Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Scorpion Saver


  • This topic is locked This topic is locked
59 replies to this topic

#1 Hal06

Hal06

  • Members
  • 914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, New York, USA
  • Local time:09:23 AM

Posted 09 December 2013 - 08:13 PM

Hello. I was infected with Scorpion Saver and Babylon Object Installer. I worked with kind folks on this forum and eliminated them. Now they are back. I followed the DDS Preparation Guide.


dds.txt:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16520  BrowserJavaVersion: 10.45.2
Run by Harold at 20:03:34 on 2013-12-09
Microsoft® Windows Vista Home Premium   6.0.6002.2.1252.1.1033.18.3998.1503 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\brsvc01a.exe
C:\Windows\SysWOW64\brss01a.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Harold\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\AutoTask\AutoTask.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AirPort\APAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\QuickTime\QTTask.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\splwow64.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {D25B97E9-62B2-40CE-BECF-E43A7B879072} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [Google Update] "C:\Users\Harold\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Amazon Cloud Player] "C:\Users\Harold\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [hpqSRMon] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
TCP: NameServer = 10.0.1.1
TCP: Interfaces\{B5721F26-C630-40E5-B604-6E21378BE421} : DHCPNameServer = 10.0.1.1
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.com
x64-mDefault_Page_URL = hxxp://www.google.com
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
x64-Run: [SysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\e7k5u3m5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll
FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: C:\Users\Harold\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Harold\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: C:\Users\Harold\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\Harold\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Harold\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Harold\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
FF - ExtSQL: !HIDDEN! 2010-01-25 21:18; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-3-24 14456]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\AESTSr64.exe [2008-6-27 89088]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2008-3-18 23040]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-25 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-25 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 134944]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2013-3-26 230416]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Windows\SMINST\BLService.exe [2008-7-1 341328]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-7-1 193840]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-1-24 60928]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2008-6-4 129536]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-25 25928]
R3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;C:\Windows\System32\drivers\NETw5v64.sys [2008-8-1 4730368]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-7-20 1022632]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-17 89920]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-11-23 16:06:56    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-23 16:06:55    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-19 10:21:41    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2013-11-14 08:02:45    82896128    ----a-w-    C:\Windows\System32\mrt.exe
2013-10-13 15:58:41    17847296    ----a-w-    C:\Windows\System32\mshtml.dll
2013-10-13 15:09:57    10926080    ----a-w-    C:\Windows\System32\ieframe.dll
2013-10-13 14:55:42    2334720    ----a-w-    C:\Windows\System32\jscript9.dll
2013-10-13 14:48:43    1346560    ----a-w-    C:\Windows\System32\urlmon.dll
2013-10-13 14:47:43    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-10-13 14:46:53    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-10-13 14:46:27    237056    ----a-w-    C:\Windows\System32\url.dll
2013-10-13 14:44:28    85504    ----a-w-    C:\Windows\System32\jsproxy.dll
2013-10-13 14:42:38    816640    ----a-w-    C:\Windows\System32\jscript.dll
2013-10-13 14:42:36    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-10-13 14:42:11    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-10-13 14:39:50    2147840    ----a-w-    C:\Windows\System32\iertutil.dll
2013-10-13 14:38:57    729088    ----a-w-    C:\Windows\System32\msfeeds.dll
2013-10-13 14:36:11    96768    ----a-w-    C:\Windows\System32\mshtmled.dll
2013-10-13 14:35:12    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-10-13 14:29:31    248320    ----a-w-    C:\Windows\System32\ieui.dll
2013-10-13 10:42:12    12344832    ----a-w-    C:\Windows\SysWow64\mshtml.dll
2013-10-13 10:08:04    9739264    ----a-w-    C:\Windows\SysWow64\ieframe.dll
2013-10-13 09:48:06    1806848    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-10-13 09:37:03    1104896    ----a-w-    C:\Windows\SysWow64\urlmon.dll
2013-10-13 09:35:52    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-10-13 09:35:38    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-10-13 09:33:57    231936    ----a-w-    C:\Windows\SysWow64\url.dll
2013-10-13 09:32:00    65024    ----a-w-    C:\Windows\SysWow64\jsproxy.dll
2013-10-13 09:30:20    717824    ----a-w-    C:\Windows\SysWow64\jscript.dll
2013-10-13 09:30:14    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-10-13 09:29:02    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-10-13 09:27:43    607744    ----a-w-    C:\Windows\SysWow64\msfeeds.dll
2013-10-13 09:27:40    1796096    ----a-w-    C:\Windows\SysWow64\iertutil.dll
2013-10-13 09:26:08    73216    ----a-w-    C:\Windows\SysWow64\mshtmled.dll
2013-10-13 09:25:39    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-10-13 09:20:51    176640    ----a-w-    C:\Windows\SysWow64\ieui.dll
2013-10-11 04:23:42    462848    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-10-11 04:23:21    781824    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-10-11 02:07:57    596480    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-08 11:50:37    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-08 11:46:52    264616    ----a-w-    C:\Windows\SysWow64\javaws.exe
2013-10-08 11:46:47    175016    ----a-w-    C:\Windows\SysWow64\javaw.exe
2013-10-08 11:46:23    174504    ----a-w-    C:\Windows\SysWow64\java.exe
2013-10-03 15:03:41    389632    ----a-w-    C:\Windows\System32\gdi32.dll
2013-10-03 15:02:58    1278976    ----a-w-    C:\Windows\System32\crypt32.dll
2013-10-03 12:46:36    304128    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-10-03 12:45:45    993792    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-09-27 14:53:06    248240    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2013-09-27 14:53:06    134944    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
.
============= FINISH: 20:04:32.85 ===============

Edited by boopme, 09 December 2013 - 09:32 PM.


BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:23 AM

Posted 12 December 2013 - 08:34 PM

Hi and Welcome!!   

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.


Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------
 
81mYIKe.jpg  AdwCleaner

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 Hal06

Hal06
  • Topic Starter

  • Members
  • 914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, New York, USA
  • Local time:09:23 AM

Posted 14 December 2013 - 12:45 PM

TDSKILLER: No Threats.

 

12:41:11.0339 0x199c  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
12:41:15.0158 0x199c  ============================================================
12:41:15.0158 0x199c  Current date / time: 2013/12/14 12:41:15.0158
12:41:15.0159 0x199c  SystemInfo:
12:41:15.0159 0x199c  
12:41:15.0159 0x199c  OS Version: 6.0.6002 ServicePack: 2.0
12:41:15.0159 0x199c  Product type: Workstation
12:41:15.0159 0x199c  ComputerName: HAROLD-PC
12:41:15.0161 0x199c  UserName: Harold
12:41:15.0161 0x199c  Windows directory: C:\Windows
12:41:15.0161 0x199c  System windows directory: C:\Windows
12:41:15.0161 0x199c  Running under WOW64
12:41:15.0161 0x199c  Processor architecture: Intel x64
12:41:15.0161 0x199c  Number of processors: 2
12:41:15.0161 0x199c  Page size: 0x1000
12:41:15.0161 0x199c  Boot type: Normal boot
12:41:15.0161 0x199c  ============================================================
12:41:16.0455 0x199c  KLMD registered as C:\Windows\system32\drivers\26745530.sys
12:41:16.0963 0x199c  System UUID: {C6A9F494-A6CF-9AC7-7C7B-578297D5733F}
12:41:17.0969 0x199c  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:41:17.0976 0x199c  ============================================================
12:41:17.0976 0x199c  \Device\Harddisk0\DR0:
12:41:17.0976 0x199c  MBR partitions:
12:41:17.0976 0x199c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BB807C1
12:41:17.0976 0x199c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BB80800, BlocksNum 0x1643800
12:41:17.0976 0x199c  ============================================================
12:41:17.0990 0x199c  C: <-> \Device\Harddisk0\DR0\Partition1
12:41:18.0145 0x199c  D: <-> \Device\Harddisk0\DR0\Partition2
12:41:18.0145 0x199c  ============================================================
12:41:18.0145 0x199c  Initialize success
12:41:18.0145 0x199c  ============================================================
12:41:20.0596 0x1234  ============================================================
12:41:20.0596 0x1234  Scan started
12:41:20.0596 0x1234  Mode: Manual;
12:41:20.0596 0x1234  ============================================================
12:41:20.0596 0x1234  KSN ping started
12:41:32.0031 0x1234  KSN ping finished: true
12:41:32.0557 0x1234  ================ Scan system memory ========================
12:41:32.0557 0x1234  System memory - ok
12:41:32.0557 0x1234  ================ Scan services =============================
12:41:32.0742 0x1234  [ 60FBB29CCCE48B4C3A6517CAF42C3496, 8422521086227B1D9A22697AEB6A7A8FC7D7F25BAA50032565F94CCF1D14AE68 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
12:41:32.0744 0x1234  Accelerometer - ok
12:41:32.0879 0x1234  [ 1965AAFFAB07E3FB03C77F81BEBA3547, 351A1EBB1B95C8E03ED125C8F997DEE810B4DF36AD290E7685FC01963B522BFC ] ACPI            C:\Windows\system32\drivers\acpi.sys
12:41:32.0901 0x1234  ACPI - ok
12:41:33.0049 0x1234  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:41:33.0053 0x1234  AdobeARMservice - ok
12:41:33.0186 0x1234  [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:41:33.0197 0x1234  AdobeFlashPlayerUpdateSvc - ok
12:41:33.0266 0x1234  [ F14215E37CF124104575073F782111D2, 7F624F7F0FE9909C07AB2E4C74727686FDA9DF33778A9CBBE35027D6579E4F71 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:41:33.0284 0x1234  adp94xx - ok
12:41:33.0302 0x1234  [ 7D05A75E3066861A6610F7EE04FF085C, 406F2CE539C306BA60C233FBCDB029153588F0499BBE91E66FC915E5C5D7D2A5 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:41:33.0315 0x1234  adpahci - ok
12:41:33.0337 0x1234  [ 820A201FE08A0C345B3BEDBC30E1A77C, 3170B308724CAA0AD50B74D045C837C48BD6A3A11ABA222670BEA82192A861BF ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
12:41:33.0342 0x1234  adpu160m - ok
12:41:33.0354 0x1234  [ 9B4AB6854559DC168FBB4C24FC52E794, 83CD75DE0A16AE66586837565ECA8B98BA9309519139C4C2032474B8DDF5A1AD ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:41:33.0361 0x1234  adpu320 - ok
12:41:33.0402 0x1234  [ 0F421175574BFE0BF2F4D8E910A253BB, CEABE3A4F546EB6ACA079931AB532DC88FF757DEEF6F434991802220328A9CD6 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:41:33.0403 0x1234  AeLookupSvc - ok
12:41:33.0517 0x1234  [ 7F66523A27754AFCFECAE2F5EB643A4A, 706D4BD3CA1530B26A4976F280D0614F8DD0F6B1DA00C49C400383AF30AE0490 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\AESTSr64.exe
12:41:33.0520 0x1234  AESTFilters - ok
12:41:33.0597 0x1234  [ 2BA159E1F9FD75F6A496742B20F1D9CF, 50094F6E8415ACDBC0DA9C24EDAB3F9B192D2F0D6A820C18E8DBC6D72849D612 ] AFD             C:\Windows\system32\drivers\afd.sys
12:41:33.0609 0x1234  AFD - ok
12:41:33.0663 0x1234  [ 8B0D8B5BAFD4C9D57B41426BC68B32F9, 28875E7A1BE4AFAFCCB13C6BE5891B0CE5C1735AC3CE5C84A773D445AF1D9596 ] AgereModemAudio C:\Windows\system32\agr64svc.exe
12:41:33.0664 0x1234  AgereModemAudio - ok
12:41:33.0761 0x1234  [ 6051B172930F3B2723D04C555F7EC55A, BBBBEEE79ACF8F2C11D131E6225BCC75200BB020863B44210F5BDBC02954DB96 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
12:41:33.0798 0x1234  AgereSoftModem - ok
12:41:33.0843 0x1234  [ F6F6793B7F17B550ECFDBD3B229173F7, 7EB12A9372B7966440E39F1B567A43C21231D67DDFAA9C1DECC7E68627F82346 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:41:33.0846 0x1234  agp440 - ok
12:41:33.0879 0x1234  [ 222CB641B4B8A1D1126F8033F9FD6A00, 8C7FD4BF87DC00893B99E64344C0E6A3F321DAD9BE60A99763629260E7C6312C ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
12:41:33.0882 0x1234  aic78xx - ok
12:41:33.0903 0x1234  [ 5922F4F59B7868F3D74BBBBEB7B825A3, 71504BC8B596F540BF059059670BC0C138D8759C1DD9F99F1EC368FD5C53F573 ] ALG             C:\Windows\System32\alg.exe
12:41:33.0906 0x1234  ALG - ok
12:41:33.0928 0x1234  [ 157D0898D4B73F075CE9FA26B482DF98, 84C3E163D7393FD306842F155C88A50B7D8AE88B59586F9014DB76B749CC33D5 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:41:33.0930 0x1234  aliide - ok
12:41:33.0935 0x1234  [ 970FA5059E61E30D25307B99903E991E, CFB241803A63EA3469B2596462A42DDCA813B3ACF96E56BB34F5979BB34DDC32 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:41:33.0936 0x1234  amdide - ok
12:41:33.0966 0x1234  [ CDC3632A3A5EA4DBB83E46076A3165A1, 40BE3451A3F29CD3352360FF72165C54237E44D01006390805D493B0D06F51DB ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:41:33.0969 0x1234  AmdK8 - ok
12:41:33.0998 0x1234  [ 9C37B3FD5615477CB9A0CD116CF43F5C, BD3F85A29931072F2B0C7283761E224E4621FE0D9D34D6D668A4516B28388484 ] Appinfo         C:\Windows\System32\appinfo.dll
12:41:34.0000 0x1234  Appinfo - ok
12:41:34.0051 0x1234  [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:41:34.0054 0x1234  Apple Mobile Device - ok
12:41:34.0078 0x1234  [ BA8417D4765F3988FF921F30F630E303, 876A8F34E578020DD9EDD64F7F77A0A3B4592EC568830B500D7EA844D3159C72 ] arc             C:\Windows\system32\drivers\arc.sys
12:41:34.0081 0x1234  arc - ok
12:41:34.0101 0x1234  [ 9D41C435619733B34CC16A511E644B11, DEFFBBB5ECE33B7DF949DF979188AF3B6674E7580FC069397AB756EA84E24822 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:41:34.0105 0x1234  arcsas - ok
12:41:34.0160 0x1234  aspnet_state - ok
12:41:34.0183 0x1234  [ 22D13FF3DAFEC2A80634752B1EAA2DE6, 503F7E5F1B14D3F7AEAB0982E812B19DABE38FD4104D93922F50F0B2D19BECFB ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:41:34.0185 0x1234  AsyncMac - ok
12:41:34.0229 0x1234  [ E68D9B3A3905619732F7FE039466A623, 74C0B29E54EF064660B9C756E03D5A7EB78F261EFF768EB6E74D261FBD34340D ] atapi           C:\Windows\system32\drivers\atapi.sys
12:41:34.0231 0x1234  atapi - ok
12:41:34.0319 0x1234  [ 79318C744693EC983D20E9337A2F8196, 94226786EF8A101C2E805C6BA3C1CF46628BAF1AFCECBC1FAB7A7E7E5E642608 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:41:34.0336 0x1234  AudioEndpointBuilder - ok
12:41:34.0358 0x1234  [ 79318C744693EC983D20E9337A2F8196, 94226786EF8A101C2E805C6BA3C1CF46628BAF1AFCECBC1FAB7A7E7E5E642608 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:41:34.0371 0x1234  AudioSrv - ok
12:41:34.0440 0x1234  [ A2160C5D70F3517FC7356B689ABD6FCD, 84DEA8B403637365C2875AA1AD1D9B4AD215DB414A78BABE6F82F802B9E2D5DC ] BCM43XV         C:\Windows\system32\DRIVERS\bcmwl664.sys
12:41:34.0459 0x1234  BCM43XV - ok
12:41:34.0539 0x1234  [ FFB96C2589FFA60473EAD78B39FBDE29, 6A2792753E2CB580672B3107C0DBB9D26B6DAA14B37D5EC314BD0E304197E03E ] BFE             C:\Windows\System32\bfe.dll
12:41:34.0553 0x1234  BFE - ok
12:41:34.0640 0x1234  [ 6D316F4859634071CC25C4FD4589AD2C, 73F69AC9E505F3B11A3CCFF8571930229A9058E672CD008A4BF26C0189564EAE ] BITS            C:\Windows\System32\qmgr.dll
12:41:34.0673 0x1234  BITS - ok
12:41:34.0717 0x1234  [ 79FEEB40056683F8F61398D81DDA65D2, 5EA3016194F71A2A2177C2B5129E82738EC621ACAD269809F4C131B72CFEB6C6 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
12:41:34.0719 0x1234  blbdrive - ok
12:41:34.0814 0x1234  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:41:34.0827 0x1234  Bonjour Service - ok
12:41:34.0880 0x1234  [ 2348447A80920B2493A9B582A23E81E1, 50F9242B7104607E633ABAF4E0A213C1C1226BF81F7FB4E216A9E878247B868C ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:41:34.0884 0x1234  bowser - ok
12:41:34.0924 0x1234  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
12:41:34.0926 0x1234  BrFiltLo - ok
12:41:34.0935 0x1234  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
12:41:34.0936 0x1234  BrFiltUp - ok
12:41:34.0978 0x1234  [ C711ED965009BDCFF9AA62CEB6FF1AAD, 083E981F983653329C2B8361963CA81D5D88E164C7738035F701A10CCB1C85CC ] Brother XP spl Service C:\Windows\SysWOW64\brsvc01a.exe
12:41:34.0980 0x1234  Brother XP spl Service - ok
12:41:35.0013 0x1234  [ A1B39DE453433B115B4EA69EE0343816, 61441E7E9D5259A5987DBD3FC8D4E3221A57F42C7CC0F94DB48E80EEF96CA5D4 ] Browser         C:\Windows\System32\browser.dll
12:41:35.0016 0x1234  Browser - ok
12:41:35.0048 0x1234  [ F0F0BA4D815BE446AA6A4583CA3BCA9B, E0A5DB5A0C7D6AF93ED45F34D2597F77982DFF41E4FDAC827FE5D80323ADED60 ] Brserid         C:\Windows\system32\DRIVERS\BrSerId.sys
12:41:35.0051 0x1234  Brserid - ok
12:41:35.0080 0x1234  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
12:41:35.0082 0x1234  BrSerWdm - ok
12:41:35.0113 0x1234  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
12:41:35.0115 0x1234  BrUsbMdm - ok
12:41:35.0131 0x1234  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\system32\DRIVERS\BrUsbSer.sys
12:41:35.0132 0x1234  BrUsbSer - ok
12:41:35.0188 0x1234  [ 09F926A0D9C0BAFD8417A4307D2ED13C, 9C86FB0E328D3E14DC6A1BD64CB0E6E61D8DA437FF51399FD87DCA70FDC96C01 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
12:41:35.0190 0x1234  BthEnum - ok
12:41:35.0216 0x1234  [ E0777B34E05F8A82A21856EFC900C29F, A7ACE3C65D1773C50ACD98A13B3ADBDD2A6052D7F5D124CB6EE6E7C22151A424 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
12:41:35.0219 0x1234  BTHMODEM - ok
12:41:35.0257 0x1234  [ BEFC5311736B475AC5B60C14FF7C775A, 8B9BF5486B09E10361E8C412481E684CD1B03B5C06023AD9B7C29553D51F0455 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
12:41:35.0262 0x1234  BthPan - ok
12:41:35.0330 0x1234  [ E1466882252FF51EDDE48C3F7EDA2591, BBF7B234BC3EB5CB56C6EA502E89C5EF29EC51466E6BE15ECFE49831E2406143 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
12:41:35.0358 0x1234  BTHPORT - ok
12:41:35.0406 0x1234  [ 22E65FFD640F16968F855F5B3528D366, 6EF7FC170E2533BD7BFF0125391757E27E3D5F05EDE1A986E4295CDCD2D9B197 ] BthServ         C:\Windows\System32\bthserv.dll
12:41:35.0409 0x1234  BthServ - ok
12:41:35.0461 0x1234  [ 970192CDED77A128E7E30722E5EE6B9C, 5302B4D1E7A430D1BE9B8ECEED3AAC8095326AFF0226BEDB56CF061CF27BE679 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
12:41:35.0463 0x1234  BTHUSB - ok
12:41:35.0499 0x1234  [ 5C73E29F176A0A258EF2D339C1BD9E3E, EAEA43A491AA59C94532BD53BB119D42693D119B8D31317FA00BCCAE1A4A73CC ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
12:41:35.0504 0x1234  btwaudio - ok
12:41:35.0535 0x1234  [ 73B4341807E3398DAC73102E4709ECB0, 37F2F1DCE4A945D5C3C321AE327F6E5B5194F9D39BEAC42BB235EAA2919D8A1D ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
12:41:35.0540 0x1234  btwavdt - ok
12:41:35.0565 0x1234  [ DA0386AED062087147A4A9E09A23F6F1, CCA2DC854D2F612AF6FCF7D86516FC6560AC83D5B717566005ECFC89AB4AA016 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
12:41:35.0566 0x1234  btwrchid - ok
12:41:35.0969 0x1234  [ 4A73F48C5528CB6E872D418535A6D3E0, C8F12CA37E89EABD6E4C65A8CD4A4512AD0008FAC459C10BF8317D983DDC1282 ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
12:41:36.0270 0x1234  CarboniteService - ok
12:41:36.0307 0x1234  [ B4D787DB8D30793A4D4DF9FEED18F136, 2A956F7DCFE61E556F30BDA6D45592A05533541D6ED321C251C1C05F6CEA6DDC ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:41:36.0311 0x1234  cdfs - ok
12:41:36.0369 0x1234  [ C025AA69BE3D0D25C7A2E746EF6F94FC, F4754B23CC256ADF92FDD42A9BA80F1ACB74834A58FCBEA2C52650FAFC7F9483 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:41:36.0372 0x1234  cdrom - ok
12:41:36.0424 0x1234  [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:41:36.0426 0x1234  CertPropSvc - ok
12:41:36.0438 0x1234  [ 02EA568D498BBDD4BA55BF3FCE34D456, 5A418B156CBB48D14E0F6B6AE6E03B8CD97AABE838F260757014479566C63F17 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:41:36.0440 0x1234  circlass - ok
12:41:36.0493 0x1234  [ 3DCA9A18B204939CFB24BEA53E31EB48, 73CEDE020A6C8269EE8847A4E43071FD231179DA9430DE2983263B8345AD92B7 ] CLFS            C:\Windows\system32\CLFS.sys
12:41:36.0505 0x1234  CLFS - ok
12:41:36.0551 0x1234  [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:41:36.0555 0x1234  clr_optimization_v2.0.50727_32 - ok
12:41:36.0635 0x1234  [ CE07A466201096F021CD09D631B21540, 1A11DDAB7000569A89F3FA26BDEE4D527FA6D57D3F91CDABAA9C02CACDDE5F6D ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:41:36.0639 0x1234  clr_optimization_v2.0.50727_64 - ok
12:41:36.0746 0x1234  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:41:36.0751 0x1234  clr_optimization_v4.0.30319_32 - ok
12:41:36.0811 0x1234  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:41:36.0816 0x1234  clr_optimization_v4.0.30319_64 - ok
12:41:36.0853 0x1234  [ B52D9A14CE4101577900A364BA86F3DF, A8AA928DDF5FE3861973D4EA03A5B700E99138236F1E8FF594293B9705BF470C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:41:36.0855 0x1234  CmBatt - ok
12:41:36.0863 0x1234  [ E5D5499A1C50A54B5161296B6AFE6192, 20A8A0478918063A9EE81565F21F4ACCAA7B6A8B2E9E084099879D85574BAB3E ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:41:36.0866 0x1234  cmdide - ok
12:41:36.0955 0x1234  [ A94146208170D78906C93EE39CEBDD9F, 54B0091593E2E014AD97FED1B715A71722C6B16B454C03F13E88B8423306AB79 ] Com4QLBEx       C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
12:41:36.0962 0x1234  Com4QLBEx - ok
12:41:36.0977 0x1234  [ 7FB8AD01DB0EABE60C8A861531A8F431, E19353C686B07A0DBBA92CFCC88AB9B6BEBAF389416B78F4470BA673E7CD73C3 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:41:36.0978 0x1234  Compbatt - ok
12:41:36.0983 0x1234  COMSysApp - ok
12:41:36.0994 0x1234  [ A8585B6412253803CE8EFCBD6D6DC15C, C3906B080D3BB06CB976FD98C62CBA97DAE74970A5559D51EF5111D773949322 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:41:36.0996 0x1234  crcdisk - ok
12:41:37.0049 0x1234  [ 5AAC48EAF8EACF247DB44FB61B900D89, D20FCD5C71CA18F284D3DFD0CED37F6888A296E76B7B0563F2F4668CF90FE752 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:41:37.0055 0x1234  CryptSvc - ok
12:41:37.0141 0x1234  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:41:37.0167 0x1234  DcomLaunch - ok
12:41:37.0228 0x1234  [ 8B722BA35205C71E7951CDC4CDBADE19, 39720A60DFD0532F7E1A1976240E9828559BF9E0C6D1CFBF4D911965BFD94158 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:41:37.0279 0x1234  DfsC - ok
12:41:37.0462 0x1234  [ C647F468F7DE343DF8C143655C5557D4, E2D35FE49C408B952D8FE0C7EF70D42798229D30B89CEF9858BAC9F4F9E98EF2 ] DFSR            C:\Windows\system32\DFSR.exe
12:41:37.0617 0x1234  DFSR - ok
12:41:37.0732 0x1234  [ 3ED0321127CE70ACDAABBF77E157C2A7, 10973BD0AEF9597A4EA0A4947BDE922F9168F33D6ED97BFFEE6176AADAD78980 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
12:41:37.0740 0x1234  Dhcp - ok
12:41:37.0791 0x1234  [ B0107E40ECDB5FA692EBF832F295D905, 76466BB9E4F12436ECCCB9D89EB20762B4785F82F02591B51A735A590E248264 ] disk            C:\Windows\system32\drivers\disk.sys
12:41:37.0794 0x1234  disk - ok
12:41:37.0834 0x1234  [ 06230F1B721494A6DF8D47FD395BB1B0, F6CA8270740E01D9CE2FE8E34BC067C7EDC15BA610F461860E1D17D135C8A379 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:41:37.0838 0x1234  Dnscache - ok
12:41:37.0900 0x1234  [ 1A7156DD1E850E9914E5E991E3225B94, 99FF0C7125B01FCB0B92DC44756AE8FAA486F2E7F38DC6204F7EFE5918F8480A ] dot3svc         C:\Windows\System32\dot3svc.dll
12:41:37.0908 0x1234  dot3svc - ok
12:41:37.0955 0x1234  [ 1583B39790DB3EAEC7EDB0CB0140C708, F94F9AE7054A38602CD25D4E10FE7C7B574BD9ED8440C3FDAA7275A1D1E663E7 ] DPS             C:\Windows\system32\dps.dll
12:41:37.0960 0x1234  DPS - ok
12:41:37.0996 0x1234  [ F1A78A98CFC2EE02144C6BEC945447E6, D2E2AA13BE6319F967002476A5D3CF09B1B44350576DD8E1C1C531854F53B488 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:41:38.0006 0x1234  drmkaud - ok
12:41:38.0087 0x1234  [ 0A3C78677FF62E9E0AE7CC25C790A968, 6A2D81BC3715FD4960D2C853870C056C5BFE581B25C4592CBF65EAC044DFEAB3 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:41:38.0114 0x1234  DXGKrnl - ok
12:41:38.0164 0x1234  [ 264CEE7B031A9D6C827F3D0CB031F2FE, 50CAD28A73D29E7E04A45330146CF713BA17101215955009121E36D43CD5C536 ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
12:41:38.0170 0x1234  E1G60 - ok
12:41:38.0217 0x1234  [ C2303883FD9BE49DC36A6400643002EA, F062D1D6D503CF5195BDE8C1DC75B541F559CB8175ADABCDB7690E9F1CA3EA4E ] EapHost         C:\Windows\System32\eapsvc.dll
12:41:38.0220 0x1234  EapHost - ok
12:41:38.0282 0x1234  [ 5F94962BE5A62DB6E447FF6470C4F48A, D00F9B3315DE8610BBE93FFD3CA3E2CF5B10697C518FC25FA4274CC6894D022B ] Ecache          C:\Windows\system32\drivers\ecache.sys
12:41:38.0288 0x1234  Ecache - ok
12:41:38.0378 0x1234  [ 14CE384D2E27B64C256BDA4DC39C312D, D5FA9C2BB162F1C22E419D33671B8202AAC245A87F6B183B97F83F5BFA165B41 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:41:38.0390 0x1234  ehRecvr - ok
12:41:38.0409 0x1234  [ B93159C1313D66FDFBBE876F5189CD52, 51E39160EA56F6B08449267EDF2A0F604612663768D2348DE23554AB07BDBB62 ] ehSched         C:\Windows\ehome\ehsched.exe
12:41:38.0415 0x1234  ehSched - ok
12:41:38.0425 0x1234  [ F5EE2527D74449868E3C3227A59BCD28, 11640E97EE9D8F9A5DC3FEA6BA7A737AA796A7235C7F5C7EF1ABFB51C9D730D3 ] ehstart         C:\Windows\ehome\ehstart.dll
12:41:38.0426 0x1234  ehstart - ok
12:41:38.0461 0x1234  [ C4636D6E10469404AB5308D9FD45ED07, 367D958D19F672395462206F27C1E138386C2F37B0FA77546F4217CF16D05C84 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:41:38.0473 0x1234  elxstor - ok
12:41:38.0653 0x1234  [ A9B18B63A4FD6BAAB83326706D857FAB, 7721CC67C0F8CE3060D0EB35A10E4ADC1E3CB470C0797B17D606060C270F96D7 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
12:41:38.0665 0x1234  EMDMgmt - ok
12:41:38.0697 0x1234  [ 3A70DC8951B995C73A22B9A23210833E, AA68F31BDFD868AE2CA3FDFB47316C024FB04042038851A018703E5A5EC59323 ] enecir          C:\Windows\system32\DRIVERS\enecir.sys
12:41:38.0712 0x1234  enecir - ok
12:41:38.0740 0x1234  [ BC3A58E938BB277E46BF4B3003B01ABD, 2BB054E632A96951DAB25B3BE8541AEC1B97A7739FC8D0E34BE8B9295600C8FC ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:41:38.0741 0x1234  ErrDev - ok
12:41:38.0828 0x1234  [ E12F22B73F153DECE721CD45EC05B4AF, 41887EEF4BB024329B4079AD50FC5FB705F0EB8BAF6C93A8242DC2A73D3AFD86 ] EventSystem     C:\Windows\system32\es.dll
12:41:38.0847 0x1234  EventSystem - ok
12:41:38.0893 0x1234  [ 486844F47B6636044A42454614ED4523, 3E24E78584B199C0FAA59613EEB7DF67B3B878B277A0130C7A3FF608C130BA2F ] exfat           C:\Windows\system32\drivers\exfat.sys
12:41:38.0899 0x1234  exfat - ok
12:41:38.0960 0x1234  [ 1A4BEE34277784619DDAF0422C0C6E23, 3223E1B5DD4866D8E09F1B465FF82C911DDEE5B01B084543086E47B11D2AEA77 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:41:39.0092 0x1234  fastfat - ok
12:41:39.0127 0x1234  [ 81B79B6DF71FA1D2C6D688D830616E39, 62F8BC0DB918A49B10A5BE1724A2E2F17FA7D8208D5D86822FACB2DCD97B3591 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:41:39.0224 0x1234  fdc - ok
12:41:39.0252 0x1234  [ BB9267ACACD8B7533DD936C34A0CBA5E, 32DE6E10ABA540D62F0D8AE30DE8769D7BF29E547838BEBE67C04183CC0B32C7 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:41:39.0393 0x1234  fdPHost - ok
12:41:39.0444 0x1234  [ 300C80931EABBE1DB7591C516EFE8D0F, F031DA96B06B6FA8E0AD56D5E10E5A5882765C3FF258A4DE06A47EC34829FF04 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:41:39.0468 0x1234  FDResPub - ok
12:41:39.0505 0x1234  [ 457B7D1D533E4BD62A99AED9C7BB4C59, 3933907DE163F8D3A81ED25169B693D723296C437C7C990BFE9DEFD60F7635FD ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:41:39.0508 0x1234  FileInfo - ok
12:41:39.0540 0x1234  [ D421327FD6EFCCAF884A54C58E1B0D7F, C2F3B72EA36BA8B74A30E128C088307CA768FDBE232BFA216CD78B0F9B7AF18A ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:41:39.0545 0x1234  Filetrace - ok
12:41:39.0571 0x1234  [ 230923EA2B80F79B0F88D90F87B87EBD, 1F3287970FEC73011F3B675C447BF0CA35416490D4740C6960595B091181059C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:41:39.0576 0x1234  flpydisk - ok
12:41:39.0628 0x1234  [ E3041BC26D6930D61F42AEDB79C91720, 3556C033BB78445EC8B2F98A82455914764AFC70CBFF634DDBD3539885A1E457 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:41:39.0806 0x1234  FltMgr - ok
12:41:40.0017 0x1234  [ F937F278E44138C0386FA1DE69B1F72B, 49180522CCCB5377B5B3A7EF8B9697FBE19A1E5D84BC282D24C39B3D52698851 ] FontCache       C:\Windows\system32\FntCache.dll
12:41:40.0058 0x1234  FontCache - ok
12:41:40.0154 0x1234  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E, B21CA5F14BDB6CFD97A24C28BB2AD0D704C46058F13B01FF4203514FE8B92591 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:41:40.0157 0x1234  FontCache3.0.0.0 - ok
12:41:40.0206 0x1234  [ 5779B86CD8B32519FBECB136394D946A, 68A395CD2287D22CB5C8CFE5A3006A61AC0C3FDAADF166C93240FF83C0315DCF ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:41:40.0207 0x1234  Fs_Rec - ok
12:41:40.0235 0x1234  [ C8E416668D3DC2BE3D4FE4C79224997F, 7DBC8E7687179A649638F606C9584F2E8EC2065762997CDF151F9BB99FA8D535 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:41:40.0239 0x1234  gagp30kx - ok
12:41:40.0314 0x1234  [ 6139AE70E943B2A57AD04B70A316C0A0, D062AE2E7BABE70BDF28AFDF860F5D3AE4C16D042919CB5A4E935A765495D6A5 ] GameConsoleService C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
12:41:40.0402 0x1234  GameConsoleService - ok
12:41:40.0472 0x1234  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:41:40.0508 0x1234  GEARAspiWDM - ok
12:41:40.0577 0x1234  [ 14908F4F9005C29DE8F5587E271390EE, 43DDFA99F52467F91019DB858989F111EBE48A2BED8D43EA2C15D1FD3C104489 ] gfibto          C:\Windows\system32\drivers\gfibto.sys
12:41:40.0596 0x1234  gfibto - ok
12:41:40.0673 0x1234  [ 8F6AE606EB0CC884EE12C41948424422, 4AC74E18D197E31F50A7CB9AE17F6BD1EAA701DA1EC5ABDCBB2858AB0AEDC345 ] GoToAssist      C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
12:41:40.0675 0x1234  GoToAssist - ok
12:41:40.0786 0x1234  [ A0E1B575BA8F504968CD40C0FAEB2384, F64A24A5A93F4E757882E97C65DA612F07A87F4DDD2E10C1AB0250AFA03BCEF1 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:41:40.0815 0x1234  gpsvc - ok
12:41:40.0924 0x1234  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:41:40.0937 0x1234  gupdate - ok
12:41:40.0945 0x1234  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:41:40.0949 0x1234  gupdatem - ok
12:41:41.0010 0x1234  [ DF45F8142DC6DF9D18C39B3EFFBD0409, E0F04525530FF403C5A34B7E9A03CDE70B7BACE12E2E50103554E92AF374BD09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:41:41.0022 0x1234  HdAudAddService - ok
12:41:41.0152 0x1234  [ F942C5820205F2FB453243EDFEC82A3D, 17A6A3DCF884FB524C93F2477D97E9F2B8E547709F8F2AEA93BEEA322B62E914 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:41:41.0230 0x1234  HDAudBus - ok
12:41:41.0256 0x1234  [ B4881C84A180E75B8C25DC1D726C375F, C0BEDBF43EFB0DD442A1D7985EA4A7493671648954B7D1840E30FB2FC46589A4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:41:41.0267 0x1234  HidBth - ok
12:41:41.0286 0x1234  [ 5F47839455D01FF6403B008D481A6F5B, 0CC1E8EE4C3E46937DEA39EAC2498C1A89667D6828430162FDFAE845C37D7079 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:41:41.0288 0x1234  HidIr - ok
12:41:41.0338 0x1234  [ 59361D38A297755D46A540E450202B2A, ED97800A3FF9B90EC58BC5122C42B53F46D9C157EFE488481E8677ED7058E33D ] hidserv         C:\Windows\system32\hidserv.dll
12:41:41.0347 0x1234  hidserv - ok
12:41:41.0366 0x1234  [ D02C82CB3A20F391C8AEFF94E8E0BAA1, A540FC4EDDBA899CDABD43FCD5FA0F3EC5BD9DA40BF0CCD796421EA1AF77184A ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:41:41.0367 0x1234  HidUsb - ok
12:41:41.0399 0x1234  [ B12F367EA39C0795FD57E31242CE1A5A, 498439FE4D1217211EB6C1AC35CDA5D59F3AE8F06AF5E41EE9FDB0DC559FBE27 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:41:41.0404 0x1234  hkmsvc - ok
12:41:41.0467 0x1234  [ A19B0BB5A7EB6DF2DD4A0711D36955EE, 307648CAFB3DDCD76FD730CA623945ED71D4276715A38D8CBB203C157C45F691 ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
12:41:41.0472 0x1234  HP Health Check Service - ok
12:41:41.0498 0x1234  [ D7109A1E6BD2DFDBCBA72A6BC626A13B, 6141B6645F4152A326ECA8AD0DD04CB38C9EDA395BDF6FF260AB17CB86FC4C87 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
12:41:41.0501 0x1234  HpCISSs - ok
12:41:41.0528 0x1234  [ 4A435CA815A54639CA09DDF75D751EBC, CD6FA4B12EB4E692B0860C5750F9FB27CD1A108FD69E301EC162BC05C7B71D26 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
12:41:41.0530 0x1234  hpdskflt - ok
12:41:41.0554 0x1234  [ 0ECC54FD34D6A089C300846B011E81D6, 7C3F04575370912D0DB048B386D018C9F81786E4458FEFE79C19182CFA6386C0 ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
12:41:41.0556 0x1234  HpqKbFiltr - ok
12:41:41.0588 0x1234  [ E53D53D66D61794AF8160741946D0B43, 5110E9E67127C4E34C2F1094DD270C782C87E22B02B47BE91E3113734B33CEC5 ] HpqRemHid       C:\Windows\system32\DRIVERS\HpqRemHid.sys
12:41:41.0590 0x1234  HpqRemHid - ok
12:41:41.0609 0x1234  [ D50FDAD1E57AA60F1973CFC77D905F0E, 50700337E984F71020BC0F714E0747A99E48711EAC590B22F3F104B3CFFDAF5B ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
12:41:41.0615 0x1234  hpqwmiex - ok
12:41:41.0635 0x1234  [ 6BF024EA61D7894BF4AF0B10A90B546E, 96E4BCCA63509CE089EC822BF7D63C351DCCF84BD99743E3FB8F45F6C0838844 ] hpsrv           C:\Windows\system32\Hpservice.exe
12:41:41.0638 0x1234  hpsrv - ok
12:41:41.0678 0x1234  [ 57BA73B5B321291E5114CB21350E1EA0, C7057D934D71CDF4320416E38208310B79E447B2579922CACF6F0B7D729E83F5 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL6.SYS
12:41:41.0687 0x1234  HSFHWAZL - ok
12:41:41.0883 0x1234  [ E6CD7F641916484B0141D191A390D866, 4D58A1B75AA340C89CFE8D7044823DE2851E388F9731905F0FD68E6927BC3D99 ] HSF_DPV         C:\Windows\system32\DRIVERS\VSTDPV6.SYS
12:41:41.0934 0x1234  HSF_DPV - ok
12:41:41.0997 0x1234  [ 098F1E4E5C9CB5B0063A959063631610, 36B02A738413E4745978E3E90D9CE8ABC08376BEE411008A4312A752CB4A2E13 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:41:42.0015 0x1234  HTTP - ok
12:41:42.0041 0x1234  [ DA94C854CEA5FAC549D4E1F6E88349E8, 10BEB47DB90F55BD1792C2041E49ED13E4E52BCC11BE6599F6DA8D91B79CC8D1 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
12:41:42.0042 0x1234  i2omp - ok
12:41:42.0059 0x1234  [ CBB597659A2713CE0C9CC20C88C7591F, A2BAC75F7247D871842A32EAA7594D338E728D1BFEAEA3C1FCDBF65F007BC06A ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:41:42.0062 0x1234  i8042prt - ok
12:41:42.0151 0x1234  [ CB686F44BF955EA02520710A56874FA4, D898E897171B07136FCB94726AB16738C923A170B166EB5D758E404C8A6EFD0F ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:41:42.0162 0x1234  IAANTMON - ok
12:41:42.0194 0x1234  [ 8D58627FEF3F8767665D9F4DC91CBD97, 1E0C1701220A73633C53766F3BD469468135D4B97827F1659A719FCCCA34E26E ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
12:41:42.0201 0x1234  iaStor - ok
12:41:42.0219 0x1234  [ 3E3BF3627D886736D0B4E90054F929F6, 95A138B65DC9133E92F53A529C7AD897D8823EFAED343756549FDF6C8C749CD0 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
12:41:42.0228 0x1234  iaStorV - ok
12:41:42.0283 0x1234  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:41:42.0287 0x1234  IDriverT - ok
12:41:42.0389 0x1234  [ 749F5F8CEDCA70F2A512945325FC489D, 443B4F779F27CD69C1F072823FCD9E5BA7590B6F48BE759DC6A1F898C467E58F ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:41:42.0422 0x1234  idsvc - ok
12:41:42.0793 0x1234  [ 663E7364F650A915D415EEB2DA98D86A, EC5BFFCBD5D13902597902CA11B61B46C616DC42E5632AB8DF08F9A723531347 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
12:41:43.0155 0x1234  igfx - ok
12:41:43.0201 0x1234  [ 8C3951AD2FE886EF76C7B5027C3125D3, 85CF7231756E02BD9E5F4378F3FC794394A072B8028F27827F83ACE9EE554499 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:41:43.0202 0x1234  iirsp - ok
12:41:43.0269 0x1234  [ 0401A380C88754B2399F8043AC9B2BF9, BFF3B53FAFAE6622AA9F74BAA4A3D522C06E2D732B88916766603B9FE8D0D77F ] IKEEXT          C:\Windows\System32\ikeext.dll
12:41:43.0283 0x1234  IKEEXT - ok
12:41:43.0327 0x1234  [ C7C9720A5B0FD2B974FC4F72E405204B, A1C28B3A267A8A4F0E81BDF9F68CBE4725C6A73A620A8C43C0D5CCBE931BA9FA ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
12:41:43.0344 0x1234  IntcHdmiAddService - ok
12:41:43.0359 0x1234  [ DF797A12176F11B2D301C5B234BB200E, 384343636B21CA7EDF28EFD1B6728EAB1508CA49CE48FF3DC0D91DB843C0C73E ] intelide        C:\Windows\system32\drivers\intelide.sys
12:41:43.0360 0x1234  intelide - ok
12:41:43.0369 0x1234  [ BFD84AF32FA1BAD6231C4585CB469630, 33E0842F2D0879B02C115301174FCB19ED3AAF7B1B8E6284839CE16DE56476EA ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:41:43.0372 0x1234  intelppm - ok
12:41:43.0507 0x1234  [ 3DC635B66DD7412E1C9C3A77B8D78F25, D3894065DA2D08744863ECC5EE9027A0E39711A6A56AAB599F1CAF4BB996F42A ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
12:41:43.0509 0x1234  IntuitUpdateService - ok
12:41:43.0600 0x1234  [ D9DA7B3117BF5EFF921C0CDED4D58050, D51A2AFC0E310C5A0EE1540A9E6353F5F7C9E76711187FAD91EEB0B3254EE935 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
12:41:43.0602 0x1234  IntuitUpdateServiceV4 - ok
12:41:43.0631 0x1234  [ 5624BC1BC5EEB49C0AB76A8114F05EA3, BD5AA534D8A923AF4D205EEC6DA55A3DC5F915E5F3223BF23F24C09824FA90B6 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:41:43.0635 0x1234  IPBusEnum - ok
12:41:43.0690 0x1234  [ D8AABC341311E4780D6FCE8C73C0AD81, 141E8032A934777567E6DAC35FB1C77C40D9B6EE477F17F872F35833A8F57F72 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:41:43.0693 0x1234  IpFilterDriver - ok
12:41:43.0720 0x1234  [ BF0DBFA9792C5C14FA00F61C75116C1B, 24C14DCAF57013F1C238E3C123279737420A714EB29CB69239C9838C9A269A59 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:41:43.0728 0x1234  iphlpsvc - ok
12:41:43.0733 0x1234  IpInIp - ok
12:41:43.0777 0x1234  [ 9C2EE2E6E5A7203BFAE15C299475EC67, E51628ECAB9CCCBCE02801C5E71406487A280765FEE318D14B0C227141B87658 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
12:41:43.0780 0x1234  IPMIDRV - ok
12:41:43.0799 0x1234  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE, C29D7F392116BB09F7047A90702331F200DACFB3C94E7F912932971E0B7F0413 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
12:41:43.0803 0x1234  IPNAT - ok
12:41:43.0867 0x1234  [ 33B286326BD2B1A7748C43391058FB19, C6240C9ED5B7C227595E953E3D1AB5F2D45CCD86FDBDF985836A970B4B6467FE ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:41:43.0891 0x1234  iPod Service - ok
12:41:43.0920 0x1234  [ 8C42CA155343A2F11D29FECA67FAA88D, 699F06D25C5F270CE1194F4D350CB0BE22C6AB609EECF35D066C034AC380BEE3 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:41:43.0922 0x1234  IRENUM - ok
12:41:43.0955 0x1234  iSafeNetFilter - ok
12:41:43.0979 0x1234  [ 0672BFCEDC6FC468A2B0500D81437F4F, A0322B569C309F258684AFECCD52924A33F363186261730469245B7FA357C645 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:41:43.0981 0x1234  isapnp - ok
12:41:44.0056 0x1234  [ E4FDF99599F27EC25D2CF6D754243520, 9139E708EE30F10652C9A458BD58B0343A3C05E84CD3E71FA0B0E4123503CF7B ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
12:41:44.0065 0x1234  iScsiPrt - ok
12:41:44.0078 0x1234  [ 63C766CDC609FF8206CB447A65ABBA4A, D9CA006FA852C95E90E8A0837E296FCBFD76246DA8AFDE563863D5F95BDFEC52 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
12:41:44.0080 0x1234  iteatapi - ok
12:41:44.0111 0x1234  [ 1281FE73B17664631D12F643CBEA3F59, B27571A0348CDF81DC102A61712CBA9A4AF7AC0015A7702B0DE73AD4E4646853 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
12:41:44.0113 0x1234  iteraid - ok
12:41:44.0123 0x1234  [ 423696F3BA6472DD17699209B933BC26, 00C2EAA1A8E9D422D178B7678598743234930C1858D76C632F079EF789BB56C3 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:41:44.0126 0x1234  kbdclass - ok
12:41:44.0149 0x1234  [ DBDF75D51464FBC47D0104EC3D572C05, E392EE961E734620245874C7700D56621A1A990C45DF5CE0B7D270BA708F255E ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:41:44.0151 0x1234  kbdhid - ok
12:41:44.0186 0x1234  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] KeyIso          C:\Windows\system32\lsass.exe
12:41:44.0188 0x1234  KeyIso - ok
12:41:44.0253 0x1234  [ 88956AD9FA510848AD176777A6C6C1F5, 8F2FBF7E70F836C2C11EE5ABCAFE3E51DC26E953DDFBEE3C1B4AA8E58EBDCF5E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:41:44.0272 0x1234  KSecDD - ok
12:41:44.0301 0x1234  [ 1D419CF43DB29396ECD7113D129D94EB, 21ECCE9D17F055C7B5066110864E10C99291CE50B389C545371333904CE2DBB5 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:41:44.0303 0x1234  ksthunk - ok
12:41:44.0347 0x1234  [ 1FAF6926F3416D3DA05C5B265491BDAE, 3989E18522691CC3820092033E00ED39D08861DFB369AA0DFFF4B379E48EA1F0 ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:41:44.0364 0x1234  KtmRm - ok
12:41:44.0428 0x1234  [ 50C7A3CB427E9BB5ED0708A669956AB5, 3DAD1C01AE58FE2C6134283B19118E2F3C884DDFFBAE4A46B7B5E4FB1A2567A1 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:41:44.0437 0x1234  LanmanServer - ok
12:41:44.0483 0x1234  [ CAF86FC1388BE1E470F1A7B43E348ADB, 9E9AE0B617D1031E8462524802A2D997AE7C944A7D00D403FF903145A7FEB761 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:41:44.0493 0x1234  LanmanWorkstation - ok
12:41:44.0539 0x1234  [ 984ECB68ED2A2B2E6A544E87E24FBA2D, 116F40AD6C079FEEC00707E7F00FD15ACB06E3153BC735ED30B7EDCBD2A1AB4D ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
12:41:44.0543 0x1234  LightScribeService - ok
12:41:44.0563 0x1234  [ 96ECE2659B6654C10A0C310AE3A6D02C, 3322E87B9F64C3ACBCB634F2390AAB212FA7695383BF01F0092A803871BF19B2 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:41:44.0567 0x1234  lltdio - ok
12:41:44.0601 0x1234  [ 961CCBD0B1CCB5675D64976FAE37D092, 258378BE76A13E4368C9587E6A22727721E4B267B0D26D3D3E333B3B2A5A0611 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:41:44.0614 0x1234  lltdsvc - ok
12:41:44.0628 0x1234  [ A47F8080CACC23C91FE823AD19AA5612, 161575406D158D6D5C9220F1E82C0CC19108C74ADC35C509BAF9B0C414EFD8EE ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:41:44.0631 0x1234  lmhosts - ok
12:41:44.0653 0x1234  [ ACBE1AF32D3123E330A07BFBC5EC4A9B, 0E17E4DD30B5AF8F269EF8EA003836C9E16273262A050B9BE3ED802DD3AC9319 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:41:44.0658 0x1234  LSI_FC - ok
12:41:44.0666 0x1234  [ 799FFB2FC4729FA46D2157C0065B3525, AB462A34D061C113DA12641C45159A58D0AEA1C440233D061A20DF99586CFA93 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:41:44.0671 0x1234  LSI_SAS - ok
12:41:44.0703 0x1234  [ F445FF1DAAD8A226366BFAF42551226B, 92B63E15363F1EAE8A54D4E74ED21669D0A9FE99C654671556C58456228278B1 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:41:44.0708 0x1234  LSI_SCSI - ok
12:41:44.0719 0x1234  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E, 2EB22DD418D4934BDD22C5DB49D5D06178EC0419AB5CC28DD544CA91823987B0 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:41:44.0724 0x1234  luafv - ok
12:41:44.0792 0x1234  [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:41:44.0794 0x1234  MBAMProtector - ok
12:41:44.0901 0x1234  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:41:44.0916 0x1234  MBAMScheduler - ok
12:41:44.0967 0x1234  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:41:44.0991 0x1234  MBAMService - ok
12:41:45.0059 0x1234  [ 76A58DF02BD4EA29F189B82D0BEF17F8, B3A96AABE050BB332ECD9AF7C35D08B468AC459D30FF4D49B609BA3F95ECEEDA ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:41:45.0063 0x1234  Mcx2Svc - ok
12:41:45.0090 0x1234  [ 5C5CD6AACED32FB26C3FB34B3DCF972F, 34A66C21FA79800D3CDE933CFA71343218F94D67AAE763EA0B53AC49060CB6D0 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:41:45.0092 0x1234  megasas - ok
12:41:45.0124 0x1234  [ 859BC2436B076C77C159ED694ACFE8F8, 4AEA57A8B9EACEC1B8DED3ECC95621C56E6D65CFE2DA9F07DAF7C7BAD132B624 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
12:41:45.0141 0x1234  MegaSR - ok
12:41:45.0166 0x1234  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] MMCSS           C:\Windows\system32\mmcss.dll
12:41:45.0169 0x1234  MMCSS - ok
12:41:45.0194 0x1234  [ 59848D5CC74606F0EE7557983BB73C2E, EA6ACF0619DE1E4272AEDC69F2E66E29DA499E8E8094243C9EF735FD8369229D ] Modem           C:\Windows\system32\drivers\modem.sys
12:41:45.0197 0x1234  Modem - ok
12:41:45.0217 0x1234  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5, 357811D1B8F70828F6432879F59DAB916FBB55673B3473D879382DE33CFB3FAF ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:41:45.0219 0x1234  monitor - ok
12:41:45.0238 0x1234  [ 9367304E5E412B120CF5F4EA14E4E4F1, F87EBACEE27A50E6610FDCB4BD3001C35A99FEE6D63D643FF2CBF0D484CD082C ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:41:45.0240 0x1234  mouclass - ok
12:41:45.0255 0x1234  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69, B77E4A7511923E7BD35A177A40B4E461AC9CB050D6F0575D4799DEF85DA6DA38 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:41:45.0257 0x1234  mouhid - ok
12:41:45.0276 0x1234  [ 11BC9B1E8801B01F7F6ADB9EAD30019B, 1BAF820C0AB1B70A114E767B2155A58BF86CD0D9CF582813C1635A86BE3A7A05 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
12:41:45.0280 0x1234  MountMgr - ok
12:41:45.0376 0x1234  [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:41:45.0382 0x1234  MozillaMaintenance - ok
12:41:45.0445 0x1234  [ C6B88D62F20AC646C6BD5C032EC2FAF9, 111A07939F3C5A46F0C51B9D6F5C1D8478099E32EFD88BC260467109ADD975F8 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
12:41:45.0454 0x1234  MpFilter - ok
12:41:45.0477 0x1234  [ F8276EB8698142884498A528DFEA8478, C0FF504F721F1D00F42CFE783D4F32C6728518F64646F5C5C11BA3A4824815BB ] mpio            C:\Windows\system32\drivers\mpio.sys
12:41:45.0482 0x1234  mpio - ok
12:41:45.0509 0x1234  [ C92B9ABDB65A5991E00C28F13491DBA2, D1233381A9E4262F0AB396BBDB7DE402D4370805E11EB8A118C846F6E9474098 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:41:45.0513 0x1234  mpsdrv - ok
12:41:45.0592 0x1234  [ 897E3BAF68BA406A61682AE39C83900C, 13F61D5C22BED061BE7C2669CCCAA2BAD4A0CE83800DF57A50306DE0A476FC27 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:41:45.0616 0x1234  MpsSvc - ok
12:41:45.0634 0x1234  [ 3C200630A89EF2C0864D515B7A75802E, AA4A312E7A28FCE7A944747BADB809CAAD3D67899EBBE663D473621DB25B140A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
12:41:45.0636 0x1234  Mraid35x - ok
12:41:45.0682 0x1234  [ 7C1DE4AA96DC0C071611F9E7DE02A68D, 8B248A82324FB23C64D41FA91BCC22093DE44C48D688E5995C484A7072A6EC08 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:41:45.0688 0x1234  MRxDAV - ok
12:41:45.0745 0x1234  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B, 9F157AAA1A793EF7E52817E4126B774C17FFA0036DADCF10A024FDC068F94F67 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:41:45.0752 0x1234  mrxsmb - ok
12:41:45.0808 0x1234  [ 3B929A60C833FC615FD97FBA82BC7632, 40EEBEB43F42A1A37FAA529E0C21984426F90C1EEFE1EF9BB2F696164595F91D ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:41:45.0818 0x1234  mrxsmb10 - ok
12:41:45.0828 0x1234  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3, 197F70E24D2BBDEC35C2D5BC442267ACC4C5AE3FD5BB30A0928976BE9758C942 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:41:45.0833 0x1234  mrxsmb20 - ok
12:41:45.0880 0x1234  [ 1AC860612B85D8E85EE257D372E39F4D, 74682CCE44BCEE31BCA286D4F4E53B64CAAE244155F2B4C8FEB6AE7C391CA89D ] msahci          C:\Windows\system32\drivers\msahci.sys
12:41:45.0884 0x1234  msahci - ok
12:41:45.0911 0x1234  [ 264BBB4AAF312A485F0E44B65A6B7202, 1DF36540C77D5D885B6C2EE91F0446864D8E6D6CFED87A9ED0765E76FE05E102 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:41:45.0920 0x1234  msdsm - ok
12:41:45.0952 0x1234  [ 7EC02CE772F068ED0BEAFA3DA341A9BC, 3B5B4EA0BF1D1E57F4DF74A569304A5EE41821F5E2F352760B8C9CA82C6D8292 ] MSDTC           C:\Windows\System32\msdtc.exe
12:41:45.0959 0x1234  MSDTC - ok
12:41:45.0979 0x1234  [ 704F59BFC4512D2BB0146AEC31B10A7C, F7712944DDC192C47953D577BE31B79B4D11217305B1C3D0DCA31B1518CB8DCB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:41:45.0981 0x1234  Msfs - ok
12:41:46.0005 0x1234  [ 00EBC952961664780D43DCA157E79B27, 4F8F5718D8574A128E0F6CD54C9BE59A93A7638A5689A8FF68D0C81D3E67808F ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:41:46.0006 0x1234  msisadrv - ok
12:41:46.0030 0x1234  [ 366B0C1F4478B519C181E37D43DCDA32, A98E2BC397FAD7D90653F55AC283CACAE7465D7F10A198D715046B1D896AF246 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:41:46.0037 0x1234  MSiSCSI - ok
12:41:46.0041 0x1234  msiserver - ok
12:41:46.0076 0x1234  [ 0EA73E498F53B96D83DBFCA074AD4CF8, E3DDE34FCFF272E06CD8DA836F8D79E2515885715D4A7CD7BF8D97D7A4E0E781 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:41:46.0078 0x1234  MSKSSRV - ok
12:41:46.0149 0x1234  [ 7675E15D1B2180745E4DA4D26AAD7385, 729AA6C610F67028CFFFF64B772FFA1CAE7581D37F8909BDA423D52AF85C92C8 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:41:46.0150 0x1234  MsMpSvc - ok
12:41:46.0171 0x1234  [ 52E59B7E992A58E740AA63F57EDBAE8B, A89F607B330BA1F42CA9FF01EF289BBD088350CF376568E58CB9865F1DA6CD72 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:41:46.0172 0x1234  MSPCLOCK - ok
12:41:46.0190 0x1234  [ 49084A75BAE043AE02D5B44D02991BB2, 4CD2692D191035CE9D18F4D21F054FF8C3F9CF2734464EA33EAB480A28AD447F ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:41:46.0191 0x1234  MSPQM - ok
12:41:46.0250 0x1234  [ DC6CCF440CDEDE4293DB41C37A5060A5, 768D08A67508E1CE69B67642A5E5A639C0DD1E93C956C56ECC5A56B0E502C953 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:41:46.0259 0x1234  MsRPC - ok
12:41:46.0290 0x1234  [ 855796E59DF77EA93AF46F20155BF55B, 75DFCEE16A9D94EDF74295B9686D92552817E8A00958917CB0E17089EDCF6A97 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:41:46.0292 0x1234  mssmbios - ok
12:41:46.0311 0x1234  [ 86D632D75D05D5B7C7C043FA3564AE86, 96911FBC106B91E76598EE110B5147D4C55E42C9194E857F866B6B395E78D2CB ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:41:46.0312 0x1234  MSTEE - ok
12:41:46.0334 0x1234  [ 0CC49F78D8ACA0877D885F149084E543, 984DDCB52F0DFC1B26C6504FE500E8D9C2CA7F79ED34608AE9866A0915B8BA67 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:41:46.0337 0x1234  Mup - ok
12:41:46.0393 0x1234  [ A5B10C845E7538C60C0F5D87A57CB3F5, 2B4E16702591C59BC2CA2B99DBB504BAB4F4EF0835B0D9C7453D340CBF0BDF16 ] napagent        C:\Windows\system32\qagentRT.dll
12:41:46.0408 0x1234  napagent - ok
12:41:46.0467 0x1234  [ 2007B826C4ACD94AE32232B41F0842B9, 6267D165C3C8C5F83194890A6DBF71226D4B891AECD1D06F7AEB5D738C3DC9CA ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:41:46.0473 0x1234  NativeWifiP - ok
12:41:46.0557 0x1234  [ 65950E07329FCEE8E6516B17C8D0ABB6, 4429D9FF9B6E376D28D8FA4906B7554DF566EC23E455E3166C496B579622F204 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:41:46.0579 0x1234  NDIS - ok
12:41:46.0603 0x1234  [ 64DF698A425478E321981431AC171334, C43177CB60F5D58E1FF7A31E9BE5DA7D92C4B25235867DD65BADC069EDF023F3 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:41:46.0605 0x1234  NdisTapi - ok
12:41:46.0611 0x1234  [ 8BAA43196D7B5BB972C9A6B2BBF61A19, 8AFFB26F6E8CF67F562818BBFE12FB448E4FCDF9B68858B625681565DE30DDC1 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:41:46.0612 0x1234  Ndisuio - ok
12:41:46.0661 0x1234  [ F8158771905260982CE724076419EF19, B86FFA790A30ED614A11C87F4D738C913EFC0924DC14750D544001D4E9556071 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:41:46.0668 0x1234  NdisWan - ok
12:41:46.0699 0x1234  [ 9CB77ED7CB72850253E973A2D6AFDF49, C3C15B317A7F7AE68B7BC62343962C47F075240F252727811DB4BEE443F9103F ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:41:46.0702 0x1234  NDProxy - ok
12:41:46.0717 0x1234  [ A499294F5029A7862ADC115BDA7371CE, 6BE0AAFE4EB59E056A929D6C1A009D8DFD547025481108CEFB12E5D6F86DBE14 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:41:46.0720 0x1234  NetBIOS - ok
12:41:46.0772 0x1234  [ FC2C792EBDDC8E28DF939D6A92C83D61, 9EDF8B56E2B47C31457074DA371B604E5F7EB2B3B5CD4688CBEEDD5B266D119B ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
12:41:46.0782 0x1234  netbt - ok
12:41:46.0797 0x1234  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] Netlogon        C:\Windows\system32\lsass.exe
12:41:46.0799 0x1234  Netlogon - ok
12:41:46.0837 0x1234  [ 9B63B29DEFC0F3115A559D2597BF5D75, 297319D3F2E97CB34464EA59D8FD96AC2B8B1A4F2AEE666937F16A041128021F ] Netman          C:\Windows\System32\netman.dll
12:41:46.0853 0x1234  Netman - ok
12:41:46.0877 0x1234  [ 7846D0136CC2B264926A73047BA7688A, 6F56CC1B17095C378D98B58A92F9EDA2D009529DDB6F60E815D85C7606C8EDC0 ] netprofm        C:\Windows\System32\netprofm.dll
12:41:46.0890 0x1234  netprofm - ok
12:41:46.0940 0x1234  [ 74751DDA198165947FD7454D83F49825, 24639B7E71D77999762BDDC65696E1EB868165C03C64278A6176B4505D0EEBB5 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:41:46.0946 0x1234  NetTcpPortSharing - ok
12:41:47.0187 0x1234  [ 93915C41A0DBBD121A0FAD2835E43776, EEF1FD3034D7F362EC5421EEE71A23B05AB311DE4E6D9451298D1946BD8E9F0B ] NETw5v64        C:\Windows\system32\DRIVERS\NETw5v64.sys
12:41:47.0489 0x1234  NETw5v64 - ok
12:41:47.0593 0x1234  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7, 8D7DE921E14BAF09D7E2704CFB2FB1C8A78A46DAF86CDF7A347C5D113A8C110B ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:41:47.0596 0x1234  nfrd960 - ok
12:41:47.0648 0x1234  [ ACE8C64C57E4A711473C8BC10ADF692B, 53D8083CE78DB5527080B4570AC28ABAA262667744A319707AE0C46E46B297F9 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:41:47.0654 0x1234  NisDrv - ok
12:41:47.0704 0x1234  [ 6247E8B31ED0A9D6BC5A26276E49BEB3, 230C0C560492C454B9EB14B50EB4A78DC74FAB6B662449A0EA3114B3E671BFF3 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
12:41:47.0718 0x1234  NisSrv - ok
12:41:47.0852 0x1234  [ 9ED6B2F6D9D04FB883F578ABC239EE07, F93F2AFB91AE605D96E83258F2EA20BF08E74FE8C36EEF39650F369071A080AF ] NitroReaderDriverReadSpool3 C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
12:41:47.0862 0x1234  NitroReaderDriverReadSpool3 - ok
12:41:47.0903 0x1234  [ F145BF4C4668E7E312069F81EF847CFC, C4926EFB41FE2813E90D83456C6CB8F3157D835391B443C7E26168F4E1D67DC7 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:41:47.0912 0x1234  NlaSvc - ok
12:41:47.0956 0x1234  [ B298874F8E0EA93F06EC40AA8D146478, 275D769E5EFD3153985DAF84C5B22B9D65428E09AB41099901ABDD03B3A2625D ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:41:47.0959 0x1234  Npfs - ok
12:41:47.0976 0x1234  [ ACB62BAA1C319B17752553DF3026EEEB, 5A309DF390A097245250BB64AD5F8575BECA601E0A122DDCB494C67D3D9EA089 ] nsi             C:\Windows\system32\nsisvc.dll
12:41:47.0979 0x1234  nsi - ok
12:41:47.0999 0x1234  [ 1523AF19EE8B030BA682F7A53537EAEB, B000630CE4B562D39B5EE4148409B2E01D8924D33D27607B24ADC901357E7AA5 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:41:48.0001 0x1234  nsiproxy - ok
12:41:48.0123 0x1234  [ 2ACCAA3C3C55370A32F17B3595E1A217, 8539A293A5E1EBA2CC0FA9E999099D3B6B035D41069398AE17D737BBE4D9FEA8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:41:48.0179 0x1234  Ntfs - ok
12:41:48.0206 0x1234  [ DD5D684975352B85B52E3FD5347C20CB, BB03C50D5178643550C024130E20FD9A023AE110B3C85A2D6E18FB8DBB3A12E4 ] Null            C:\Windows\system32\drivers\Null.sys
12:41:48.0207 0x1234  Null - ok
12:41:48.0267 0x1234  [ 9733F305FA84AAF84E7FB09C0B345ADB, 466629CC22224B2D4FA2098EB277BBDF9D2A0CD3D27D29638225207A76A08281 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm60x64.sys
12:41:48.0296 0x1234  NVENETFD - ok
12:41:48.0320 0x1234  [ 2C040B7ADA5B06F6FACADAC8514AA034, EF32F7C411090230ED1D95B2D01E8464DCC89D72EFD94BBC8DF6856D00B1A783 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:41:48.0326 0x1234  nvraid - ok
12:41:48.0356 0x1234  [ F7EA0FE82842D05EDA3EFDD376DBFDBA, 0ED0543A5331C0D8BBFD1BE3174482ED1B3EE70CA41CE8CE5C81977C37B3D129 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:41:48.0359 0x1234  nvstor - ok
12:41:48.0382 0x1234  [ 19067CA93075EF4823E3938A686F532F, 81339372E90CE9E2594461146A82B62452CF9DB3FF53381D30F6922059EDCF99 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:41:48.0387 0x1234  nv_agp - ok
12:41:48.0393 0x1234  NwlnkFlt - ok
12:41:48.0402 0x1234  NwlnkFwd - ok
12:41:48.0508 0x1234  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:41:48.0524 0x1234  odserv - ok
12:41:48.0563 0x1234  [ 1B30103FDE512915A9214B108B6E7A9C, C572D3DCB2058A0619D165D4EFC389AFB6C93CDD70D80C29ED34C6397C88356B ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
12:41:48.0567 0x1234  ohci1394 - ok
12:41:48.0640 0x1234  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:41:48.0646 0x1234  ose - ok
12:41:48.0763 0x1234  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
12:41:48.0821 0x1234  p2pimsvc - ok
12:41:48.0864 0x1234  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:41:48.0881 0x1234  p2psvc - ok
12:41:48.0947 0x1234  [ AECD57F94C887F58919F307C35498EA0, CD8E8B54A445EF0DC485D5F221588875C98328596F64EE03B2D8BD0B860504FB ] Parport         C:\Windows\system32\drivers\parport.sys
12:41:48.0951 0x1234  Parport - ok
12:41:48.0995 0x1234  [ B43751085E2ABE389DA466BC62A4B987, 167CB6B18B6B7B74A229A976833E1FBE6D51C9C0EB8A23C92FC2465B692DF383 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:41:48.0998 0x1234  partmgr - ok
12:41:49.0024 0x1234  [ 9AB157B374192FF276C1628FBDBA2B0E, E63E2EE1ABEEC5234F4F1318757EDB4A7567057B1DF1A2414C8698D47062B6AC ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:41:49.0028 0x1234  PcaSvc - ok
12:41:49.0077 0x1234  [ 47AB1E0FC9D0E12BB53BA246E3A0906D, 82B452D614B535FAD3AFEEA06DFBBF8F7C5031563A2558CFA04F9B94C76E45DF ] pci             C:\Windows\system32\drivers\pci.sys
12:41:49.0083 0x1234  pci - ok
12:41:49.0106 0x1234  [ 8D618C829034479985A9ED56106CC732, 9F3773A5184064092920FA2C88CCF5BFE44C63573B443E67230C4F596B7884C2 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:41:49.0108 0x1234  pciide - ok
12:41:49.0145 0x1234  [ 037661F3D7C507C9993B7010CEEE6288, A7B415675B14FD755D0167BBA458A902AA9ABFC4343A1B887289D31DE8A55285 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:41:49.0152 0x1234  pcmcia - ok
12:41:49.0199 0x1234  [ 58865916F53592A61549B04941BFD80D, 3511AF2EFD06636E144C36ECA8C7AA1A33C269EDB10A6D879AA25D9E11359AA9 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:41:49.0220 0x1234  PEAUTH - ok
12:41:49.0299 0x1234  [ 0ED8727EA0172860F47258456C06CAEA, 3CDAA1044E412EC4303CEABD36A8C7BADA2D6C6692E09B8FE440709E3F4F0166 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:41:49.0301 0x1234  PerfHost - ok
12:41:49.0375 0x1234  [ E9E68C1A0F25CF4A7AC966EEA74EE89E, 6C6903A856C29AD690FDA1B74ADB2222C3453FBE2B364245FA61D53C77C586C0 ] pla             C:\Windows\system32\pla.dll
12:41:49.0418 0x1234  pla - ok
12:41:49.0467 0x1234  [ FE6B0F59215C9FD9F9D26539C58C8B82, 52CF8BE31A28430226D117EB80974AEAE5EA07F39DE881164232D44BF67FF752 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:41:49.0478 0x1234  PlugPlay - ok
12:41:49.0524 0x1234  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
12:41:49.0541 0x1234  PNRPAutoReg - ok
12:41:49.0571 0x1234  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
12:41:49.0588 0x1234  PNRPsvc - ok
12:41:49.0647 0x1234  [ 89A5560671C2D8B4A4B51F3E1AA069D8, 07DEE5D73DDE09F954E2E13BB5603F0033829B6199C81A7C1709D94AB92B351E ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:41:49.0664 0x1234  PolicyAgent - ok
12:41:49.0712 0x1234  [ 23386E9952025F5F21C368971E2E7301, F7241C1799A8AA0E9106B101B841670304DC695FD8D290C690CE0ED5C13BC514 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:41:49.0716 0x1234  PptpMiniport - ok
12:41:49.0766 0x1234  [ 5080E59ECEE0BC923F14018803AA7A01, 2E201511821AECCF056962399AFA3533ED765A3E7FD30E7B38A6D13837367E69 ] Processor       C:\Windows\system32\drivers\processr.sys
12:41:49.0768 0x1234  Processor - ok
12:41:49.0817 0x1234  [ E058CE4FC2449D8BFA14739C83B7FF2A, 6ACA086D5E0EF3C3EAEBD78010E50739BBA7CA05E937FFF3A4F2AD22FD57B54A ] ProfSvc         C:\Windows\system32\profsvc.dll
12:41:49.0824 0x1234  ProfSvc - ok
12:41:49.0841 0x1234  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:41:49.0843 0x1234  ProtectedStorage - ok
12:41:49.0881 0x1234  [ C5AB7F0809392D0DA027F4A2A81BFA31, B5BC9712AD93661A77AF4D67DB5F05C58A93CF7CDD6F7BA20568C0A9F4630321 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
12:41:49.0884 0x1234  PSched - ok
12:41:49.0927 0x1234  [ 0F1F42C39AB2B16DB957A7A1756FEFFB, A2D2B67A97CCAFBBC69533342093DD8C55EE0628218BD80820BD1FEAE26CB749 ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
12:41:49.0957 0x1234  QBCFMonitorService - ok
12:41:50.0020 0x1234  [ 92AA40E2B692E8637D45FB2D01137D17, 2BAA61ADBD58CBE27BCB24EA1E2CBE2D94C9E485D89FE6218954D745EB27F831 ] QBFCService     C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
12:41:50.0065 0x1234  QBFCService - ok
12:41:50.0161 0x1234  [ 0B83F4E681062F3839BE2EC1D98FD94A, 47E1B8014C59981693F5544872AF00383528AAEF0C6FE9AE8C45A6359EFB067D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:41:50.0208 0x1234  ql2300 - ok
12:41:50.0255 0x1234  [ E1C80F8D4D1E39EF9595809C1369BF2A, 5C18F8366049C690FC8AA4A992AA0765A6607F72E0EF889A5F3757E59FB1C143 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:41:50.0260 0x1234  ql40xx - ok
12:41:50.0360 0x1234  [ 6803B69C14696CC4907C5F77FBB04A14, BDC520092C30ECA84C60FE8EE17B12ABACBCB7A602B7251F77D01D2659276508 ] QPCapSvc        C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
12:41:50.0372 0x1234  QPCapSvc - ok
12:41:50.0384 0x1234  [ 95A0B86B9F1D27B613830864341A8252, E0BFB93710ABF87C5B51FFAE90D39AE21C7C9B1DDF675F025ED1704BC43E4DB8 ] QPSched         C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
12:41:50.0389 0x1234  QPSched - ok
12:41:50.0421 0x1234  [ 90574842C3DA781E279061A3EFF91F07, F87DE7355DAA4FACF2126A0427C08BAAD9E647E0B02EE5447746BE969B28DA8D ] QWAVE           C:\Windows\system32\qwave.dll
12:41:50.0434 0x1234  QWAVE - ok
12:41:50.0454 0x1234  [ E8D76EDAB77EC9C634C27B8EAC33ADC5, 171A3C5D5C3C5845C3BF9A4BCD88E744B025C910AC2F528D0E7D66F173FF0BED ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:41:50.0457 0x1234  QWAVEdrv - ok
12:41:50.0474 0x1234  [ 1013B3B663A56D3DDD784F581C1BD005, 36B83F234C2D6A6112BC8B5EF0AB5075EE98AC0BED702C37E4C1C3D17EB49956 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:41:50.0476 0x1234  RasAcd - ok
12:41:50.0502 0x1234  [ B2AE18F847D07F0044404DDF7CB04497, 24B1D5E1D0621160640264656E3D447C611DEE1B0EE308971EF85F0AC3D9F7DD ] RasAuto         C:\Windows\System32\rasauto.dll
12:41:50.0508 0x1234  RasAuto - ok
12:41:50.0533 0x1234  [ AC7BC4D42A7E558718DFDEC599BBFC2C, E059EB9472FDDB73AF09FFEBA58D8284AFCDAB1516E0C5759980E60C892F8126 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:41:50.0538 0x1234  Rasl2tp - ok
12:41:50.0574 0x1234  [ 3AD83E4046C43BE510DE681588ACB8AF, C5445A23F35395B3EA3974C0D5E314E23D900C694D31F7B7A83FE9027D95A91C ] RasMan          C:\Windows\System32\rasmans.dll
12:41:50.0588 0x1234  RasMan - ok
12:41:50.0643 0x1234  [ 4517FBF8B42524AFE4EDE1DE102AAE3E, F01C8A773A637B66192BD16DDE467CAECC6E62853DBDB507FF3FC67B4B388988 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:41:50.0646 0x1234  RasPppoe - ok
12:41:50.0701 0x1234  [ C6A593B51F34C33E5474539544072527, 8182C1D15CDC164363D3DD355197160167A00BA9FA833AA444317D06344EF7CE ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:41:50.0706 0x1234  RasSstp - ok
12:41:50.0768 0x1234  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1, 07B89F701594F680F50A885B923521763A6131104CEE63D422E1C359C23AE2F6 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:41:50.0779 0x1234  rdbss - ok
12:41:50.0800 0x1234  [ 603900CC05F6BE65CCBF373800AF3716, 83B010D51D1087673CF15FD0A992FD91CC910A073FEA9A8F20F6124B6E5489F2 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:41:50.0801 0x1234  RDPCDD - ok
12:41:50.0839 0x1234  [ C045D1FB111C28DF0D1BE8D4BDA22C06, 572986C93B982387EE94797A1EDE1C6C444B0F1078AC8201099452BFA021458F ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
12:41:50.0852 0x1234  rdpdr - ok
12:41:50.0859 0x1234  [ CAB9421DAF3D97B33D0D055858E2C3AB, 66C353CD310A91FAB0D0871ACCE71110595B63536560D0331DA70B1E33AC45BE ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:41:50.0861 0x1234  RDPENCDD - ok
12:41:50.0925 0x1234  [ AE4BD9E1C33D351D8E607FC81F15160C, AD785CA72B7C6EB9F94B2E797C758C0F804DB26EE056DDC6D4F85BB562A02EA4 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:41:50.0934 0x1234  RDPWD - ok
12:41:50.0988 0x1234  [ B9570481A1BABCC4A9E941C553596077, B9A89B8C683F634504F7563EDAFB09F0AC8165F34F03177C96D4109CE1BE5D74 ] Recovery Service for Windows C:\Windows\SMINST\BLService.exe
12:41:51.0154 0x1234  Recovery Service for Windows - ok
12:41:51.0193 0x1234  [ C612B9557DA73F70D41F8A6FBC8E5344, D7D11F202066F848FBD3F26D9FF915C7F3D68F30631393B2049F3AC5A40FD108 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:41:51.0199 0x1234  RemoteAccess - ok
12:41:51.0253 0x1234  [ 44B9D8EC2F3EF3A0EFB00857AF70D861, A45D8024A242456A73337C91663A3E1633BF163234CDFD5DF86840F31FFFE84D ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:41:51.0263 0x1234  RemoteRegistry - ok
12:41:51.0316 0x1234  [ CD71E053D7260E4102D99A28F9196070, FD6E3CCB76D2700C50D2C9E98AA4D1AB97F73D9A502E2F705DA5CC5810F5A090 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
12:41:51.0323 0x1234  RFCOMM - ok
12:41:51.0391 0x1234  [ 17E0BEF5CA5C9CE52CC8082AC6EBC449, F05A32DA0A62144AAE78A3A9173F21F52FAED4E39F9250B3E1B11066760B2576 ] RichVideo       C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
12:41:51.0402 0x1234  RichVideo - ok
12:41:51.0425 0x1234  [ F46C457840D4B7A4DAAFEE739CE04102, 94E946036240B3BAFF17C4A49745E29E492ABBC7BE5110741B212DF4D7F45B84 ] RpcLocator      C:\Windows\system32\locator.exe
12:41:51.0427 0x1234  RpcLocator - ok
12:41:51.0511 0x1234  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] RpcSs           C:\Windows\system32\rpcss.dll
12:41:51.0533 0x1234  RpcSs - ok
12:41:51.0561 0x1234  [ 22A9CB08B1A6707C1550C6BF099AAE73, 46A9D40A03DC0B6C93274C0C1CDB132B2339E76E77CAB0F12AEDAD4C31822B91 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:41:51.0566 0x1234  rspndr - ok
12:41:51.0630 0x1234  [ AF7074E1D6A8A66204067EE8B2A8327A, 0FCE2F94C77EF2C7647C203E7E0F2E4D67BCB547B31B5CC987A2B71AABC78AEB ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh64.sys
12:41:51.0639 0x1234  RTL8169 - ok
12:41:51.0696 0x1234  [ 325EEEC3C29C8BFC495CC422B4449B2B, 5C34C77FA753910382542065828F2DA2D07EA99F3B56551D26807A9F5AF1A5AE ] RTSTOR          C:\Windows\system32\drivers\RTSTOR64.SYS
12:41:51.0700 0x1234  RTSTOR - ok
12:41:51.0708 0x1234  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] SamSs           C:\Windows\system32\lsass.exe
12:41:51.0710 0x1234  SamSs - ok
12:41:51.0721 0x1234  [ CD9C693589C60AD59BBBCFB0E524E01B, F9EBD4FF4C712A563B1120D123012E41105D31402BE45D6F8C8DA71155D64ECB ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:41:51.0726 0x1234  sbp2port - ok
12:41:51.0777 0x1234  [ FD1CDCF108D5EF3366F00D18B70FB89B, 5BCE3A9D5DC0B6937A734264C5B8DE0E6B8F77A869A118F94D57E662AAB28FE2 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:41:51.0785 0x1234  SCardSvr - ok
12:41:51.0876 0x1234  [ 0F838C811AD295D2A4489B9993096C63, 3DF2F973359249735810CB5AD52E05126A93A1C7D9F6274ACB018A0A125846BD ] Schedule        C:\Windows\system32\schedsvc.dll
12:41:51.0910 0x1234  Schedule - ok
12:41:51.0957 0x1234  [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:41:51.0959 0x1234  SCPolicySvc - ok
12:41:52.0008 0x1234  [ B42EE50F7D24F837F925332EB349ECA5, 5DA793DADA7E244A48FFE3249A0271974BA31839A70173F2F14BE80673C86014 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
12:41:52.0013 0x1234  sdbus - ok
12:41:52.0048 0x1234  [ 4FF71B076A7760FE75EA5AE2D0EE0018, DDDBC9530120F8C1AB449076F6F06F74354149B4C458E6682F957628EE795DE8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:41:52.0056 0x1234  SDRSVC - ok
12:41:52.0078 0x1234  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:41:52.0081 0x1234  secdrv - ok
12:41:52.0090 0x1234  [ 5ACDCBC67FCF894A1815B9F96D704490, FE0247A8BEDB860EBD46A9D49C641D0B9AA24EE34132CDDADC9F5A605238FDA7 ] seclogon        C:\Windows\system32\seclogon.dll
12:41:52.0094 0x1234  seclogon - ok
12:41:52.0104 0x1234  [ 90973A64B96CD647FF81C79443618EED, 1D3CB7F724B7EADA6443DF07B258EE7FB7FEC92C2A7A9D3C57F6A220EF0DDDC4 ] SENS            C:\Windows\System32\sens.dll
12:41:52.0109 0x1234  SENS - ok
12:41:52.0129 0x1234  [ F71BFE7AC6C52273B7C82CBF1BB2A222, 8C7F0E426B266DBBFE4BBE3333A33C338209BD8BE0E434A98D0D2CFD78D3F758 ] Serenum         C:\Windows\system32\drivers\serenum.sys
12:41:52.0131 0x1234  Serenum - ok
12:41:52.0149 0x1234  [ E62FAC91EE288DB29A9696A9D279929C, 9B6A420556532F7F8D55FB6580A592A43BEA579A068B970C741A23DB079ECAD1 ] Serial          C:\Windows\system32\drivers\serial.sys
12:41:52.0154 0x1234  Serial - ok
12:41:52.0171 0x1234  [ A842F04833684BCEEA7336211BE478DF, 9D964AEA237C44898098AC9C2D043F00C66EDA7D73C381D616737C01A9D0FF45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:41:52.0173 0x1234  sermouse - ok
12:41:52.0211 0x1234  [ A8E4A4407A09F35DCCC3771AF590B0C4, F56ECE42CE81098FCCBCDFBBF006C3FB9EDD29C62F03C4EAE012EE690669481B ] SessionEnv      C:\Windows\system32\sessenv.dll
12:41:52.0216 0x1234  SessionEnv - ok
12:41:52.0246 0x1234  [ 14D4B4465193A87C127933978E8C4106, A5C3F2F09E9A0715529B05AC1020EF0F432121E129447795257087E0D6A812FC ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:41:52.0248 0x1234  sffdisk - ok
12:41:52.0271 0x1234  [ 7073AEE3F82F3D598E3825962AA98AB2, 82A959A0970CBA8CC16D44736ED12158E59E138484F3F53EBDD3A4C02DA3700D ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:41:52.0273 0x1234  sffp_mmc - ok
12:41:52.0292 0x1234  [ 35E59EBE4A01A0532ED67975161C7B82, 4F4296B8903FCD06439CC8BF93C703852E523834F09CF9121FDA729A988AF11B ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:41:52.0294 0x1234  sffp_sd - ok
12:41:52.0310 0x1234  [ 6B7838C94135768BD455CBDC23E39E5F, 868E054ED546479DEAD7C2834C7AB080820522C16F5B4BEF0F3B279A33ABA9C8 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:41:52.0312 0x1234  sfloppy - ok
12:41:52.0349 0x1234  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34, 9659C7B5046DE2C0416A74FDE6F798C3E78D38327CB71BAE49D57A8347A9097D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:41:52.0363 0x1234  SharedAccess - ok
12:41:52.0426 0x1234  [ 56793271ECDEDD350C5ADD305603E963, 7A29407C1C550FF3A6A3544811ABD971E9C760B984A7E64D5A1440C69D6AF483 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:41:52.0439 0x1234  ShellHWDetection - ok
12:41:52.0473 0x1234  [ 7A5DE502AEB719D4594C6471060A78B3, E8E16DF8AFFC230FBB1A5938925D464A1BA776184B8C020B37669EE2105DB9F2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
12:41:52.0476 0x1234  SiSRaid2 - ok
12:41:52.0490 0x1234  [ 3A2F769FAB9582BC720E11EA1DFB184D, 83EEBCE37E8709FCE15FB44F546C727C56064ED49B73A471EA33480573558419 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:41:52.0494 0x1234  SiSRaid4 - ok
12:41:52.0658 0x1234  [ A9A27A8E257B45A604FDAD4F26FE7241, C5A1056522EE2BA7B70D34E391477A0E9351569CEF28B875172F4B363F6D4177 ] slsvc           C:\Windows\system32\SLsvc.exe
12:41:52.0791 0x1234  slsvc - ok
12:41:52.0851 0x1234  [ FD74B4B7C2088E390A30C85A896FC3AF, 897F1F89A4DDB356CF6E59EFBC32A2081C0CADE283793DB6879D263F7B2E313F ] SLUINotify      C:\Windows\system32\SLUINotify.dll
12:41:52.0856 0x1234  SLUINotify - ok
12:41:52.0902 0x1234  [ 290B6F6A0EC4FCDFC90F5CB6D7020473, 971888FE760641FF86165B9876E6FC12DBC309C0FED2734C60B9E0EBC078AAE0 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:41:52.0906 0x1234  Smb - ok
12:41:52.0953 0x1234  [ F8F47F38909823B1AF28D60B96340CFF, EFD948EE09F22F9F373A98BA6D9BC519FD9244986E4BE7B2BACD92D3C145AD1D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:41:52.0956 0x1234  SNMPTRAP - ok
12:41:53.0006 0x1234  [ 386C3C63F00A7040C7EC5E384217E89D, DD8766BCBD77EC6F67979A8B37B943A3A0E5478CE3FB129BF8FCA29B66529721 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:41:53.0008 0x1234  spldr - ok
12:41:53.0066 0x1234  [ F66FF751E7EFC816D266977939EF5DC3, 689BDD0B442830E162F2F9A8EFBD0E137F518C7F0CD92EDF4A43EFBA188B69F4 ] Spooler         C:\Windows\System32\spoolsv.exe
12:41:53.0078 0x1234  Spooler - ok
12:41:53.0134 0x1234  [ 880A57FCCB571EBD063D4DD50E93E46D, D46BA584D1C33F17C4156127742FA470AA044C4BCE9E6A209E5B1F3A44C73350 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:41:53.0150 0x1234  srv - ok
12:41:53.0211 0x1234  [ A1AD14A6D7A37891FFFECA35EBBB0730, AE00950D330EE4C05F5AA9BC7E63E974766D8E93B607CB3E683C727E8A65049D ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:41:53.0218 0x1234  srv2 - ok
12:41:53.0232 0x1234  [ 4BED62F4FA4D8300973F1151F4C4D8A7, 1835895B3E837F8862F7F669DFBDF5EAB627E5656377624474C17E92CF440D2A ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:41:53.0239 0x1234  srvnet - ok
12:41:53.0260 0x1234  [ 192C74646EC5725AEF3F80D19FF75F6A, 8F24FF139A46B1F837356B9D682526107D7BADCFA510842FEACB6F06C02D93D9 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:41:53.0269 0x1234  SSDPSRV - ok
12:41:53.0307 0x1234  [ 2EE3FA0308E6185BA64A9A7F2E74332B, EC6A15281685E6CDEADABDFD08C4AF980AD3B404C945EB121D7F90AFCA3D6849 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:41:53.0315 0x1234  SstpSvc - ok
12:41:53.0417 0x1234  [ F50811D2C2CE6C482F900E74DC2BB6C1, 5EF1562AB5F32CCAB2E07B8FEFAB85BE13B38542144AEE93585285815C137C3A ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\STacSV64.exe
12:41:53.0427 0x1234  STacSV - ok
12:41:53.0482 0x1234  [ 8298C6E15AB8AD4565E4BE79A4A0BED5, 1A58A15E71045161E633F5714CED4FDC56B1590A58EE38CE120BD5445F3D04E3 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
12:41:53.0512 0x1234  STHDA - ok
12:41:53.0580 0x1234  [ 15825C1FBFB8779992CB65087F316AF5, E9431C016D209A7322C0586F11EEF0AB461AB5822960287BB1D0FBC30183614D ] stisvc          C:\Windows\System32\wiaservc.dll
12:41:53.0604 0x1234  stisvc - ok
12:41:53.0627 0x1234  [ 8A851CA908B8B974F89C50D2E18D4F0C, 27EA13E50B5B72ABF6C5B7B7D34A7154A12BB27B1C1B2EEFCAA36A96010DB4DC ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:41:53.0629 0x1234  swenum - ok
12:41:53.0696 0x1234  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A, 9C3714238571704CEE2AD4F1E15029243E00B494345C41F74EFDF3F0328CC9EA ] swprv           C:\Windows\System32\swprv.dll
12:41:53.0715 0x1234  swprv - ok
12:41:53.0743 0x1234  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B, 0227EAF144BC35AA4FF2535E8C9974C0609B7634EE45F4166B9F88F79B17BBF1 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
12:41:53.0746 0x1234  Symc8xx - ok
12:41:53.0766 0x1234  [ A909667976D3BCCD1DF813FED517D837, 0874DD4C1CA7AE2E519EBB45433BC9F11A574408F5D2F9E23A340CA76512F5CE ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
12:41:53.0768 0x1234  Sym_hi - ok
12:41:53.0787 0x1234  [ 36887B56EC2D98B9C362F6AE4DE5B7B0, 7349FABACB633A9EEE3D4E241A5F443C28D23CC87F21EAAB3F1711644AA21D7C ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
12:41:53.0789 0x1234  Sym_u3 - ok
12:41:53.0817 0x1234  [ B432C6063D4C621241C2B6E05CA0C3E3, 657D54A593B4AE8B769FABCBB1AE46A176A9142834E4F145857D975E39ABC164 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
12:41:53.0829 0x1234  SynTP - ok
12:41:53.0923 0x1234  [ 92D7A8B0F87B036F17D25885937897A6, 6759BAB11E5FBB143BE13DF1611AE5D41D379DF423D881E92E910DF6A37CBA85 ] SysMain         C:\Windows\system32\sysmain.dll
12:41:53.0958 0x1234  SysMain - ok
12:41:53.0988 0x1234  [ 005CE42567F9113A3BCCB3B20073B029, B1831D71410AD6E7DEB59D26BF6D2D07D2F6112936D6A6FDA57E9296ADA4076D ] TabletInputService C:\Windows\System32\TabSvc.dll
12:41:53.0993 0x1234  TabletInputService - ok
12:41:54.0056 0x1234  [ CC2562B4D55E0B6A4758C65407F63B79, C6AD05B345C699A715EC13830D8EA6EE9822F4B713D15B1F29AC044674A0F498 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:41:54.0070 0x1234  TapiSrv - ok
12:41:54.0095 0x1234  [ CDBE8D7C1E201B911CDC346D06617FB5, 16D5965E32A109DA38D77F4B6281081569D78371B2F522DE51100967F8776C7A ] TBS             C:\Windows\System32\tbssvc.dll
12:41:54.0100 0x1234  TBS - ok
12:41:54.0200 0x1234  [ EA8623BDD511A1ACD18DA4883860ADDE, A3BE60B3DBFF783111B1AD5D070F376ABFA94D61378D32EDA714E4E90043DE4D ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:41:54.0253 0x1234  Tcpip - ok
12:41:54.0310 0x1234  [ EA8623BDD511A1ACD18DA4883860ADDE, A3BE60B3DBFF783111B1AD5D070F376ABFA94D61378D32EDA714E4E90043DE4D ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
12:41:54.0356 0x1234  Tcpip6 - ok
12:41:54.0408 0x1234  [ 24D7686A4A0323FB987654BD228C1F39, 46F464BDA89944A4F1DFF61B80FE99819BD98BFF441BACCDDF0429EEB24C5E20 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:41:54.0410 0x1234  tcpipreg - ok
12:41:54.0436 0x1234  [ 1D8BF4AAA5FB7A2761475781DC1195BC, A28E972E9331BAD685D4C786FDE221565E0AD3E222B24B9182B7FA916BFCD9C8 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:41:54.0438 0x1234  TDPIPE - ok
12:41:54.0452 0x1234  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1, 42A408E82D4017D27D3B0BBBA02BF4B21DEC060C89849785ED65962D18029B65 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:41:54.0454 0x1234  TDTCP - ok
12:41:54.0497 0x1234  [ 458919C8C42E398DC4802178D5FFEE27, E38828411DCE0AE2E2BF0D270FD80E47B46EDE4B44DAFD1DF11F54D427EACEB5 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:41:54.0500 0x1234  tdx - ok
12:41:54.0553 0x1234  [ 8C19678D22649EC002EF2282EAE92F98, 551E7EBA54C2345F2B7FD7AAA7ADA4C852C94F1B35E6E4BBEF883BAFA34F6262 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:41:54.0555 0x1234  TermDD - ok
12:41:54.0618 0x1234  [ 5CDD30BC217082DAC71A9878D9BFD566, 260D40973F9EEAE9A1890B813D8DCC01A9434D17DCE5DA1D16B72A57DCF59194 ] TermService     C:\Windows\System32\termsrv.dll
12:41:54.0634 0x1234  TermService - ok
12:41:54.0668 0x1234  [ 56793271ECDEDD350C5ADD305603E963, 7A29407C1C550FF3A6A3544811ABD971E9C760B984A7E64D5A1440C69D6AF483 ] Themes          C:\Windows\system32\shsvcs.dll
12:41:54.0678 0x1234  Themes - ok
12:41:54.0699 0x1234  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] THREADORDER     C:\Windows\system32\mmcss.dll
12:41:54.0701 0x1234  THREADORDER - ok
12:41:54.0725 0x1234  [ F4689F05AF472A651A7B1B7B02D200E7, 3D34B8879DBC69013D1A87A3F47B8A622A60B57F2E962E9F5925C5A01F44640F ] TrkWks          C:\Windows\System32\trkwks.dll
12:41:54.0730 0x1234  TrkWks - ok
12:41:54.0786 0x1234  [ 66328B08EF5A9305D8EDE36B93930369, FD8136BF15AB8D2DB15D011C4F813737D68EED1178462DB8CE40606C16185A30 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:41:54.0788 0x1234  TrustedInstaller - ok
12:41:54.0832 0x1234  [ B2388462329ACD17AF50D8701E0C1B18, 959D7B7CCB526367645BAA11C56C88C9AD741EE338BAD6513C54FC7ED43F3AC0 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:41:54.0834 0x1234  tssecsrv - ok
12:41:54.0876 0x1234  [ 89EC74A9E602D16A75A4170511029B3C, AACD82A6F5FE31FF1315F5CA69E5EB6BD172DD86610F0641177CCC131B542034 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
12:41:54.0878 0x1234  tunmp - ok
12:41:54.0915 0x1234  [ 30A9B3F45AD081BFFC3BCAA9C812B609, 57204F1F72FEFA086FF1D8A14487D56F4DEDD3C50FBB6903E0C4AC749EA720DE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:41:54.0917 0x1234  tunnel - ok
12:41:54.0938 0x1234  [ FEC266EF401966311744BD0F359F7F56, 6EE0223AEFA7A81BEB155FC0CD4421C2BEBCDCBC9663C23064B0445101114BF8 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:41:54.0941 0x1234  uagp35 - ok
12:41:54.0994 0x1234  [ FAF2640A2A76ED03D449E443194C4C34, CC2517DCFE6962EB2EDEB93E44CB53B113974C9C69A050E3F36385C8D78E810B ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:41:55.0004 0x1234  udfs - ok
12:41:55.0044 0x1234  [ 060507C4113391394478F6953A79EEDC, 5D0AE5F1184165289DC8E8CD493607FCB68512CF90F748E3BFD2250655D784D4 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:41:55.0047 0x1234  UI0Detect - ok
12:41:55.0076 0x1234  [ 4EC9447AC3AB462647F60E547208CA00, F304125321B1ECA915EDDBDB6A71EAEF3123DCB5604C9497D72F12E0C1BD5315 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:41:55.0080 0x1234  uliagpkx - ok
12:41:55.0139 0x1234  [ 697F0446134CDC8F99E69306184FBBB4, A741882B8FE403E3A5DECED5D4A2254B14AF40ACECD4DAA3D00D71C2205C2C5F ] uliahci         C:\Windows\system32\drivers\uliahci.sys
12:41:55.0151 0x1234  uliahci - ok
12:41:55.0162 0x1234  [ 31707F09846056651EA2C37858F5DDB0, A619AC4B32EA77AC29458894614870086C4DDB81525ADBCFF1AB8970FC5C257A ] UlSata          C:\Windows\system32\drivers\ulsata.sys
12:41:55.0169 0x1234  UlSata - ok
12:41:55.0185 0x1234  [ 85E5E43ED5B48C8376281BAB519271B7, DBDA4216553F7C5EA0C579346D0A638E62766D5B8FCB1BFF3149BB37BBF978D3 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
12:41:55.0195 0x1234  ulsata2 - ok
12:41:55.0202 0x1234  [ 46E9A994C4FED537DD951F60B86AD3F4, 256F93ED3BD43B50F0D4489164D959F95AB070CC25A80A46355D2B387D336224 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:41:55.0205 0x1234  umbus - ok
12:41:55.0247 0x1234  [ 7093799FF80E9DECA0680D2E3535BE60, 1CBFCCA84CB9212176BF5A1D32334BD54E58A2668A4746252738800468AD4AD4 ] upnphost        C:\Windows\System32\upnphost.dll
12:41:55.0263 0x1234  upnphost - ok
12:41:55.0319 0x1234  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
12:41:55.0322 0x1234  USBAAPL64 - ok
12:41:55.0368 0x1234  [ 858CC93477F9A9383E07861892600FF9, C72B25E7F6AF46AC22F8D2A1FA0345B290AAE642442C8A388EA75944334BB289 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:41:55.0373 0x1234  usbccgp - ok
12:41:55.0404 0x1234  [ 9247F7E0B65852C1F6631480984D6ED2, E3360A0EE891B8BADEF5FF53F796C79D6AD218961087F866E451F3B6F278672A ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:41:55.0408 0x1234  usbcir - ok
12:41:55.0438 0x1234  [ 82C3790E4E6F35087EF00994C7A72988, 95FA022BDAC65DCD2DA52C8FCC1F2C186B321F4599F40CB90262E24FD10AE16C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:41:55.0441 0x1234  usbehci - ok
12:41:55.0464 0x1234  [ BE2EB33AF6EE2E5DA07EB987E0A321F5, 0FCFABA080C553451AE4FAFB54DFE57639251D97DA204C07EC66F469826F3B46 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:41:55.0475 0x1234  usbhub - ok
12:41:55.0504 0x1234  [ 540B622DA0949695C40CDC9D5D497A8B, 2390308ABE02AB169B708F05C17F753EBF2B2FEE57629CA8919E9420157A06FF ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
12:41:55.0506 0x1234  usbohci - ok
12:41:55.0558 0x1234  [ 28B693B6D31E7B9332C1BDCEFEF228C1, 6B756E6D7459F755C76BC3F497643F6818F107304B789952B233C6585434F3A8 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:41:55.0560 0x1234  usbprint - ok
12:41:55.0616 0x1234  [ C024814884CE9E6C2E6ED76A63AC3B9A, 39C9EB54998547B0B65EEE6391AA326B02C7CA52FAE9CEB98D538FEC8D9F1858 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:41:55.0620 0x1234  usbscan - ok
12:41:55.0678 0x1234  [ B854C1558FCA0C269A38663E8B59B581, 08CC36B33FA2281FC88671BE051863AA8CA911446D24596049DB77FB4CB09EA6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:41:55.0681 0x1234  USBSTOR - ok
12:41:55.0725 0x1234  [ 308F6DDC052C970D679DA37D8A305279, E0F4C3C8F27E21C186289B115ECAB771777BC7E848F29D683C53C9F936F30848 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
12:41:55.0727 0x1234  usbuhci - ok
12:41:55.0762 0x1234  [ BF7A051DCCBA57C95541135B29CE0FB4, F3570ED5B57CB64A8222164038D53D1C2009013C50CFDE2E6105E8D4F642FEA6 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
12:41:55.0768 0x1234  usbvideo - ok
12:41:55.0819 0x1234  [ D76E231E4850BB3F88A3D9A78DF191E3, 98CAD31C41AD155EA853DF850D94FA29543C3A7D26262D1B6881281D033CEBAF ] UxSms           C:\Windows\System32\uxsms.dll
12:41:55.0823 0x1234  UxSms - ok
12:41:55.0885 0x1234  [ 294945381DFA7CE58CECF0A9896AF327, 67414C6D79D2826BC86BB37349C9D74DB4B667310CBC1ABFD103E26332AE4A00 ] vds             C:\Windows\System32\vds.exe
12:41:55.0899 0x1234  vds - ok
12:41:55.0935 0x1234  [ 916B94BCF1E09873FFF2D5FB11767BBC, 072007FED4EF30C4D7AF8628CBEB2AC99EEAD99D7AB533E90E3748E3D4F11C28 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:41:55.0937 0x1234  vga - ok
12:41:55.0965 0x1234  [ B83AB16B51FEDA65DD81B8C59D114D63, 97D39AA763037752D87216B83896AFD2AD6DFEBB3BCDCED7A9ABFE5706B804C5 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:41:55.0967 0x1234  VgaSave - ok
12:41:55.0975 0x1234  [ 8294B6C3FDB6C33F24E150DE647ECDAA, FEBD9536EF61F700DFD5D9CB815808C8415D5B23590B3CE17B12D84F4670EA4D ] viaide          C:\Windows\system32\drivers\viaide.sys
12:41:55.0977 0x1234  viaide - ok
12:41:55.0994 0x1234  [ 2B7E885ED951519A12C450D24535DFCA, 249009EBC1D306D51FDFA4A89588462AA2D8B6DF0A20BE250B60DD73200CB7F3 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:41:55.0998 0x1234  volmgr - ok
12:41:56.0115 0x1234  [ CEC5AC15277D75D9E5DEC2E1C6EAF877, EA989E257C4409F9AF3B35C4D7ED9134D930FE3733B077C4F3AA5497796F2CB0 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:41:56.0127 0x1234  volmgrx - ok
12:41:56.0173 0x1234  [ 582F710097B46140F5A89A19A6573D4B, 6F695B17BF476D027D3012352F3D4DFD0E0815823DA51A136767ECEF6D64A1CA ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:41:56.0181 0x1234  volsnap - ok
12:41:56.0210 0x1234  [ A68F455ED2673835209318DD61BFBB0E, 8B2B255E8E2F8B415F7AC0F7F4C423F639DD47737F7CEE0F7C816D9A6893C5F7 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:41:56.0215 0x1234  vsmraid - ok
12:41:56.0486 0x1234  [ B75232DAD33BFD95BF6F0A3E6BFF51E1, A8120040F144AD42A39347A615F31BF752634994D4D134E2FAD23FEA9C1D71DF ] VSS             C:\Windows\system32\vssvc.exe
12:41:56.0576 0x1234  VSS - ok
12:41:56.0643 0x1234  [ F14A7DE2EA41883E250892E1E5230A9A, EBCB74BE26437F6FE84A3B41AD034F451D4BD12CA77D4C7A433DB912E7D31593 ] W32Time         C:\Windows\system32\w32time.dll
12:41:56.0656 0x1234  W32Time - ok
12:41:56.0689 0x1234  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7, D682FBF78CF987609AF35A019E7C90CBE02800D7DFC272FFDD71D82AA362FA7A ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:41:56.0691 0x1234  WacomPen - ok
12:41:56.0741 0x1234  [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
12:41:56.0744 0x1234  Wanarp - ok
12:41:56.0750 0x1234  [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:41:56.0752 0x1234  Wanarpv6 - ok
12:41:56.0799 0x1234  [ B4E4C37D0AA6100090A53213EE2BF1C1, 67107F542F3C937FA5D9B28BA2EBFE994FFE287F16C0BFCF79AD20B95C13F78B ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:41:56.0818 0x1234  wcncsvc - ok
12:41:56.0835 0x1234  [ EA4B369560E986F19D93F45A881484AC, B61411D64901C9CB8C80402CD1E8808F5A0FACA38206C8D584C7C1019F5ADF5A ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:41:56.0838 0x1234  WcsPlugInService - ok
12:41:56.0853 0x1234  [ 0C17A0816F65B89E362E682AD5E7266E, 6233213D07B234056A1EC6FE1166A65371645269132B428FF3A29DDC0000301A ] Wd              C:\Windows\system32\drivers\wd.sys
12:41:56.0855 0x1234  Wd - ok
12:41:56.0923 0x1234  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
12:41:56.0924 0x1234  WDC_SAM - ok
12:41:57.0007 0x1234  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:41:57.0033 0x1234  Wdf01000 - ok
12:41:57.0050 0x1234  [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:41:57.0055 0x1234  WdiServiceHost - ok
12:41:57.0062 0x1234  [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:41:57.0066 0x1234  WdiSystemHost - ok
12:41:57.0084 0x1234  [ 3E6D05381CF35F75EBB055544A8ED9AC, BEC43932BD6C34406B8850E28178B937BFD9512E49FD9F8C54DA7EE272B478A9 ] WebClient       C:\Windows\System32\webclnt.dll
12:41:57.0094 0x1234  WebClient - ok
12:41:57.0149 0x1234  [ 8D40BC587993F876658BF9FB0F7D3462, 23748E11F5CCE3D4978D748780283FA5A1154F53FF70D924CB2128FF8A4705F7 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:41:57.0158 0x1234  Wecsvc - ok
12:41:57.0191 0x1234  [ 9C980351D7E96288EA0C23AE232BD065, BA627B04C4259716B451F421F5310A69D8DE9407DE496AA0489139125E9DC16A ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:41:57.0196 0x1234  wercplsupport - ok
12:41:57.0214 0x1234  [ 66B9ECEBC46683F47EDC06333C075FEF, 35C33596D97DB65DE0A687644E9AD924AD5FCBAFD83FE4D23E7E58EF4BC4CC87 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:41:57.0220 0x1234  WerSvc - ok
12:41:57.0396 0x1234  [ B5C348B265178FB9EE55ADDB3929485D, 17DEC543FC483A7EE8432E09579DA68CEEDA0FDD86DBC5A6A20277FE9143EDB5 ] winachsf        C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
12:41:57.0419 0x1234  winachsf - ok
12:41:57.0434 0x1234  WinDefend - ok
12:41:57.0439 0x1234  WinHttpAutoProxySvc - ok
12:41:57.0508 0x1234  [ D2E7296ED1BD26D8DB2799770C077A02, B494719C2DEB7B9D2505866868143C4E4F59B88461920AA49BD9F1251B6571B8 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:41:57.0519 0x1234  Winmgmt - ok
12:41:57.0701 0x1234  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869, 22D53818F4A4ACE441E121151CFD7CB1EDF5E8303DF9E113C9BB304B418A96EF ] WinRM           C:\Windows\system32\WsmSvc.dll
12:41:57.0815 0x1234  WinRM - ok
12:41:57.0894 0x1234  [ EC339C8115E91BAED835957E9A677F16, 3BBE6D4F1731198E8F0CFEE67C4CCA5C31E6968F8E02EF9E029C1847A26F513B ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:41:57.0920 0x1234  Wlansvc - ok
12:41:57.0945 0x1234  [ E18AEBAAA5A773FE11AA2C70F65320F5, 9E2F6FC0F46D0EEEBF4BC1E3D8800B3D268079ABF8EDDD70CD21B789883D7390 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
12:41:57.0947 0x1234  WmiAcpi - ok
12:41:58.0003 0x1234  [ 21FA389E65A852698B6A1341F36EE02D, 2D60911EAAE26C4CE3DEF4FAD1EDE093F912209AA90741AAA8B93F06B37DF605 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:41:58.0012 0x1234  wmiApSrv - ok
12:41:58.0030 0x1234  WMPNetworkSvc - ok
12:41:58.0060 0x1234  [ CBC156C913F099E6680D1DF9307DB7A8, FD8B227F445679E31048CA41442A978A98F267FED96E22C235F63C72AEEE2AB0 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:41:58.0069 0x1234  WPCSvc - ok
12:41:58.0126 0x1234  [ 490A18B4E4D53DC10879DEAA8E8B70D9, D069D8C22CF78A0970E85C0B9879E08FF19458FAA75AE447BCF9236731F64252 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:41:58.0132 0x1234  WPDBusEnum - ok
12:41:58.0179 0x1234  [ 5E2401B3FC1089C90E081291357371A9, 224D378EEBFB721CBC24896CAE01B31DC54B6ED82C19C5B954E96D5E98B83C59 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
12:41:58.0182 0x1234  WpdUsb - ok
12:41:58.0432 0x1234  [ B42B9D8ABC18DFBCD6044BC10B3A9B99, FD00756DADD3BFC382FC80D7D1D25592385E647C7EAC318C154E949A51D9DC27 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:41:58.0470 0x1234  WPFFontCache_v0400 - ok
12:41:58.0496 0x1234  [ 8A900348370E359B6BFF6A550E4649E1, 3EAD0B951EAF8E940ED6A79FAAAB7D22ACCF3985795F80206A3A07161D319B39 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:41:58.0498 0x1234  ws2ifsl - ok
12:41:58.0546 0x1234  [ 9EA3E6D0EF7A5C2B9181961052A4B01A, F39BAF1FC7DD1600C0052C2A6AA3BCBC8CA3DA96D1AC7B42B0F2810D051EE1B0 ] wscsvc          C:\Windows\System32\wscsvc.dll
12:41:58.0551 0x1234  wscsvc - ok
12:41:58.0556 0x1234  WSearch - ok
12:41:58.0711 0x1234  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:41:58.0833 0x1234  wuauserv - ok
12:41:58.0913 0x1234  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:41:58.0917 0x1234  WudfPf - ok
12:41:58.0936 0x1234  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:41:58.0944 0x1234  WUDFRd - ok
12:41:58.0962 0x1234  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:41:58.0968 0x1234  wudfsvc - ok
12:41:58.0980 0x1234  ================ Scan global ===============================
12:41:59.0017 0x1234  [ 060DC3A7A9A2626031EB23D90151428D, 4AADA06E83603E9D4894D6CFC8DADB018307B384F438C809D4BC8E22BD937C3B ] C:\Windows\system32\basesrv.dll
12:41:59.0077 0x1234  [ D665D594B7E11133D29D726BDDC7A5B0, 8EE45E719ACB23F388F2BE7E4311588E90DE7CF50988927CF0FED36DE380FACB ] C:\Windows\system32\winsrv.dll
12:41:59.0105 0x1234  [ D665D594B7E11133D29D726BDDC7A5B0, 8EE45E719ACB23F388F2BE7E4311588E90DE7CF50988927CF0FED36DE380FACB ] C:\Windows\system32\winsrv.dll
12:41:59.0170 0x1234  [ 934E0B7D77FF78C18D9F8891221B6DE3, BB1ACD3CD6482D8B7C5931E8733B8094D2CE59C4FBC4012BD0799C8DC367FB74 ] C:\Windows\system32\services.exe
12:41:59.0183 0x1234  [ Global ] - ok
12:41:59.0183 0x1234  ================ Scan MBR ==================================
12:41:59.0202 0x1234  [ 85D751F0E41B8E520AEE8C07A8DA777B ] \Device\Harddisk0\DR0
12:41:59.0451 0x1234  \Device\Harddisk0\DR0 - ok
12:41:59.0451 0x1234  ================ Scan VBR ==================================
12:41:59.0454 0x1234  [ 51A7B43FD20B7AE0E61E73857CB831AE ] \Device\Harddisk0\DR0\Partition1
12:41:59.0455 0x1234  \Device\Harddisk0\DR0\Partition1 - ok
12:41:59.0458 0x1234  [ FD5AB1811B6E9C6C32EAB5BD51208154 ] \Device\Harddisk0\DR0\Partition2
12:41:59.0461 0x1234  \Device\Harddisk0\DR0\Partition2 - ok
12:41:59.0462 0x1234  Waiting for KSN requests completion. In queue: 66
12:42:00.0480 0x1234  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.4.304.0 ), 0x61000 ( enabled : updated )
12:42:00.0487 0x1234  Win FW state via NFP2: enabled
12:42:00.0811 0x1234  ============================================================
12:42:00.0811 0x1234  Scan finished
12:42:00.0811 0x1234  ============================================================
12:42:00.0833 0x11dc  Detected object count: 0
12:42:00.0834 0x11dc  Actual detected object count: 0
 



#4 Hal06

Hal06
  • Topic Starter

  • Members
  • 914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, New York, USA
  • Local time:09:23 AM

Posted 14 December 2013 - 03:16 PM

AdwCleaner report: (I did not remove anything yet)

 

# AdwCleaner v3.015 - Report created 14/12/2013 at 13:42:20
# Updated 10/12/2013 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Harold - HAROLD-PC
# Running from : C:\Users\Harold\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Windows\System32\AdpeakProxy.ini
File Found : C:\Windows\System32\AdpeakProxyOff.ini
Folder Found C:\Program Files (x86)\outobox
Folder Found C:\Program Files (x86)\ScorpionSaver
Folder Found C:\Program Files\Level Quality Watcher
Folder Found C:\ProgramData\WinterSoft
Folder Found C:\Users\Harold\AppData\Local\NativeMessaging

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Adpeak, Inc.
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6E810AB6-F34E-49A3-A93F-9E503660F718}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Found : [x64] HKCU\Software\Adpeak, Inc.
Key Found : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Adpeak, Inc.
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E810AB6-F34E-49A3-A93F-9E503660F718}
Key Found : [x64] HKLM\SOFTWARE\Scorpion Saver

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\e7k5u3m5.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [18763 octets] - [27/11/2013 06:58:31]
AdwCleaner[R1].txt - [4181 octets] - [14/12/2013 13:02:35]
AdwCleaner[R2].txt - [3972 octets] - [14/12/2013 13:42:20]
AdwCleaner[S0].txt - [17629 octets] - [27/11/2013 07:05:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [4093 octets] ##########
 



#5 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:23 AM

Posted 14 December 2013 - 05:38 PM

Hi,
 
Good job!  Let's keep going.  :)
 
ComboFix

Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2

**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.



--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#6 Hal06

Hal06
  • Topic Starter

  • Members
  • 914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, New York, USA
  • Local time:09:23 AM

Posted 14 December 2013 - 07:32 PM

ComboFix 13-12-13.01 - Harold 12/14/2013  19:17:51.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3998.1496 [GMT -5:00]
Running from: c:\users\Harold\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ScorpionSaver
c:\program files (x86)\ScorpionSaver\CustomActionInstall
c:\program files (x86)\ScorpionSaver\CustomActionUninstall
c:\program files (x86)\ScorpionSaver\Microsoft.Deployment.WindowsInstaller.dll
c:\program files (x86)\ScorpionSaver\Microsoft.Deployment.WindowsInstaller.xml
c:\program files (x86)\ScorpionSaver\SendJson.dll
c:\users\Harold\Documents\FAP244F.tmp
c:\users\Harold\Documents\FAP25B8.tmp
c:\users\Harold\Documents\FAP2740.tmp
c:\users\Harold\Documents\FAP3.tmp
c:\users\Harold\Documents\FAP331B.tmp
c:\users\Harold\Documents\FAP3416.tmp
c:\users\Harold\Documents\FAP3522.tmp
c:\users\Harold\Documents\FAP4E20.tmp
c:\users\Harold\Documents\FAP4F69.tmp
c:\users\Harold\Documents\FAP520A.tmp
c:\users\Harold\Documents\FAP5B0E.tmp
c:\users\Harold\Documents\FAP5BEB.tmp
c:\users\Harold\Documents\FAP5E1E.tmp
c:\users\Harold\Documents\FAP7258.tmp
c:\users\Harold\Documents\FAP7334.tmp
c:\users\Harold\Documents\FAP744F.tmp
c:\users\Harold\Documents\FAP83DB.tmp
c:\users\Harold\Documents\FAP84B8.tmp
c:\users\Harold\Documents\FAP864F.tmp
c:\users\Harold\Documents\FAPA5D8.tmp
c:\users\Harold\Documents\FAPA712.tmp
c:\users\Harold\Documents\FAPA82D.tmp
c:\users\Harold\Documents\FAPBC09.tmp
c:\users\Harold\Documents\FAPBD62.tmp
c:\users\Harold\Documents\FAPBF38.tmp
c:\users\Harold\Documents\FAPC8DB.tmp
c:\users\Harold\Documents\FAPCA15.tmp
c:\users\Harold\Documents\FAPCD52.tmp
c:\users\Harold\Documents\FAPE265.tmp
c:\users\Harold\Documents\FAPE3CE.tmp
c:\users\Harold\Documents\FAPE527.tmp
c:\users\Harold\Documents\FAPE573.tmp
c:\users\Harold\Documents\FAPE69E.tmp
c:\users\Harold\Documents\FAPE799.tmp
c:\users\Harold\Documents\FAPF0FA.tmp
c:\users\Harold\Documents\FAPF225.tmp
c:\users\Harold\Documents\FAPF41A.tmp
c:\users\Harold\Documents\FAPFAD1.tmp
c:\users\Harold\Documents\FAPFC69.tmp
c:\windows\Installer\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}
c:\windows\Installer\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}\icon64.ico
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-15 to 2013-12-15  )))))))))))))))))))))))))))))))
.
.
2013-12-15 00:27 . 2013-12-15 00:27    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-12-13 22:39 . 2013-11-08 03:12    10285968    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AC299A98-449B-4758-895F-E75868FEAFC1}\mpengine.dll
2013-12-12 12:08 . 2013-11-08 03:12    10285968    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-12 11:02 . 2013-10-30 02:10    2776064    ----a-w-    c:\windows\system32\win32k.sys
2013-12-12 11:02 . 2013-10-22 09:31    79360    ----a-w-    c:\windows\system32\imagehlp.dll
2013-12-12 11:02 . 2013-10-22 07:19    158208    ----a-w-    c:\windows\SysWow64\imagehlp.dll
2013-12-12 11:02 . 2013-10-11 04:27    144384    ----a-w-    c:\windows\system32\wshom.ocx
2013-12-12 11:02 . 2013-10-11 04:26    198656    ----a-w-    c:\windows\system32\scrrun.dll
2013-12-12 11:02 . 2013-10-11 02:19    166912    ----a-w-    c:\windows\system32\wscript.exe
2013-12-12 11:02 . 2013-10-11 02:19    147968    ----a-w-    c:\windows\system32\cscript.exe
2013-12-12 11:02 . 2013-10-11 02:08    131072    ----a-w-    c:\windows\SysWow64\wshom.ocx
2013-12-12 11:02 . 2013-10-11 00:35    155648    ----a-w-    c:\windows\SysWow64\wscript.exe
2013-12-12 11:02 . 2013-10-11 02:08    36864    ----a-w-    c:\windows\SysWow64\wshcon.dll
2013-12-12 11:02 . 2013-10-11 02:08    172032    ----a-w-    c:\windows\SysWow64\scrrun.dll
2013-12-12 11:02 . 2013-10-11 00:35    135168    ----a-w-    c:\windows\SysWow64\cscript.exe
2013-12-12 11:01 . 2013-10-30 04:34    374784    ----a-w-    c:\windows\system32\SysFxUI.dll
2013-12-12 11:01 . 2013-10-30 03:55    122368    ----a-w-    c:\windows\system32\drivers\drmk.sys
2013-12-12 11:01 . 2013-10-30 02:33    218112    ----a-w-    c:\windows\system32\drivers\portcls.sys
2013-12-06 22:50 . 2013-10-18 11:07    965000    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E36A4135-8265-4E58-9033-9090E6632C73}\gapaengine.dll
2013-12-03 11:57 . 2013-12-03 11:57    --------    d-----w-    c:\program files\iPod
2013-12-03 11:57 . 2013-12-03 11:59    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-03 11:57 . 2013-12-03 11:59    --------    d-----w-    c:\program files\iTunes
2013-12-03 11:57 . 2013-12-03 11:59    --------    d-----w-    c:\program files (x86)\iTunes
2013-12-03 00:39 . 2013-12-03 00:39    --------    d-----w-    c:\users\Harold\AppData\Local\Amazon Cloud Player
2013-11-27 12:17 . 2013-11-27 12:17    --------    d-----w-    c:\windows\ERUNT
2013-11-27 11:58 . 2013-12-14 18:42    --------    d-----w-    C:\AdwCleaner
2013-11-26 01:01 . 2013-11-26 01:01    --------    d-----w-    c:\users\Harold\AppData\Roaming\Malwarebytes
2013-11-26 00:59 . 2013-11-26 00:59    --------    d-----w-    c:\programdata\Malwarebytes
2013-11-26 00:59 . 2013-11-26 00:59    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-26 00:59 . 2013-04-04 19:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-11-23 16:12 . 2013-11-23 16:12    --------    d-----w-    c:\users\AppData
2013-11-23 16:11 . 2013-11-23 16:11    --------    d-----w-    c:\users\Harold\AppData\Local\NativeMessaging
2013-11-23 16:09 . 2013-11-23 16:09    --------    d-----w-    c:\program files (x86)\VS Revo Group
2013-11-23 16:09 . 2013-11-28 06:10    --------    d-----w-    c:\program files (x86)\outobox
2013-11-23 16:08 . 2013-12-07 14:10    --------    d-----w-    C:\temp
2013-11-23 16:08 . 2013-12-07 14:14    --------    d-----w-    c:\program files\Level Quality Watcher
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-10 22:34 . 2012-05-05 18:56    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-10 22:34 . 2011-06-13 21:44    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-19 10:21 . 2013-04-06 01:09    267936    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-14 08:02 . 2006-11-02 12:35    82896128    ----a-w-    c:\windows\system32\mrt.exe
2013-10-30 04:34 . 2008-01-21 02:46    1386496    ----a-w-    c:\windows\system32\WMALFXGFXDSP.dll
2013-10-18 11:07 . 2013-07-17 21:35    965000    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-11 04:23 . 2013-11-13 12:10    462848    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-10-11 04:23 . 2013-11-13 12:10    781824    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-10-11 02:07 . 2013-11-13 12:10    596480    ----a-w-    c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-08 11:50 . 2013-10-30 21:54    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-03 15:03 . 2013-11-13 12:10    389632    ----a-w-    c:\windows\system32\gdi32.dll
2013-10-03 15:02 . 2013-11-13 12:10    1278976    ----a-w-    c:\windows\system32\crypt32.dll
2013-10-03 12:46 . 2013-11-13 12:10    304128    ----a-w-    c:\windows\SysWow64\gdi32.dll
2013-10-03 12:45 . 2013-11-13 12:10    993792    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-09-27 14:53 . 2013-09-27 14:53    248240    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2013-09-27 14:53 . 2013-01-20 19:59    134944    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-10-10 20:26    1021448    ----a-r-    c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-10-10 20:26    1021448    ----a-r-    c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-10-10 20:26    1021448    ----a-r-    c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Amazon Cloud Player"="c:\users\Harold\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2013-11-24 3139072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2008-04-24 468264]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"AutoTask"="c:\program files (x86)\AutoTask\AutoTask.exe" [2009-06-22 335872]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2013-10-10 1056264]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-16 994344]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_8adfd0a8\AESTSr64.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 64475036
*Deregistered* - 64475036
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06    451872    ----a-w-    c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-04 23:05    1210320    ----a-w-    c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 22:34]
.
2013-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-22 23:55]
.
2013-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-22 23:55]
.
2013-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2540481893-2940939073-3086944232-1000Core.job
- c:\users\Harold\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-08 23:55]
.
2013-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2540481893-2940939073-3086944232-1000UA.job
- c:\users\Harold\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-08 23:55]
.
2013-12-14 c:\windows\Tasks\HPCeeScheduleForHarold.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-07-01 03:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-10-10 20:12    1294344    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-10-10 20:12    1294344    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-10-10 20:12    1294344    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 209432]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1220392]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-24 685568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [2008-04-15 444416]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: intuit.com\accounts
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 10.0.1.1
FF - ProfilePath - c:\users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\e7k5u3m5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - ExtSQL: !HIDDEN! 2010-01-25 21:18; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-hpqSRMon - (no file)
Wow6432Node-HKLM-Run-BackupSoft - \RunRedem.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF} - c:\program files (x86)\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Harold\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
@DACL=(02 0010)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@DACL=(02 0010)
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-12-14  19:30:13
ComboFix-quarantined-files.txt  2013-12-15 00:30
.
Pre-Run: 35,299,094,528 bytes free
Post-Run: 38,793,404,416 bytes free
.
- - End Of File - - A8793E239532745B57BBD439AA2B3A91
85D751F0E41B8E520AEE8C07A8DA777B
 



#7 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:23 AM

Posted 14 December 2013 - 07:44 PM

Hi,
 
Good job!!  :)
 
81mYIKe.jpg  AdwCleaner

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------
 
Post the new AdwCleaner and let me know how your system is running.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#8 Hal06

Hal06
  • Topic Starter

  • Members
  • 914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, New York, USA
  • Local time:09:23 AM

Posted 15 December 2013 - 08:36 AM

# AdwCleaner v3.015 - Report created 15/12/2013 at 08:21:20
# Updated 10/12/2013 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Harold - HAROLD-PC
# Running from : C:\Users\Harold\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\WinterSoft
[!] Folder Deleted : C:\Program Files (x86)\outobox
[!] Folder Deleted : C:\Program Files\Level Quality Watcher
[!] Folder Deleted : C:\Users\Harold\AppData\Local\NativeMessaging
File Deleted : C:\Windows\System32\AdpeakProxy.ini
File Deleted : C:\Windows\System32\AdpeakProxyOff.ini

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6E810AB6-F34E-49A3-A93F-9E503660F718}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Deleted : [x64] HKLM\SOFTWARE\Adpeak, Inc.
Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E810AB6-F34E-49A3-A93F-9E503660F718}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\e7k5u3m5.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [18763 octets] - [27/11/2013 06:58:31]
AdwCleaner[R1].txt - [4181 octets] - [14/12/2013 13:02:35]
AdwCleaner[R2].txt - [4241 octets] - [14/12/2013 13:42:20]
AdwCleaner[R3].txt - [4164 octets] - [15/12/2013 08:08:37]
AdwCleaner[S0].txt - [17629 octets] - [27/11/2013 07:05:50]
AdwCleaner[S1].txt - [3021 octets] - [15/12/2013 08:21:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3081 octets] ##########
 



#9 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:23 AM

Posted 15 December 2013 - 12:41 PM

and let me know how your system is running now.

 

:)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#10 Hal06

Hal06
  • Topic Starter

  • Members
  • 914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, New York, USA
  • Local time:09:23 AM

Posted 15 December 2013 - 06:47 PM

Thanks, very much, for the help. Any advice on how to prevent such things in the future? I use Microsoft Security Essentials.



#11 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:23 AM

Posted 16 December 2013 - 07:33 AM

Any advice on how to prevent such things in the future?

 

I will give you some good information when we have finished up.  :) 

 

How is your system running?  Is the ScorpionSaver gone that you can see?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#12 Hal06

Hal06
  • Topic Starter

  • Members
  • 914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, New York, USA
  • Local time:09:23 AM

Posted 16 December 2013 - 07:31 PM

Well, darn. The computer is running well. I have not noticed any problems but I see "scorpion saver services" in my programs list on control panel. Should I just delete it from the control panel?



#13 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:23 AM

Posted 16 December 2013 - 08:02 PM

I have not noticed any problems but I see "scorpion saver services" in my programs list on control panel. Should I just delete it from the control panel?

Yes you should be able to do that now.
---------------
 
GUZVCQN.jpgMalwarebytes

Please open Malwarebytes, update it and then run a Quick Scan.  Save the log that is created for your next reply.
----------
 
ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#14 Hal06

Hal06
  • Topic Starter

  • Members
  • 914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, New York, USA
  • Local time:09:23 AM

Posted 17 December 2013 - 07:17 AM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.17.03

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Harold :: HAROLD-PC [administrator]

12/17/2013 7:02:36 AM
MBAM-log-2013-12-17 (07-17-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 293479
Time elapsed: 7 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy (PUP.Optional.ScorpionSaver) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#15 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:23 AM

Posted 17 December 2013 - 07:29 AM

Was there a log made by ESET?  If so please post that as well.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users