFS - ok
19:39:32.0169 0x0cd0  [ 47C071994C3F649F23D9CD075AC9304A, B7AA2DD6AD14F18A19620F5FB79D50C630D3750E72DD67BF8D105CC4F5CE1D46 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:39:32.0377 0x0cd0  ehRecvr - ok
19:39:32.0420 0x0cd0  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
19:39:32.0559 0x0cd0  ehSched - ok
19:39:32.0634 0x0cd0  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:39:32.0676 0x0cd0  elxstor - ok
19:39:32.0715 0x0cd0  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
19:39:32.0717 0x0cd0  ErrDev - ok
19:39:32.0830 0x0cd0  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
19:39:32.0860 0x0cd0  EventSystem - ok
19:39:32.0905 0x0cd0  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
19:39:32.0921 0x0cd0  exfat - ok
19:39:32.0977 0x0cd0  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:39:33.0011 0x0cd0  fastfat - ok
19:39:33.0106 0x0cd0  [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax             C:\Windows\system32\fxssvc.exe
19:39:33.0158 0x0cd0  Fax - ok
19:39:33.0183 0x0cd0  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:39:33.0188 0x0cd0  fdc - ok
19:39:33.0218 0x0cd0  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
19:39:33.0224 0x0cd0  fdPHost - ok
19:39:33.0264 0x0cd0  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:39:33.0269 0x0cd0  FDResPub - ok
19:39:33.0304 0x0cd0  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:39:33.0315 0x0cd0  FileInfo - ok
19:39:33.0345 0x0cd0  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:39:33.0349 0x0cd0  Filetrace - ok
19:39:33.0521 0x0cd0  [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:39:33.0668 0x0cd0  FLEXnet Licensing Service - ok
19:39:33.0708 0x0cd0  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:39:33.0725 0x0cd0  flpydisk - ok
19:39:33.0884 0x0cd0  [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:39:33.0996 0x0cd0  FltMgr - ok
19:39:34.0143 0x0cd0  [ CB5E4B9C319E3C6BB363EB7E58A4A051, C9DCF2C2A6AFE0A0F3E23A265843D0C423C08B2E54702C5B389CF293D9A6BAC5 ] FontCache       C:\Windows\system32\FntCache.dll
19:39:34.0240 0x0cd0  FontCache - ok
19:39:34.0304 0x0cd0  [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:39:34.0309 0x0cd0  FontCache3.0.0.0 - ok
19:39:34.0370 0x0cd0  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:39:34.0387 0x0cd0  FsDepends - ok
19:39:34.0431 0x0cd0  [ E95EF8547DE20CF0603557C0CF7A9462, 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:39:34.0436 0x0cd0  Fs_Rec - ok
19:39:34.0464 0x0cd0  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:39:34.0471 0x0cd0  gagp30kx - ok
19:39:34.0548 0x0cd0  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:39:34.0558 0x0cd0  GEARAspiWDM - ok
19:39:34.0663 0x0cd0  [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:39:34.0744 0x0cd0  gpsvc - ok
19:39:34.0885 0x0cd0  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:39:34.0895 0x0cd0  gupdate - ok
19:39:34.0925 0x0cd0  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:39:34.0931 0x0cd0  gupdatem - ok
19:39:34.0987 0x0cd0  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:39:34.0991 0x0cd0  hcw85cir - ok
19:39:35.0095 0x0cd0  [ 6410F6F415B2A5A9037224C41DA8BF12, 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:39:35.0123 0x0cd0  HdAudAddService - ok
19:39:35.0178 0x0cd0  [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:39:35.0188 0x0cd0  HDAudBus - ok
19:39:35.0204 0x0cd0  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:39:35.0208 0x0cd0  HidBatt - ok
19:39:35.0234 0x0cd0  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:39:35.0244 0x0cd0  HidBth - ok
19:39:35.0260 0x0cd0  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:39:35.0266 0x0cd0  HidIr - ok
19:39:35.0301 0x0cd0  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
19:39:35.0307 0x0cd0  hidserv - ok
19:39:35.0337 0x0cd0  [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:39:35.0341 0x0cd0  HidUsb - ok
19:39:35.0378 0x0cd0  [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:39:35.0388 0x0cd0  hkmsvc - ok
19:39:35.0430 0x0cd0  [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:39:35.0450 0x0cd0  HomeGroupListener - ok
19:39:35.0525 0x0cd0  [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:39:35.0544 0x0cd0  HomeGroupProvider - ok
19:39:35.0573 0x0cd0  [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
19:39:35.0580 0x0cd0  HpSAMD - ok
19:39:35.0668 0x0cd0  [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:39:35.0742 0x0cd0  HTTP - ok
19:39:35.0766 0x0cd0  [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:39:35.0769 0x0cd0  hwpolicy - ok
19:39:35.0802 0x0cd0  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:39:35.0812 0x0cd0  i8042prt - ok
19:39:35.0909 0x0cd0  [ B75E45C564E944A2657167D197AB29DA, 622EA73F4D9CAE17628C18148FB241817A0AE6D80A74B099204ED27C1A750B24 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:39:35.0948 0x0cd0  iaStorV - ok
19:39:36.0110 0x0cd0  [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:39:36.0182 0x0cd0  idsvc - ok
19:39:37.0155 0x0cd0  [ 24CC43ECDEEFD4C19FBBEE4951B647F1, 416799965E6602F8F03E2A92E8BB42B1D5643C65EF09815FC5A56A2FA73E6773 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
19:39:37.0980 0x0cd0  igfx - ok
19:39:38.0068 0x0cd0  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:39:38.0092 0x0cd0  iirsp - ok
19:39:38.0192 0x0cd0  [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT          C:\Windows\System32\ikeext.dll
19:39:38.0266 0x0cd0  IKEEXT - ok
19:39:38.0315 0x0cd0  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
19:39:38.0318 0x0cd0  intelide - ok
19:39:38.0367 0x0cd0  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:39:38.0375 0x0cd0  intelppm - ok
19:39:38.0409 0x0cd0  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:39:38.0436 0x0cd0  IPBusEnum - ok
19:39:38.0479 0x0cd0  [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:39:38.0515 0x0cd0  IpFilterDriver - ok
19:39:38.0646 0x0cd0  [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:39:38.0697 0x0cd0  iphlpsvc - ok
19:39:38.0725 0x0cd0  [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:39:38.0732 0x0cd0  IPMIDRV - ok
19:39:38.0760 0x0cd0  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:39:38.0769 0x0cd0  IPNAT - ok
19:39:38.0936 0x0cd0  [ 33B286326BD2B1A7748C43391058FB19, C6240C9ED5B7C227595E953E3D1AB5F2D45CCD86FDBDF985836A970B4B6467FE ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:39:38.0988 0x0cd0  iPod Service - ok
19:39:39.0014 0x0cd0  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:39:39.0018 0x0cd0  IRENUM - ok
19:39:39.0042 0x0cd0  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
19:39:39.0047 0x0cd0  isapnp - ok
19:39:39.0100 0x0cd0  [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
19:39:39.0118 0x0cd0  iScsiPrt - ok
19:39:39.0148 0x0cd0  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:39:39.0154 0x0cd0  kbdclass - ok
19:39:39.0192 0x0cd0  [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:39:39.0214 0x0cd0  kbdhid - ok
19:39:39.0252 0x0cd0  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] KeyIso          C:\Windows\system32\lsass.exe
19:39:39.0259 0x0cd0  KeyIso - ok
19:39:39.0309 0x0cd0  [ E8B6FCC9C83535C67F835D407620BD27, 74B63F3BFB756FF0B0AD6A6C1535C0A1A0630295ECCBC078B00F2449718B0870 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:39:39.0321 0x0cd0  KSecDD - ok
19:39:39.0370 0x0cd0  [ A8C63880EF6F4D3FEC7B616B9C060215, 036AE3ABBF991F5748C5C46E1DF62FBBC832BCDBF8C1B6E3C22A22A3703BBBCA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:39:39.0385 0x0cd0  KSecPkg - ok
19:39:39.0410 0x0cd0  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:39:39.0415 0x0cd0  ksthunk - ok
19:39:39.0475 0x0cd0  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:39:39.0506 0x0cd0  KtmRm - ok
19:39:39.0559 0x0cd0  [ 81F1D04D4D0E433099365127375FD501, C2A81B5A482C974E8108806486EC28CB2D81400D42639682FE7B7A9BDF14BA9B ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:39:39.0584 0x0cd0  LanmanServer - ok
19:39:39.0652 0x0cd0  [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:39:39.0694 0x0cd0  LanmanWorkstation - ok
19:39:39.0747 0x0cd0  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:39:39.0760 0x0cd0  lltdio - ok
19:39:39.0836 0x0cd0  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:39:39.0881 0x0cd0  lltdsvc - ok
19:39:39.0912 0x0cd0  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:39:39.0930 0x0cd0  lmhosts - ok
19:39:39.0970 0x0cd0  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:39:39.0984 0x0cd0  LSI_FC - ok
19:39:40.0044 0x0cd0  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:39:40.0053 0x0cd0  LSI_SAS - ok
19:39:40.0090 0x0cd0  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:39:40.0097 0x0cd0  LSI_SAS2 - ok
19:39:40.0124 0x0cd0  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:39:40.0134 0x0cd0  LSI_SCSI - ok
19:39:40.0161 0x0cd0  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
19:39:40.0170 0x0cd0  luafv - ok
19:39:40.0213 0x0cd0  [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:39:40.0228 0x0cd0  Mcx2Svc - ok
19:39:40.0259 0x0cd0  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:39:40.0265 0x0cd0  megasas - ok
19:39:40.0311 0x0cd0  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:39:40.0337 0x0cd0  MegaSR - ok
19:39:40.0437 0x0cd0  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
19:39:40.0452 0x0cd0  Microsoft Office Groove Audit Service - ok
19:39:40.0498 0x0cd0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
19:39:40.0507 0x0cd0  MMCSS - ok
19:39:40.0529 0x0cd0  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
19:39:40.0535 0x0cd0  Modem - ok
19:39:40.0580 0x0cd0  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:39:40.0585 0x0cd0  monitor - ok
19:39:40.0620 0x0cd0  MotDev - ok
19:39:40.0644 0x0cd0  motmodem - ok
19:39:40.0691 0x0cd0  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:39:40.0707 0x0cd0  mouclass - ok
19:39:40.0737 0x0cd0  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:39:40.0742 0x0cd0  mouhid - ok
19:39:40.0773 0x0cd0  [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:39:40.0782 0x0cd0  mountmgr - ok
19:39:40.0909 0x0cd0  [ C6B88D62F20AC646C6BD5C032EC2FAF9, 111A07939F3C5A46F0C51B9D6F5C1D8478099E32EFD88BC260467109ADD975F8 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
19:39:40.0929 0x0cd0  MpFilter - ok
19:39:40.0979 0x0cd0  [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
19:39:40.0992 0x0cd0  mpio - ok
19:39:41.0021 0x0cd0  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:39:41.0029 0x0cd0  mpsdrv - ok
19:39:41.0124 0x0cd0  [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:39:41.0240 0x0cd0  MpsSvc - ok
19:39:41.0292 0x0cd0  [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:39:41.0306 0x0cd0  MRxDAV - ok
19:39:41.0379 0x0cd0  [ B7F3D2C40BDF8FFB73EBFB19C77734E2, 8B433FB72BD298324C84A81459B8154F6C98584F5199D4BDF8CDEC7C380B4764 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:39:41.0392 0x0cd0  mrxsmb - ok
19:39:41.0445 0x0cd0  [ 86C6F88B5168CE21CF8D69D0B3FF5D19, 2DE66D1CD53DCB7995F45E0AE2BBAB12BAA2A10BEBDB0039E617A28BABB9C02E ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:39:41.0477 0x0cd0  mrxsmb10 - ok
19:39:41.0519 0x0cd0  [ B081069251C8E9F42CB8769D07148F9C, 68F531D7F86AC741FF263395C722E8DDABA60CD401A2F5F89D8B01030015A6F0 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:39:41.0532 0x0cd0  mrxsmb20 - ok
19:39:41.0565 0x0cd0  [ 5C37497276E3B3A5488B23A326A754B7, 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
19:39:41.0569 0x0cd0  msahci - ok
19:39:41.0599 0x0cd0  [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
19:39:41.0611 0x0cd0  msdsm - ok
19:39:41.0647 0x0cd0  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
19:39:41.0662 0x0cd0  MSDTC - ok
19:39:41.0698 0x0cd0  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:39:41.0706 0x0cd0  Msfs - ok
19:39:41.0733 0x0cd0  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:39:41.0736 0x0cd0  mshidkmdf - ok
19:39:41.0769 0x0cd0  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
19:39:41.0772 0x0cd0  msisadrv - ok
19:39:41.0818 0x0cd0  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:39:41.0834 0x0cd0  MSiSCSI - ok
19:39:41.0847 0x0cd0  msiserver - ok
19:39:41.0911 0x0cd0  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:39:41.0916 0x0cd0  MSKSSRV - ok
19:39:42.0006 0x0cd0  [ 7675E15D1B2180745E4DA4D26AAD7385, 729AA6C610F67028CFFFF64B772FFA1CAE7581D37F8909BDA423D52AF85C92C8 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:39:42.0009 0x0cd0  MsMpSvc - ok
19:39:42.0022 0x0cd0  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:39:42.0027 0x0cd0  MSPCLOCK - ok
19:39:42.0040 0x0cd0  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:39:42.0047 0x0cd0  MSPQM - ok
19:39:42.0122 0x0cd0  [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:39:42.0151 0x0cd0  MsRPC - ok
19:39:42.0182 0x0cd0  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:39:42.0187 0x0cd0  mssmbios - ok
19:39:42.0205 0x0cd0  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:39:42.0208 0x0cd0  MSTEE - ok
19:39:42.0237 0x0cd0  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:39:42.0241 0x0cd0  MTConfig - ok
19:39:42.0338 0x0cd0  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
19:39:42.0349 0x0cd0  Mup - ok
19:39:42.0544 0x0cd0  [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent        C:\Windows\system32\qagentRT.dll
19:39:42.0590 0x0cd0  napagent - ok
19:39:42.0714 0x0cd0  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:39:42.0762 0x0cd0  NativeWifiP - ok
19:39:42.0983 0x0cd0  [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:39:43.0119 0x0cd0  NDIS - ok
19:39:43.0159 0x0cd0  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:39:43.0172 0x0cd0  NdisCap - ok
19:39:43.0238 0x0cd0  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:39:43.0272 0x0cd0  NdisTapi - ok
19:39:43.0297 0x0cd0  [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:39:43.0324 0x0cd0  Ndisuio - ok
19:39:43.0361 0x0cd0  [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:39:43.0418 0x0cd0  NdisWan - ok
19:39:43.0451 0x0cd0  [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:39:43.0458 0x0cd0  NDProxy - ok
19:39:43.0522 0x0cd0  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:39:43.0556 0x0cd0  NetBIOS - ok
19:39:43.0639 0x0cd0  [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:39:43.0674 0x0cd0  NetBT - ok
19:39:43.0754 0x0cd0  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] Netlogon        C:\Windows\system32\lsass.exe
19:39:43.0760 0x0cd0  Netlogon - ok
19:39:43.0847 0x0cd0  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
19:39:43.0879 0x0cd0  Netman - ok
19:39:44.0125 0x0cd0  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
19:39:44.0321 0x0cd0  netprofm - ok
19:39:44.0396 0x0cd0  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:39:44.0442 0x0cd0  NetTcpPortSharing - ok
19:39:47.0791 0x0cd0  [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
19:39:48.0501 0x0cd0  netw5v64 - ok
19:39:48.0602 0x0cd0  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:39:48.0626 0x0cd0  nfrd960 - ok
19:39:48.0835 0x0cd0  [ ACE8C64C57E4A711473C8BC10ADF692B, 53D8083CE78DB5527080B4570AC28ABAA262667744A319707AE0C46E46B297F9 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:39:48.0886 0x0cd0  NisDrv - ok
19:39:49.0007 0x0cd0  [ 6247E8B31ED0A9D6BC5A26276E49BEB3, 230C0C560492C454B9EB14B50EB4A78DC74FAB6B662449A0EA3114B3E671BFF3 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
19:39:49.0045 0x0cd0  NisSrv - ok
19:39:49.0148 0x0cd0  [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:39:49.0184 0x0cd0  NlaSvc - ok
19:39:49.0209 0x0cd0  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:39:49.0224 0x0cd0  Npfs - ok
19:39:49.0246 0x0cd0  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
19:39:49.0254 0x0cd0  nsi - ok
19:39:49.0295 0x0cd0  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:39:49.0300 0x0cd0  nsiproxy - ok
19:39:49.0606 0x0cd0  [ 378E0E0DFEA67D98AE6EA53ADBBD76BC, 2A78A36A729B271FE54A54E507EBC9AD9B9D764DBCB58AC3CBB8FC76D0075391 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:39:49.0806 0x0cd0  Ntfs - ok
19:39:49.0855 0x0cd0  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
19:39:49.0902 0x0cd0  Null - ok
19:39:50.0099 0x0cd0  [ A4D9C9A608A97F59307C2F2600EDC6A4, D786F4CA2D10BAC31CE14A338C442F7027D4BB2E955AB99BC44C2F241D383BBE ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:39:50.0123 0x0cd0  nvraid - ok
19:39:50.0167 0x0cd0  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9, 8D5337742A0F5B04D636C163CE77D4A9B3684CF81170026912A402513B44BA77 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:39:50.0184 0x0cd0  nvstor - ok
19:39:50.0249 0x0cd0  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
19:39:50.0261 0x0cd0  nv_agp - ok
19:39:50.0379 0x0cd0  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:39:50.0418 0x0cd0  odserv - ok
19:39:50.0458 0x0cd0  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
19:39:50.0466 0x0cd0  ohci1394 - ok
19:39:50.0548 0x0cd0  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:39:50.0560 0x0cd0  ose - ok
19:39:50.0673 0x0cd0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:39:50.0753 0x0cd0  p2pimsvc - ok
19:39:50.0894 0x0cd0  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
19:39:50.0949 0x0cd0  p2psvc - ok
19:39:51.0015 0x0cd0  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:39:51.0025 0x0cd0  Parport - ok
19:39:51.0053 0x0cd0  [ 7DAA117143316C4A1537E074A5A9EAF0, D4F31F67BE09B6904C1B9702DC042BC0DAB628055B956C79FF760A9027679E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:39:51.0061 0x0cd0  partmgr - ok
19:39:51.0115 0x0cd0  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:39:51.0141 0x0cd0  PcaSvc - ok
19:39:51.0175 0x0cd0  [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci             C:\Windows\system32\DRIVERS\pci.sys
19:39:51.0200 0x0cd0  pci - ok
19:39:51.0221 0x0cd0  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
19:39:51.0232 0x0cd0  pciide - ok
19:39:51.0274 0x0cd0  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:39:51.0297 0x0cd0  pcmcia - ok
19:39:51.0321 0x0cd0  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:39:51.0328 0x0cd0  pcw - ok
19:39:51.0413 0x0cd0  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:39:51.0470 0x0cd0  PEAUTH - ok
19:39:51.0675 0x0cd0  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
19:39:51.0806 0x0cd0  PeerDistSvc - ok
19:39:51.0983 0x0cd0  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:39:51.0989 0x0cd0  PerfHost - ok
19:39:52.0204 0x0cd0  [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla             C:\Windows\system32\pla.dll
19:39:52.0335 0x0cd0  pla - ok
19:39:52.0456 0x0cd0  [ 98B1721B8718164293B9701B98C52D77, 27F5F00D4AA394D4D8D0A0062EDC3F944B603E07CAAEDC5CC959BA1E8C208C2A ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:39:52.0496 0x0cd0  PlugPlay - ok
19:39:52.0533 0x0cd0  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:39:52.0540 0x0cd0  PNRPAutoReg - ok
19:39:52.0584 0x0cd0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:39:52.0607 0x0cd0  PNRPsvc - ok
19:39:52.0706 0x0cd0  [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:39:52.0743 0x0cd0  PolicyAgent - ok
19:39:52.0818 0x0cd0  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
19:39:52.0840 0x0cd0  Power - ok
19:39:52.0896 0x0cd0  [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:39:52.0907 0x0cd0  PptpMiniport - ok
19:39:52.0941 0x0cd0  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:39:52.0949 0x0cd0  Processor - ok
19:39:53.0031 0x0cd0  [ 97293447431311C06703368AD0F6C4BE, 302A3CA8F6961717D95469B20A8A71954D4ECFCDF4638238D3D44AAE5A8D9B8B ] ProfSvc         C:\Windows\system32\profsvc.dll
19:39:53.0054 0x0cd0  ProfSvc - ok
19:39:53.0075 0x0cd0  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] ProtectedStorage C:\Windows\system32\lsass.exe
19:39:53.0086 0x0cd0  ProtectedStorage - ok
19:39:53.0112 0x0cd0  [ EE992183BD8EAEFD9973F352E587A299, 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:39:53.0137 0x0cd0  Psched - ok
19:39:53.0295 0x0cd0  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:39:53.0436 0x0cd0  ql2300 - ok
19:39:53.0492 0x0cd0  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:39:53.0505 0x0cd0  ql40xx - ok
19:39:53.0587 0x0cd0  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
19:39:53.0611 0x0cd0  QWAVE - ok
19:39:53.0638 0x0cd0  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:39:53.0648 0x0cd0  QWAVEdrv - ok
19:39:53.0677 0x0cd0  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:39:53.0719 0x0cd0  RasAcd - ok
19:39:53.0760 0x0cd0  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:39:53.0826 0x0cd0  RasAgileVpn - ok
19:39:53.0900 0x0cd0  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
19:39:53.0922 0x0cd0  RasAuto - ok
19:39:53.0979 0x0cd0  [ 87A6E852A22991580D6D39ADC4790463, 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:39:54.0080 0x0cd0  Rasl2tp - ok
19:39:54.0257 0x0cd0  [ 47394ED3D16D053F5906EFE5AB51CC83, FE5D1249788DB6D85C55769251B0AED738D3BBA04DF57124E03397D3C0599286 ] RasMan          C:\Windows\System32\rasmans.dll
19:39:54.0291 0x0cd0  RasMan - ok
19:39:54.0409 0x0cd0  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:39:54.0432 0x0cd0  RasPppoe - ok
19:39:54.0470 0x0cd0  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:39:54.0487 0x0cd0  RasSstp - ok
19:39:54.0549 0x0cd0  [ 3BAC8142102C15D59A87757C1D41DCE5, C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:39:54.0574 0x0cd0  rdbss - ok
19:39:54.0631 0x0cd0  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:39:54.0637 0x0cd0  rdpbus - ok
19:39:54.0652 0x0cd0  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:39:54.0662 0x0cd0  RDPCDD - ok
19:39:54.0704 0x0cd0  [ 9706B84DBABFC4B4CA46C5A82B14DFA3, AFDC07C257BCB768861483A1842FFB647523946B16DA2812EFAE4FD3252BA303 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
19:39:54.0732 0x0cd0  RDPDR - ok
19:39:54.0771 0x0cd0  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:39:54.0775 0x0cd0  RDPENCDD - ok
19:39:54.0811 0x0cd0  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:39:54.0827 0x0cd0  RDPREFMP - ok
19:39:54.0873 0x0cd0  [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7, 02179089E0816AD544F370A8A3557498D09981F60CC94E497DC4A5A2BBBE1E48 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:39:54.0901 0x0cd0  RDPWD - ok
19:39:54.0948 0x0cd0  [ 634B9A2181D98F15941236886164EC8B, 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:39:54.0969 0x0cd0  rdyboost - ok
19:39:55.0042 0x0cd0  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:39:55.0054 0x0cd0  RemoteAccess - ok
19:39:55.0102 0x0cd0  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:39:55.0117 0x0cd0  RemoteRegistry - ok
19:39:55.0209 0x0cd0  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
19:39:55.0225 0x0cd0  RFCOMM - ok
19:39:55.0258 0x0cd0  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:39:55.0268 0x0cd0  RpcEptMapper - ok
19:39:55.0308 0x0cd0  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
19:39:55.0314 0x0cd0  RpcLocator - ok
19:39:55.0386 0x0cd0  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] RpcSs           C:\Windows\system32\rpcss.dll
19:39:55.0423 0x0cd0  RpcSs - ok
19:39:55.0495 0x0cd0  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:39:55.0502 0x0cd0  rspndr - ok
19:39:55.0619 0x0cd0  [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
19:39:55.0659 0x0cd0  RTL8167 - ok
19:39:55.0705 0x0cd0  [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6, C890DCCC875F957CAAD4655EBFF384E3C5998040CA2BA360E92C96A647D1C399 ] s3cap           C:\Windows\system32\DRIVERS\vms3cap.sys
19:39:55.0711 0x0cd0  s3cap - ok
19:39:55.0732 0x0cd0  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] SamSs           C:\Windows\system32\lsass.exe
19:39:55.0737 0x0cd0  SamSs - ok
19:39:55.0766 0x0cd0  [ E3BBB89983DAF5622C1D50CF49F28227, 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
19:39:55.0777 0x0cd0  sbp2port - ok
19:39:55.0856 0x0cd0  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:39:55.0877 0x0cd0  SCardSvr - ok
19:39:55.0898 0x0cd0  [ C94DA20C7E3BA1DCA269BC8460D98387, E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:39:55.0903 0x0cd0  scfilter - ok
19:39:56.0032 0x0cd0  [ EC56B171F85C7E855E7B0588AC503EEA, EDBC0E52DF00D73356F4B886D6CA2397B571A9D2245FEDC347A6D52A5467EA5D ] Schedule        C:\Windows\system32\schedsvc.dll
19:39:56.0119 0x0cd0  Schedule - ok
19:39:56.0174 0x0cd0  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:39:56.0181 0x0cd0  SCPolicySvc - ok
19:39:56.0242 0x0cd0  [ 765A27C3279CE11D14CB9E4F5869FCA5, B6C2EFFBA938828FEF7FE992A4C88B3154D053763C38762DCE13252FE9571FA1 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:39:56.0265 0x0cd0  SDRSVC - ok
19:39:56.0325 0x0cd0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:39:56.0329 0x0cd0  secdrv - ok
19:39:56.0366 0x0cd0  [ 463B386EBC70F98DA5DFF85F7E654346, 8E27B18B04AF587719D1DAE75A042DB998E06CAE112BD68626EF046036D2DCDC ] seclogon        C:\Windows\system32\seclogon.dll
19:39:56.0375 0x0cd0  seclogon - ok
19:39:56.0398 0x0cd0  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
19:39:56.0409 0x0cd0  SENS - ok
19:39:56.0432 0x0cd0  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:39:56.0441 0x0cd0  SensrSvc - ok
19:39:56.0460 0x0cd0  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:39:56.0473 0x0cd0  Serenum - ok
19:39:56.0516 0x0cd0  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:39:56.0528 0x0cd0  Serial - ok
19:39:56.0555 0x0cd0  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:39:56.0562 0x0cd0  sermouse - ok
19:39:56.0610 0x0cd0  [ C3BC61CE47FF6F4E88AB8A3B429A36AF, 6CA53AD0CB7215BAE3467EC1FD490E3A18504BD6CD4F0FABF9BD37516AB9DFE0 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:39:56.0622 0x0cd0  SessionEnv - ok
19:39:56.0662 0x0cd0  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:39:56.0665 0x0cd0  sffdisk - ok
19:39:56.0702 0x0cd0  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:39:56.0719 0x0cd0  sffp_mmc - ok
19:39:56.0766 0x0cd0  [ 178298F767FE638C9FEDCBDEF58BB5E4, 053D12CFEE5C54EA7D06F9C9CAE93544FE258A4825CDE2A14090BC81A96E1CF7 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:39:56.0769 0x0cd0  sffp_sd - ok
19:39:56.0834 0x0cd0  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:39:56.0838 0x0cd0  sfloppy - ok
19:39:56.0936 0x0cd0  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:39:56.0967 0x0cd0  SharedAccess - ok
19:39:57.0064 0x0cd0  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF, 1C1D17301A4D37DBF906955CCABD2A3FDA47AFB24CBA978CF851123762249848 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:39:57.0105 0x0cd0  ShellHWDetection - ok
19:39:57.0126 0x0cd0  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:39:57.0131 0x0cd0  SiSRaid2 - ok
19:39:57.0164 0x0cd0  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:39:57.0190 0x0cd0  SiSRaid4 - ok
19:39:57.0222 0x0cd0  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:39:57.0230 0x0cd0  Smb - ok
19:39:57.0267 0x0cd0  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:39:57.0275 0x0cd0  SNMPTRAP - ok
19:39:57.0295 0x0cd0  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:39:57.0299 0x0cd0  spldr - ok
19:39:57.0383 0x0cd0  [ 567977DC43CC13C4C35ED7084C0B84D5, 93EEC3ABA66DA83157F49F056EF1CB3355122204F2BB0F8B618064AF47D59A61 ] Spooler         C:\Windows\System32\spoolsv.exe
19:39:57.0429 0x0cd0  Spooler - ok
19:39:57.0778 0x0cd0  [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc          C:\Windows\system32\sppsvc.exe
19:39:58.0042 0x0cd0  sppsvc - ok
19:39:58.0118 0x0cd0  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:39:58.0130 0x0cd0  sppuinotify - ok
19:39:58.0212 0x0cd0  [ 2408C0366D96BCDF63E8F1C78E4A29C5, 66F646890695B5D80536E88B1566C8765D89CFE25954ED650F6D773EFF045016 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:39:58.0255 0x0cd0  srv - ok
19:39:58.0324 0x0cd0  [ 76548F7B818881B47D8D1AE1BE9C11F8, 8F1356B07A6A55746FC71B6DB0322128941AE890850196F2B19BC01E6FC9B41C ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:39:58.0352 0x0cd0  srv2 - ok
19:39:58.0396 0x0cd0  [ 0AF6E19D39C70844C5CAA8FB0183C36E, 4494EEFDEA7198888D32E74727E5BC0AC628FFA70B1FE7EB59DBEEDC1A95D0DD ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:39:58.0410 0x0cd0  srvnet - ok
19:39:58.0484 0x0cd0  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:39:58.0505 0x0cd0  SSDPSRV - ok
19:39:58.0531 0x0cd0  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:39:58.0544 0x0cd0  SstpSvc - ok
19:39:58.0588 0x0cd0  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:39:58.0592 0x0cd0  stexstor - ok
19:39:58.0704 0x0cd0  [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc          C:\Windows\System32\wiaservc.dll
19:39:58.0757 0x0cd0  stisvc - ok
19:39:58.0785 0x0cd0  [ FFD7A6F15B14234B5B0E5D49E7961895, 9553BDB65D021DA621BDFF1C180B9F4C6355FC748BAE854CE114D4B3EFF307B7 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
19:39:58.0792 0x0cd0  storflt - ok
19:39:58.0818 0x0cd0  [ 8FCCBEFC5C440B3C23454656E551B09A, 392A38D0B18B7FD08ACBE3E56ADCB235FA49BDB99F81E0820434D57332FA8FF7 ] storvsc         C:\Windows\system32\DRIVERS\storvsc.sys
19:39:58.0824 0x0cd0  storvsc - ok
19:39:58.0845 0x0cd0  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:39:58.0848 0x0cd0  swenum - ok
19:39:58.0939 0x0cd0  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
19:39:58.0986 0x0cd0  swprv - ok
19:39:59.0081 0x0cd0  [ D8EDB37F6E235A47E12F1EAFD85C2B6F, 794F0D57ED175355C7A52F9047FDB8BF43655B450BC2120335AF98F0D8AC5830 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
19:39:59.0102 0x0cd0  SynTP - ok
19:39:59.0331 0x0cd0  [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain         C:\Windows\system32\sysmain.dll
19:39:59.0460 0x0cd0  SysMain - ok
19:39:59.0579 0x0cd0  [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:39:59.0622 0x0cd0  TapiSrv - ok
19:39:59.0662 0x0cd0  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
19:39:59.0677 0x0cd0  TBS - ok
19:39:59.0909 0x0cd0  [ 7FC877A25796D8ADF539E64703FCA7E1, 9099A131FA05DCC10733460F2923671E9B8F878D769755E10D0E7261EC2A15EC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:40:00.0061 0x0cd0  Tcpip - ok
19:40:00.0236 0x0cd0  [ 7FC877A25796D8ADF539E64703FCA7E1, 9099A131FA05DCC10733460F2923671E9B8F878D769755E10D0E7261EC2A15EC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:40:00.0370 0x0cd0  TCPIP6 - ok
19:40:00.0464 0x0cd0  [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:40:00.0470 0x0cd0  tcpipreg - ok
19:40:00.0504 0x0cd0  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:40:00.0508 0x0cd0  TDPIPE - ok
19:40:00.0529 0x0cd0  [ E4245BDA3190A582D55ED09E137401A9, F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:40:00.0538 0x0cd0  TDTCP - ok
19:40:00.0569 0x0cd0  [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:40:00.0579 0x0cd0  tdx - ok
19:40:00.0624 0x0cd0  [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:40:00.0631 0x0cd0  TermDD - ok
19:40:00.0751 0x0cd0  [ 0F05EC2887BFE197AD82A13287D2F404, 78C8A8FE9B1101430CA79875DA34413C35B6D7A5EE1932E454C50731335437A6 ] TermService     C:\Windows\System32\termsrv.dll
19:40:00.0809 0x0cd0  TermService - ok
19:40:00.0849 0x0cd0  [ 88E2696A4A1521B0F5FF62977259CDD1, AA7CDFCE8574C2F0E6B72CFB0D4A006D01F70470714FE4345C94BAAFA617D576 ] Themes          C:\Windows\system32\themeservice.dll
19:40:00.0957 0x0cd0  Themes - ok
19:40:00.0988 0x0cd0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
19:40:00.0998 0x0cd0  THREADORDER - ok
19:40:01.0041 0x0cd0  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
19:40:01.0057 0x0cd0  TrkWks - ok
19:40:01.0122 0x0cd0  [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:40:01.0139 0x0cd0  TrustedInstaller - ok
19:40:01.0167 0x0cd0  [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:40:01.0172 0x0cd0  tssecsrv - ok
19:40:01.0212 0x0cd0  [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:40:01.0225 0x0cd0  tunnel - ok
19:40:01.0300 0x0cd0  [ 9A744CC3D804EC38A6C2C65BC3C6FCD8, 28CDF1A8614444F4A7249FB7189B423579CA91D1373138CD3E6C048CE6D2799F ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
19:40:01.0305 0x0cd0  TVALZ - ok
19:40:01.0333 0x0cd0  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:40:01.0345 0x0cd0  uagp35 - ok
19:40:01.0396 0x0cd0  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB, DBAEA010F11A5EFD961B1841308EA3F220A9FFB01F364BA9B8F72200DA2BBCD8 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:40:01.0421 0x0cd0  udfs - ok
19:40:01.0468 0x0cd0  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:40:01.0478 0x0cd0  UI0Detect - ok
19:40:01.0497 0x0cd0  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
19:40:01.0504 0x0cd0  uliagpkx - ok
19:40:01.0534 0x0cd0  [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:40:01.0551 0x0cd0  umbus - ok
19:40:01.0568 0x0cd0  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:40:01.0575 0x0cd0  UmPass - ok
19:40:01.0620 0x0cd0  [ AF0AC98EE5077EB844413EB54287FDE3, 1586326510DE94E2735EFAD94A68D06DB5B7347B68055A9EA8B95E19D91A2E69 ] UmRdpService    C:\Windows\System32\umrdp.dll
19:40:01.0641 0x0cd0  UmRdpService - ok
19:40:01.0719 0x0cd0  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
19:40:01.0752 0x0cd0  upnphost - ok
19:40:01.0836 0x0cd0  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
19:40:01.0842 0x0cd0  USBAAPL64 - ok
19:40:01.0890 0x0cd0  [ 7B6A127C93EE590E4D79A5F2A76FE46F, 6F178916EF6D58D1E5B26C0D9D95C276B776505BFC9F716BB1E3ABD3B2B72FCE ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:40:01.0898 0x0cd0  usbccgp - ok
19:40:01.0951 0x0cd0  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
19:40:01.0961 0x0cd0  usbcir - ok
19:40:02.0000 0x0cd0  [ 92969BA5AC44E229C55A332864F79677, 4ED1E1049E7641D3FFF5D296F2D59060225CE52AB9F7B5CA618898B46A772F98 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:40:02.0007 0x0cd0  usbehci - ok
19:40:02.0081 0x0cd0  [ E7DF1CFD28CA86B35EF5ADD0735CEEF3, AA751288EC34D61D934D7E8C036B60BBCEDC2A746815623478BB015D87D6A998 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:40:02.0110 0x0cd0  usbhub - ok
19:40:02.0140 0x0cd0  [ F1BB1E55F1E7A65C5839CCC7B36D773E, 4F517F81FA5688D78D3627EA7D2EA16AD4EB410D7624FE483C7AF26951E579A9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:40:02.0145 0x0cd0  usbohci - ok
19:40:02.0197 0x0cd0  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:40:02.0201 0x0cd0  usbprint - ok
19:40:02.0246 0x0cd0  [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:40:02.0254 0x0cd0  usbscan - ok
19:40:02.0298 0x0cd0  [ F39983647BC1F3E6100778DDFE9DCE29, 3BD36594F7C753680DB5A4354B1D6A33FC3011631D2D56DD4B2464AA99C85F7B ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:40:02.0308 0x0cd0  USBSTOR - ok
19:40:02.0361 0x0cd0  [ BC3070350A491D84B518D7CCA9ABD36F, 96FFF9F76A93CF4806297AE7C11A5C6D1E7A9980260E6CFC960F8247D5032161 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
19:40:02.0366 0x0cd0  usbuhci - ok
19:40:02.0399 0x0cd0  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
19:40:02.0409 0x0cd0  UxSms - ok
19:40:02.0444 0x0cd0  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] VaultSvc        C:\Windows\system32\lsass.exe
19:40:02.0450 0x0cd0  VaultSvc - ok
19:40:02.0490 0x0cd0  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
19:40:02.0496 0x0cd0  vdrvroot - ok
19:40:02.0556 0x0cd0  [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds             C:\Windows\System32\vds.exe
19:40:02.0609 0x0cd0  vds - ok
19:40:02.0645 0x0cd0  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:40:02.0649 0x0cd0  vga - ok
19:40:02.0680 0x0cd0  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:40:02.0685 0x0cd0  VgaSave - ok
19:40:02.0732 0x0cd0  [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
19:40:02.0751 0x0cd0  vhdmp - ok
19:40:02.0794 0x0cd0  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
19:40:02.0798 0x0cd0  viaide - ok
19:40:02.0837 0x0cd0  [ 1501699D7EDA984ABC4155A7DA5738D1, 448DFEFF565F1467F387E4EC9782DDD48B8FFDDF6B1EA46A790C2782C20BD952 ] vmbus           C:\Windows\system32\DRIVERS\vmbus.sys
19:40:02.0855 0x0cd0  vmbus - ok
19:40:02.0875 0x0cd0  [ AE10C35761889E65A6F7176937C5592C, 9DC27647B6149C9B2523799F85B18122CCE749264624FE2E5FE843FE00642BBE ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys
19:40:02.0880 0x0cd0  VMBusHID - ok
19:40:02.0904 0x0cd0  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
19:40:02.0911 0x0cd0  volmgr - ok
19:40:02.0968 0x0cd0  [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:40:02.0996 0x0cd0  volmgrx - ok
19:40:03.0047 0x0cd0  [ 9E425AC5C9A5A973273D169F43B4F5E1, 64C9A9D4A39865E56F01B4FDE1B56034C4B2A2AEF2ABE15EC1C37911C59595B0 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:40:03.0072 0x0cd0  volsnap - ok
19:40:03.0116 0x0cd0  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:40:03.0131 0x0cd0  vsmraid - ok
19:40:03.0349 0x0cd0  [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS             C:\Windows\system32\vssvc.exe
19:40:03.0500 0x0cd0  VSS - ok
19:40:03.0559 0x0cd0  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:40:03.0567 0x0cd0  vwifibus - ok
19:40:03.0685 0x0cd0  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
19:40:03.0736 0x0cd0  W32Time - ok
19:40:03.0784 0x0cd0  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:40:03.0789 0x0cd0  WacomPen - ok
19:40:03.0824 0x0cd0  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:40:03.0841 0x0cd0  WANARP - ok
19:40:03.0857 0x0cd0  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:40:03.0865 0x0cd0  Wanarpv6 - ok
19:40:04.0188 0x0cd0  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:40:04.0290 0x0cd0  WatAdminSvc - ok
19:40:04.0707 0x0cd0  [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine        C:\Windows\system32\wbengine.exe
19:40:04.0881 0x0cd0  wbengine - ok
19:40:04.0976 0x0cd0  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:40:05.0000 0x0cd0  WbioSrvc - ok
19:40:05.0069 0x0cd0  [ DD1BAE8EBFC653824D29CCF8C9054D68, 81D6640222FE276D721168745F6BB905D4E756909A9B2C706AF25465D748772D ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:40:05.0105 0x0cd0  wcncsvc - ok
19:40:05.0159 0x0cd0  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:40:05.0204 0x0cd0  WcsPlugInService - ok
19:40:05.0245 0x0cd0  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:40:05.0249 0x0cd0  Wd - ok
19:40:05.0312 0x0cd0  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
19:40:05.0317 0x0cd0  WDC_SAM - ok
19:40:05.0432 0x0cd0  [ FA24FBE15A8036387ECC013D06094F3D, 5E1DE8ADC4B783ACB64049D3959A7DA1229922518121065D125421F48D4A5F77 ] WDDMService     C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
19:40:05.0481 0x0cd0  WDDMService - ok
19:40:05.0582 0x0cd0  [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:40:05.0694 0x0cd0  Wdf01000 - ok
19:40:05.0738 0x0cd0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:40:05.0754 0x0cd0  WdiServiceHost - ok
19:40:05.0771 0x0cd0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:40:05.0782 0x0cd0  WdiSystemHost - ok
19:40:05.0912 0x0cd0  [ 138AB06ADBBF300AA804D7974A5AEC82, 61A99CB8176C291E858F9D964A9B2EC36970F3BFFF3D5F933A16E9B28BF922DD ] WDSmartWareBackgroundService C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
19:40:06.0166 0x0cd0  WDSmartWareBackgroundService - ok
19:40:06.0246 0x0cd0  [ 733006127F235BE7C35354EBEE7B9A7B, 2C7E7030D586C36261F33F29883337695493D48CEA415D6DBA7C5635845A5B32 ] WebClient       C:\Windows\System32\webclnt.dll
19:40:06.0270 0x0cd0  WebClient - ok
19:40:06.0338 0x0cd0  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:40:06.0370 0x0cd0  Wecsvc - ok
19:40:06.0406 0x0cd0  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:40:06.0437 0x0cd0  wercplsupport - ok
19:40:06.0480 0x0cd0  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:40:06.0496 0x0cd0  WerSvc - ok
19:40:06.0527 0x0cd0  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:40:06.0533 0x0cd0  WfpLwf - ok
19:40:06.0569 0x0cd0  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:40:06.0583 0x0cd0  WIMMount - ok
19:40:06.0601 0x0cd0  WinHttpAutoProxySvc - ok
19:40:06.0742 0x0cd0  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:40:06.0878 0x0cd0  Winmgmt - ok
19:40:07.0097 0x0cd0  [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:40:07.0259 0x0cd0  WinRM - ok
19:40:07.0357 0x0cd0  [ 817EAFF5D38674EDD7713B9DFB8E9791, F6E0BFC503BA7395F92989C11B454D1F1E58E29302BA203801449A2C5236E84D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:40:07.0363 0x0cd0  WinUsb - ok
19:40:07.0505 0x0cd0  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:40:07.0577 0x0cd0  Wlansvc - ok
19:40:07.0619 0x0cd0  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:40:07.0623 0x0cd0  WmiAcpi - ok
19:40:07.0689 0x0cd0  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:40:07.0874 0x0cd0  wmiApSrv - ok
19:40:07.0922 0x0cd0  WMPNetworkSvc - ok
19:40:07.0962 0x0cd0  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:40:07.0976 0x0cd0  WPCSvc - ok
19:40:08.0036 0x0cd0  [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:40:08.0052 0x0cd0  WPDBusEnum - ok
19:40:08.0097 0x0cd0  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:40:08.0101 0x0cd0  ws2ifsl - ok
19:40:08.0155 0x0cd0  [ 8F9F3969933C02DA96EB0F84576DB43E, C424D7B881A4DCC348433CF02044383013E32DB94CC66D1D20E1866CB3B0F952 ] wscsvc          C:\Windows\System32\wscsvc.dll
19:40:08.0183 0x0cd0  wscsvc - ok
19:40:08.0221 0x0cd0  WSearch - ok
19:40:08.0551 0x0cd0  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:40:08.0784 0x0cd0  wuauserv - ok
19:40:08.0871 0x0cd0  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:40:08.0880 0x0cd0  WudfPf - ok
19:40:08.0946 0x0cd0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:40:08.0964 0x0cd0  WUDFRd - ok
19:40:09.0000 0x0cd0  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:40:09.0015 0x0cd0  wudfsvc - ok
19:40:09.0060 0x0cd0  WUSB54GSCv2.NTamd64 - ok
19:40:09.0126 0x0cd0  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:40:09.0167 0x0cd0  WwanSvc - ok
19:40:09.0221 0x0cd0  ================ Scan global ===============================
19:40:09.0315 0x0cd0  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
19:40:09.0379 0x0cd0  [ C4C551E6AB333C0EB812A3A4672E89DB, CA3DE675E85370395E46155D747B21E3EDBE35C7B9A88A0D6CB486B890EFC92D ] C:\Windows\system32\winsrv.dll
19:40:09.0427 0x0cd0  [ C4C551E6AB333C0EB812A3A4672E89DB, CA3DE675E85370395E46155D747B21E3EDBE35C7B9A88A0D6CB486B890EFC92D ] C:\Windows\system32\winsrv.dll
19:40:09.0478 0x0cd0  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
19:40:09.0539 0x0cd0  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
19:40:09.0569 0x0cd0  [ Global ] - ok
19:40:09.0570 0x0cd0  ================ Scan MBR ==================================
19:40:09.0589 0x0cd0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:40:10.0810 0x0cd0  \Device\Harddisk0\DR0 - ok
19:40:10.0821 0x0cd0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
19:40:10.0833 0x0cd0  \Device\Harddisk2\DR2 - ok
19:40:10.0834 0x0cd0  ================ Scan VBR ==================================
19:40:10.0876 0x0cd0  [ 156D442DF9CD6223EC24D3424B76F49F ] \Device\Harddisk0\DR0\Partition1
19:40:10.0880 0x0cd0  \Device\Harddisk0\DR0\Partition1 - ok
19:40:10.0897 0x0cd0  [ AE4682D745EEBC8A246665EBDB5FB3B7 ] \Device\Harddisk0\DR0\Partition2
19:40:10.0901 0x0cd0  \Device\Harddisk0\DR0\Partition2 - ok
19:40:10.0911 0x0cd0  [ F601E3DD90A3CA4E43072EAFB4B1EB36 ] \Device\Harddisk2\DR2\Partition1
19:40:10.0916 0x0cd0  \Device\Harddisk2\DR2\Partition1 - ok
19:40:10.0917 0x0cd0  Waiting for KSN requests completion. In queue: 191
19:40:11.0917 0x0cd0  Waiting for KSN requests completion. In queue: 191
19:40:12.0917 0x0cd0  Waiting for KSN requests completion. In queue: 191
19:40:13.0917 0x0cd0  Waiting for KSN requests completion. In queue: 191
19:40:17.0358 0x0cd0  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.4.304.0 ), 0x61000 ( enabled : updated )
19:40:17.0759 0x0cd0  Win FW state via NFP2: enabled
19:40:21.0374 0x0cd0  ============================================================
19:40:21.0374 0x0cd0  Scan finished
19:40:21.0374 0x0cd0  ============================================================
19:40:21.0406 0x0d00  Detected object count: 0
19:40:21.0406 0x0d00  Actual detected object count: 0
19:42:43.0957 0x0fb4  Deinitialize success
 
 
 
# AdwCleaner v3.014 - Report created 06/12/2013 at 02:20:30
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Ultimate  (64 bits)
# Username : Tammi - TAMI-PC
# Running from : C:\Users\Tammi\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7600.16912
 
 
-\\ Mozilla Firefox v9.0.1 (en-US)
 
[ File : C:\Users\Tammi\AppData\Roaming\Mozilla\Firefox\Profiles\9tseu6xi.default\prefs.js ]
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Tammi\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [29325 octets] - [05/12/2013 11:04:52]
AdwCleaner[R1].txt - [376 octets] - [05/12/2013 13:30:52]
AdwCleaner[R2].txt - [1057 octets] - [06/12/2013 02:15:20]
AdwCleaner[S0].txt - [29796 octets] - [05/12/2013 13:07:25]
AdwCleaner[S1].txt - [980 octets] - [06/12/2013 02:20:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1039 octets] ##########
  Thanks again!


#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:21 PM

Posted 06 December 2013 - 10:55 AM

ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:21 PM

Posted 08 December 2013 - 12:23 PM

Still here?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#6 Tami73

Tami73
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 09 December 2013 - 11:00 AM

Jeff, 

 

Thank you so much, here is the log generated by combo fix- ComboFix 13-12-08.01 - Tammi 12/09/2013   8:38.1.2 - x64

Microsoft Windows 7 GAMER™ 2010   6.1.7600.0.1252.1.1033.18.4086.2806 [GMT -7:00]
Running from: c:\users\Tammi\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-09 to 2013-12-09  )))))))))))))))))))))))))))))))
.
.
2013-12-09 15:50 . 2013-12-09 15:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-08 18:03 . 2013-11-08 02:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0A8F4F3-05CD-4CCB-87CD-C9D18222FBA7}\mpengine.dll
2013-12-08 07:10 . 2013-11-08 02:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-07 05:54 . 2013-12-04 19:36 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-12-07 05:54 . 2013-12-04 19:36 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B3AFA3C-2B05-4E51-A9B9-203961D61840}\gapaengine.dll
2013-12-07 05:36 . 2013-12-07 05:37 -------- d-----w- c:\program files (x86)\GUM66D4.tmp
2013-12-07 05:36 . 2013-12-07 05:36 49940480 ----a-w- c:\program files (x86)\GUT66D5.tmp
2013-12-06 02:45 . 2013-12-06 02:46 -------- d-----w- c:\users\Tammi\AppData\Roaming\HOSTS Anti-Adwares
2013-12-06 02:45 . 2013-12-06 02:45 -------- d-----w- c:\program files (x86)\Hosts_Anti_Adwares_PUPs
2013-12-05 18:03 . 2013-12-06 09:21 -------- d-----w- C:\AdwCleaner
2013-12-05 17:59 . 2013-12-05 17:59 -------- d-----w- C:\FRST
2013-12-04 19:37 . 2013-12-04 19:36 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6BFBABAC-A162-40A4-81F1-537188A1BB28}\gapaengine.dll
2013-12-04 19:29 . 2013-12-04 19:29 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-12-04 19:29 . 2013-12-04 19:30 -------- d-----w- c:\program files\Microsoft Security Client
2013-12-04 19:29 . 2010-04-09 11:06 1898376 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-12-04 19:29 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2013-12-03 16:50 . 2013-12-03 17:10 -------- d-----w- c:\program files (x86)\Free Window Registry Repair
2013-12-01 07:23 . 2013-12-01 07:23 -------- d-----w- C:\inetpub
2013-12-01 05:47 . 2013-12-01 06:06 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-01 05:31 . 2013-12-01 05:31 -------- d-----w- c:\users\Tammi\AppData\Roaming\Malwarebytes
2013-12-01 05:31 . 2013-12-01 05:31 -------- d-----w- c:\programdata\Malwarebytes
2013-12-01 05:31 . 2013-12-01 19:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-27 09:26 . 2013-12-01 05:03 -------- d-----w- c:\windows\SysWow64\RTCOM
2013-11-24 08:24 . 2013-11-30 02:01 -------- d-----w- c:\programdata\Razer
2013-11-24 05:55 . 2013-11-24 05:55 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-24 05:54 . 2013-12-01 19:55 -------- d-----w- c:\programdata\ProductData
2013-11-24 05:52 . 2013-12-01 19:55 -------- d-----w- c:\programdata\IObit
2013-11-24 05:46 . 2013-11-24 05:46 -------- d-----w- c:\users\Tammi\AppData\Local\Programs
2013-11-22 16:24 . 2013-11-22 17:26 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-20 03:20 . 2013-11-20 03:20 -------- d-----w- c:\programdata\Oracle
2013-11-20 03:20 . 2013-11-20 03:20 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-11-20 03:19 . 2013-11-20 03:19 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-20 03:19 . 2013-11-20 03:19 -------- d-----w- c:\program files (x86)\Java
2013-11-19 22:59 . 2013-11-19 22:59 -------- d-----w- c:\programdata\McAfee
2013-11-13 20:13 . 2013-11-22 16:20 -------- d-----w- c:\program files\Microsoft Silverlight
2013-11-13 20:13 . 2013-11-22 16:20 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-11-10 03:50 . 2013-11-10 03:50 -------- d-----w- c:\users\Tammi\AppData\Roaming\DivX
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-22 17:26 . 2012-01-02 05:45 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-19 10:21 . 2009-10-14 12:52 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-13 19:55 . 2009-10-14 12:51 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-10 04:01 . 2012-01-11 07:17 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-09-27 16:53 . 2013-09-27 16:53 248240 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-27 16:53 . 2013-09-27 16:53 134944 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Welcome Center"="c:\windows\system32\OobeFldr.dll" [2009-07-14 859648]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AdvancedSystemCareService;Advanced SystemCare Service;f:\ascservice.exe;f:\ASCService.exe [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys;c:\windows\SYSNATIVE\DRIVERS\motodrv.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WUSB54GSCv2.NTamd64;Compact Wireless-G USB Network Adapter  with SpeedBooster Service;c:\windows\system32\DRIVERS\WUSB54GSCV2_AMD64.sys;c:\windows\SYSNATIVE\DRIVERS\WUSB54GSCV2_AMD64.sys [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 17:50 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-22 17:28]
.
2013-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-01 20:21]
.
2013-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-01 20:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1573160]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-24 1266912]
"HOSTS Anti Adwares"="schtasks.exe" [2009-07-14 284672]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Tammi\AppData\Roaming\Mozilla\Firefox\Profiles\9tseu6xi.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="CCCP.MPC.AVI.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="CCCP.MPC.Matroska.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="CCCP.MPC.MP4.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="CCCP.MPC.OGM.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-09  08:56:22
ComboFix-quarantined-files.txt  2013-12-09 15:56
.
Pre-Run: 124,874,776,576 bytes free
Post-Run: 125,930,442,752 bytes free
.
- - End Of File - - 9C34EC99C1CC17A1A594E7551A155BB0
A36C5E4F47E84449FF07ED3517B43A31
 
 
Thank you again, 
Tami


#7 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:21 PM

Posted 09 December 2013 - 11:39 AM

Do you use this computer to connect to work or school by chance or do you have it set to run from a proxy server?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#8 Tami73

Tami73
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 09 December 2013 - 11:54 AM

I only use it at home, I don't connect to other networks


Edited by Tami73, 09 December 2013 - 06:55 PM.


#9 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:21 PM

Posted 10 December 2013 - 07:49 AM

Ok thanks for letting me know.  Sorry for any delay...I have been having finals in school. 
 
ComboFix

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::
     
    DDS::
    uInternet Settings,ProxyOverride = *.local;192.168.*.*

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
 
Post the new ComboFix log and let me know how your system is running.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#10 Tami73

Tami73
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 10 December 2013 - 01:57 PM

Thanks again Jeff! Here is the latest log (BTW Yahoo is still opening when I open Chrome)-

 

ComboFix 13-12-10.01 - Tammi 12/10/2013  10:51:40.3.2 - x64
Microsoft Windows 7 GAMER™ 2010   6.1.7600.0.1252.1.1033.18.4086.611 [GMT -7:00]
Running from: c:\users\Tammi\Desktop\ComboFix.exe
Command switches used :: c:\users\Tammi\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-10 to 2013-12-10  )))))))))))))))))))))))))))))))
.
.
2013-12-10 18:47 . 2013-12-10 18:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-09 21:37 . 2013-11-08 02:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{08490532-88FC-4AA3-85A3-E34F4E2031A0}\mpengine.dll
2013-12-08 18:03 . 2013-11-08 02:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-07 05:54 . 2013-12-04 19:36 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-12-07 05:54 . 2013-12-04 19:36 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B3AFA3C-2B05-4E51-A9B9-203961D61840}\gapaengine.dll
2013-12-07 05:36 . 2013-12-07 05:37 -------- d-----w- c:\program files (x86)\GUM66D4.tmp
2013-12-07 05:36 . 2013-12-07 05:36 49940480 ----a-w- c:\program files (x86)\GUT66D5.tmp
2013-12-06 02:45 . 2013-12-06 02:46 -------- d-----w- c:\users\Tammi\AppData\Roaming\HOSTS Anti-Adwares
2013-12-06 02:45 . 2013-12-06 02:45 -------- d-----w- c:\program files (x86)\Hosts_Anti_Adwares_PUPs
2013-12-05 18:03 . 2013-12-06 09:21 -------- d-----w- C:\AdwCleaner
2013-12-05 17:59 . 2013-12-05 17:59 -------- d-----w- C:\FRST
2013-12-04 19:29 . 2013-12-04 19:29 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-12-04 19:29 . 2013-12-04 19:30 -------- d-----w- c:\program files\Microsoft Security Client
2013-12-04 19:29 . 2010-04-09 11:06 1898376 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-12-04 19:29 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2013-12-03 16:50 . 2013-12-03 17:10 -------- d-----w- c:\program files (x86)\Free Window Registry Repair
2013-12-01 07:23 . 2013-12-01 07:23 -------- d-----w- C:\inetpub
2013-12-01 05:47 . 2013-12-01 06:06 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-01 05:31 . 2013-12-01 05:31 -------- d-----w- c:\users\Tammi\AppData\Roaming\Malwarebytes
2013-12-01 05:31 . 2013-12-01 05:31 -------- d-----w- c:\programdata\Malwarebytes
2013-12-01 05:31 . 2013-12-01 19:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-27 09:26 . 2013-12-01 05:03 -------- d-----w- c:\windows\SysWow64\RTCOM
2013-11-24 08:24 . 2013-11-30 02:01 -------- d-----w- c:\programdata\Razer
2013-11-24 05:55 . 2013-11-24 05:55 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-24 05:54 . 2013-12-01 19:55 -------- d-----w- c:\programdata\ProductData
2013-11-24 05:52 . 2013-12-01 19:55 -------- d-----w- c:\programdata\IObit
2013-11-24 05:46 . 2013-11-24 05:46 -------- d-----w- c:\users\Tammi\AppData\Local\Programs
2013-11-22 16:24 . 2013-11-22 17:26 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-20 03:20 . 2013-11-20 03:20 -------- d-----w- c:\programdata\Oracle
2013-11-20 03:20 . 2013-11-20 03:20 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-11-20 03:19 . 2013-11-20 03:19 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-20 03:19 . 2013-11-20 03:19 -------- d-----w- c:\program files (x86)\Java
2013-11-19 22:59 . 2013-11-19 22:59 -------- d-----w- c:\programdata\McAfee
2013-11-13 20:13 . 2013-11-22 16:20 -------- d-----w- c:\program files\Microsoft Silverlight
2013-11-13 20:13 . 2013-11-22 16:20 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-22 17:26 . 2012-01-02 05:45 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-19 10:21 . 2009-10-14 12:52 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-13 19:55 . 2009-10-14 12:51 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-10 04:01 . 2012-01-11 07:17 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-09-27 16:53 . 2013-09-27 16:53 248240 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-27 16:53 . 2013-09-27 16:53 134944 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Welcome Center"="c:\windows\system32\OobeFldr.dll" [2009-07-14 859648]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AdvancedSystemCareService;Advanced SystemCare Service;f:\ascservice.exe;f:\ASCService.exe [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys;c:\windows\SYSNATIVE\DRIVERS\motodrv.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WUSB54GSCv2.NTamd64;Compact Wireless-G USB Network Adapter  with SpeedBooster Service;c:\windows\system32\DRIVERS\WUSB54GSCV2_AMD64.sys;c:\windows\SYSNATIVE\DRIVERS\WUSB54GSCV2_AMD64.sys [x]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 17:50 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-22 17:28]
.
2013-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-01 20:21]
.
2013-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-01 20:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1573160]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-24 1266912]
"HOSTS Anti Adwares"="schtasks.exe" [2009-07-14 284672]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Tammi\AppData\Roaming\Mozilla\Firefox\Profiles\9tseu6xi.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="CCCP.MPC.AVI.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="CCCP.MPC.Matroska.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="CCCP.MPC.MP4.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="CCCP.MPC.OGM.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-10  11:53:20
ComboFix-quarantined-files.txt  2013-12-10 18:53
ComboFix2.txt  2013-12-09 15:56
.
Pre-Run: 125,643,399,168 bytes free
Post-Run: 125,589,184,512 bytes free
.
- - End Of File - - 38C77ED61B06F73E940492FFA86F097A
A36C5E4F47E84449FF07ED3517B43A31


#11 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:21 PM

Posted 10 December 2013 - 04:11 PM

Other than Yahoo opening in Chrome how is everything else working?   :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#12 Tami73

Tami73
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 10 December 2013 - 06:15 PM

Still really slow, I can't really tell that anything has changed. Sorry and thank you for all of your work so far!



#13 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:21 PM

Posted 10 December 2013 - 10:17 PM

Ok.....thanks for letting me know. 
 
GUZVCQN.jpgMalwarebytes

Please open Malwarebytes, update it and then run a Quick Scan.  Save the log that is created for your next reply.
----------
 
ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#14 Tami73

Tami73
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 12 December 2013 - 01:08 AM

Jeff, 

 

Thanks again for all of your help! After I ran Malwarebytes (It didn't give me an option to update or run a quick scan) I cannot find the log BUT Chrome opened without the yahoo spigot tab! I am going to run ESET now.



#15 Tami73

Tami73
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 12 December 2013 - 05:04 AM

Restarted again and still have spigot yahoo tab and ESET came up clean. No difference in performance either... Could it be a registry error or maybe a rootkit?

 

Thanks again and sorry for the bad news.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users