Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista boots up to desktop then shuts down


  • Please log in to reply
14 replies to this topic

#1 oakminde

oakminde

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 26 February 2014 - 12:55 PM

I have Vista Home Premium service pack 2.  The problem started yesterday, and I am honestly not sure what might have caused it.  The computer seems to boot up fine, shows me my desktop with wallpaper and all of my icons, then simply shuts down.  It will start up fine in safe mode, and I was able to run avast with no threats found.

Event Viewer has some odd looking entries.
 
Before it started doing its thing, there was some activity with filters of some kind.  Not sure what that is about.

 

Information 2/25/2014 3:12:41 PM FilterManager 6 None

File System Filter 'MpFilter' (6.3, 9/13/2013 5:52:45 PM) has successfully loaded and registered with Filter Manager.

 

Information 2/25/2014 3:12:41 PM FilterManager 6 None

File System Filter 'FileInfo' (6.0, 1/18/2008 11:34:27 PM) has successfully loaded and registered with Filter Manager.

 

And then a bunch more odd looking things before it finally shows an error and shut down.  Any ideas?



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:00 AM

Posted 26 February 2014 - 01:36 PM

Hi,
 
Please run these for me in safe mode, if you are in safe mode with networking then you can download the tools otherwise you will need another computer and a USB or CD to transfer the tools (same for logs, transfer them via USB or CD to your clean computer and then post them in the topic):
 
Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
 
---------------

 

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters
     
     
    tds2.jpg
  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now
     
     
    2012081514h0118.png
  • Click Start Scan and allow the scan process to run
     
     
    tds4-1.jpg
  • If threats are detected select Skip or Cure (if available) for all of them unless otherwise instructed.
    ***Do NOT select Delete!
  • Click Continue
     
     
    tds6.jpg
  • Click Reboot computer
  • Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply

 

xXToffeeXx~


Edited by xXToffeeXx, 26 February 2014 - 03:40 PM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 oakminde

oakminde
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 26 February 2014 - 06:17 PM

Here is the malware bytes log.  It didn't give me the option of where to save the download file, or to rename it.  I hope that doesn't hurt things.  

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.26.08
 
Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
bestbuy :: MICHAEL [administrator]
 
2/26/2014 3:43:22 PM
MBAM-log-2014-02-26 (17-11-40).txt
 
Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 379905
Time elapsed: 1 hour(s), 17 minute(s), 57 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 7
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.Optional.WebCake.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.Optional.WebCake.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA} (PUP.Optional.WebCake.A) -> No action taken.
HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> No action taken.
HKLM\SOFTWARE\DomaIQ (PUP.Optional.DomaIQ.A) -> No action taken.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bad: (http://search.conduit.com?SearchSource=10&CUI=UN30031590291838819&UM=2&ctid=CT3289847) Good: (http://www.google.com) -> No action taken.
 
Folders Detected: 7
C:\Users\bestbuy\AppData\Local\Temp\ct3289847 (PUP.Optional.Conduit.A) -> No action taken.
C:\Program Files\Better-Surf (PUP.Optional.BetterSurf) -> No action taken.
C:\Program Files\Better-Surf\ch (PUP.Optional.BetterSurf) -> No action taken.
C:\Program Files\Better-Surf\ff (PUP.Optional.BetterSurf) -> No action taken.
C:\Program Files\Better-Surf\ff\chrome (PUP.Optional.BetterSurf) -> No action taken.
C:\Program Files\Better-Surf\ff\chrome\content (PUP.Optional.BetterSurf) -> No action taken.
C:\Program Files\Better-Surf\ie (PUP.Optional.BetterSurf) -> No action taken.
 
Files Detected: 14
C:\Michael\Michael\My Documents\Downloads\hijackthis setup.exe (PUP.AdBundle) -> No action taken.
C:\Program Files\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> No action taken.
C:\Users\bestbuy\Downloads\FreeMp3WmaConverterSetup-r100-w-bc.exe (PUP.Optional.Koyote.A) -> No action taken.
C:\Users\bestbuy\Downloads\iMeshSetup-r1157-n-bc.exe (PUP.Optional.iMeshMusicBoxTB.A) -> No action taken.
C:\Users\bestbuy\AppData\Local\Temp\ct3289847\CT3289847.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\bestbuy\AppData\Local\Temp\ct3289847\initData.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\bestbuy\AppData\Local\Temp\ct3289847\manifest.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Program Files\Better-Surf\ch\Chrome.crx (PUP.Optional.BetterSurf) -> No action taken.
C:\Program Files\Better-Surf\ff\Better-Surf.xpi (PUP.Optional.BetterSurf) -> No action taken.
C:\Program Files\Better-Surf\ff\build.cmd (PUP.Optional.BetterSurf) -> No action taken.
C:\Program Files\Better-Surf\ff\chrome.manifest (PUP.Optional.BetterSurf) -> No action taken.
C:\Program Files\Better-Surf\ff\install.rdf (PUP.Optional.BetterSurf) -> No action taken.
C:\Program Files\Better-Surf\ff\chrome\content\better-surf.js (PUP.Optional.BetterSurf) -> No action taken.
C:\Program Files\Better-Surf\ff\chrome\content\firefox.js (PUP.Optional.BetterSurf) -> No action taken.
 
(end)


#4 oakminde

oakminde
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 26 February 2014 - 07:28 PM

18:19:10.0071 0x037c  TDSS rootkit removing tool 3.0.0.23 Feb 10 2014 23:32:41
18:19:13.0565 0x037c  ============================================================
18:19:13.0565 0x037c  Current date / time: 2014/02/26 18:19:13.0565
18:19:13.0565 0x037c  SystemInfo:
18:19:13.0565 0x037c  
18:19:13.0565 0x037c  OS Version: 6.0.6002 ServicePack: 2.0
18:19:13.0565 0x037c  Product type: Workstation
18:19:13.0565 0x037c  ComputerName: MICHAEL
18:19:13.0565 0x037c  UserName: bestbuy
18:19:13.0565 0x037c  Windows directory: C:\Windows
18:19:13.0565 0x037c  System windows directory: C:\Windows
18:19:13.0565 0x037c  Processor architecture: Intel x86
18:19:13.0565 0x037c  Number of processors: 2
18:19:13.0565 0x037c  Page size: 0x1000
18:19:13.0565 0x037c  Boot type: Safe boot with network
18:19:13.0565 0x037c  ============================================================
18:19:16.0670 0x037c  KLMD registered as C:\Windows\system32\drivers\52909464.sys
18:19:16.0732 0x037c  System UUID: {79034545-9CA6-8910-FF0C-2F3DAC455054}
18:19:17.0356 0x037c  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:19:17.0372 0x037c  ============================================================
18:19:17.0372 0x037c  \Device\Harddisk0\DR0:
18:19:17.0372 0x037c  MBR partitions:
18:19:17.0372 0x037c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x8B4A800
18:19:17.0372 0x037c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9ED3000, BlocksNum 0x8B46000
18:19:17.0372 0x037c  ============================================================
18:19:17.0419 0x037c  C: <-> \Device\Harddisk0\DR0\Partition1
18:19:17.0450 0x037c  D: <-> \Device\Harddisk0\DR0\Partition2
18:19:17.0450 0x037c  ============================================================
18:19:17.0450 0x037c  Initialize success
18:19:17.0450 0x037c  ============================================================
18:19:51.0177 0x048c  ============================================================
18:19:51.0177 0x048c  Scan started
18:19:51.0177 0x048c  Mode: Manual; SigCheck; TDLFS; 
18:19:51.0177 0x048c  ============================================================
18:19:51.0177 0x048c  KSN ping started
18:19:57.0183 0x048c  KSN ping finished: true
18:19:57.0838 0x048c  ================ Scan system memory ========================
18:19:57.0838 0x048c  System memory - ok
18:19:57.0838 0x048c  ================ Scan services =============================
18:19:58.0181 0x048c  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
18:19:58.0306 0x048c  ACPI - ok
18:19:58.0384 0x048c  [ EA856F4A46320389D1899B2CAA7BF40F, C6ED82398481093B5EDF0D89D165AD1534139274239401414E0D59DBBA175686 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:19:58.0415 0x048c  AdobeFlashPlayerUpdateSvc - ok
18:19:58.0447 0x048c  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB, 0342700760874683A6DF4F149DACACEF0569D40C45FC5958C67100B3C5D9BBBC ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:19:58.0509 0x048c  adp94xx - ok
18:19:58.0556 0x048c  [ B84088CA3CDCA97DA44A984C6CE1CCAD, 87009809FB101BF51483FA32318CBCD209386582880C82417BE4FFAD1B04C8C1 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:19:58.0571 0x048c  adpahci - ok
18:19:58.0603 0x048c  [ 7880C67BCCC27C86FD05AA2AFB5EA469, C8B06E203EEA6EAD19651F212432005ABADFF21E2AA5699E34040527394F2677 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
18:19:58.0618 0x048c  adpu160m - ok
18:19:58.0634 0x048c  [ 9AE713F8E30EFC2ABCCD84904333DF4D, B0C7801AC6E0811C38F0474703F34283914C8873D851F59EE232834F7C0D8087 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:19:58.0665 0x048c  adpu320 - ok
18:19:58.0837 0x048c  [ F5456293D2604BCE2BEC07FC6186A341, 4E64D90CAD3EAB57B3C23B56AB38FBBB10BFBD52C7CD4A5B2CBC4EE29979BCD2 ] AdvancedSystemCareService7 C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
18:19:58.0930 0x048c  AdvancedSystemCareService7 - ok
18:19:58.0961 0x048c  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:19:59.0086 0x048c  AeLookupSvc - ok
18:19:59.0133 0x048c  [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD             C:\Windows\system32\drivers\afd.sys
18:19:59.0211 0x048c  AFD - ok
18:19:59.0273 0x048c  [ EF23439CDD587F64C2C1B8825CEAD7D8, 762665CFC202B3E16CA2338887896FDF996331A363DC709F1EC088BF927133A3 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:19:59.0289 0x048c  agp440 - ok
18:19:59.0336 0x048c  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
18:19:59.0351 0x048c  aic78xx - ok
18:19:59.0398 0x048c  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
18:19:59.0539 0x048c  ALG - ok
18:19:59.0554 0x048c  [ 90395B64600EBB4552E26E178C94B2E4, 73095893964DC7915983B58A567184FC51949C99341E7E0D04D70CC4C4F95E37 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:19:59.0570 0x048c  aliide - ok
18:19:59.0570 0x048c  [ 2B13E304C9DFDFA5EB582F6A149FA2C7, 196CCE13E0376526B79D9C43D4071990576C4DD210A48E9E922B438AA11C95E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
18:19:59.0585 0x048c  amdagp - ok
18:19:59.0632 0x048c  [ 0577DF1D323FE75A739C787893D300EA, 079EF3CA18FB847DB7E62929071BFF007FAF390E1DBF4C59F28DAAC6B9C2DE51 ] amdide          C:\Windows\system32\drivers\amdide.sys
18:19:59.0648 0x048c  amdide - ok
18:19:59.0695 0x048c  [ DC487885BCEF9F28EECE6FAC0E5DDFC5, 24A62F6E628AD46273BC226F7BC3453A9C7B76F81ABB9FB801EBEFADB2AB7C9B ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
18:19:59.0882 0x048c  AmdK7 - ok
18:19:59.0944 0x048c  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:19:59.0991 0x048c  AmdK8 - ok
18:20:00.0022 0x048c  [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo         C:\Windows\System32\appinfo.dll
18:20:00.0085 0x048c  Appinfo - ok
18:20:00.0178 0x048c  [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:20:00.0209 0x048c  Apple Mobile Device - ok
18:20:00.0287 0x048c  [ F5308D8E62CD63711CCA37E3B9109832, 72CF12E45194EFCC931ED5BAED1ED63270053EC5B688903D4B64F8F47BA65F5F ] Application Updater C:\Program Files\Application Updater\ApplicationUpdater.exe
18:20:00.0350 0x048c  Application Updater - ok
18:20:00.0381 0x048c  [ 5F673180268BB1FDB69C99B6619FE379, C4307A861163F96648109046A6C7D53AB1C9B10D0B841DD1A7D147D22F462649 ] arc             C:\Windows\system32\drivers\arc.sys
18:20:00.0397 0x048c  arc - ok
18:20:00.0428 0x048c  [ 957F7540B5E7F602E44648C7DE5A1C05, F03C7708A6C9D2579ECE5A7413AFA068E1067D7191EC653A78BA4FEDE76CFBD8 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:20:00.0443 0x048c  arcsas - ok
18:20:00.0553 0x048c  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:20:00.0599 0x048c  aspnet_state - ok
18:20:00.0631 0x048c  [ B9FE438B3CAD82B2014710349A2022F7, F9A3045590DAC38D7389957377BDD78E608D3078686EFD046FADDC2381ABB599 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
18:20:00.0646 0x048c  aswFsBlk - ok
18:20:00.0677 0x048c  [ 77D1BB80580EE1AC9F517D098DEBE5F6, B28217EFCFE51C9ED97C69CD28BDB72F1F86D8EE805C3ACDEAB524D42AD71BF4 ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
18:20:00.0693 0x048c  aswKbd - ok
18:20:00.0724 0x048c  [ AE5549DD21F6DE06406031EF1D51ACC3, 7E4AA6B03864C3E09DB869174BC5660F825D43FC27ABBE54E84F89650FD7679F ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
18:20:00.0724 0x048c  aswMonFlt - ok
18:20:00.0755 0x048c  [ D084D0A7A66619FC29776CBBB9D5FA55, 1896F3A0A0D5C7E08A1A7D08F9D17D6C535FE688AD93C1BAB2A7D911ACAE1D27 ] AswRdr          C:\Windows\system32\drivers\AswRdr.sys
18:20:00.0771 0x048c  AswRdr - ok
18:20:00.0818 0x048c  [ FA72FA503F580C3C628DD8C7D7622E37, 434FC6A3CB120299C80D99201D5FBA48E4E8C5DDB76F7F0EF4FE95EE522AEE6C ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
18:20:00.0818 0x048c  aswRvrt - ok
18:20:00.0911 0x048c  [ 4D53349D848C6BADB3D4ACBE98C27676, AC9EAE6F0611F8876CA45FA499A9C4D4DD8EC5DB77F5C52E1BAFD64598F4437A ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
18:20:00.0974 0x048c  aswSnx - ok
18:20:01.0021 0x048c  [ 813024DFD54A41B3AFAE2B1E2796CB80, A8C5FB0510E86B0BE567A67A412530312B36FB5BB777EEEE7E17C1D8D4D9699D ] aswSP           C:\Windows\system32\drivers\aswSP.sys
18:20:01.0052 0x048c  aswSP - ok
18:20:01.0083 0x048c  [ 5E18413310134130D7772F0668698CB7, 18CBA5356341640085575D77ABD24358ACD818603FCA2BD49475239E5B50FDD1 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
18:20:01.0099 0x048c  aswTdi - ok
18:20:01.0145 0x048c  [ A5F637D61719D37A5B4868C385E363C0, 36505921AF5A09175395EBAEA29C72B2A69A3A9204384A767A5BE8A721F31B10 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
18:20:01.0161 0x048c  aswVmm - ok
18:20:01.0192 0x048c  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:20:01.0255 0x048c  AsyncMac - ok
18:20:01.0286 0x048c  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
18:20:01.0301 0x048c  atapi - ok
18:20:01.0364 0x048c  [ 6046A55F79DE9C581B8D5E9C1366CC81, 506AA1AEB9A3B6DF254561594814E94BBF937712529A780D04624EEB0D566AB8 ] athr            C:\Windows\system32\DRIVERS\athr.sys
18:20:01.0489 0x048c  athr - ok
18:20:01.0551 0x048c  [ 80129B0F83F361130770D642E36F57AB, BA36F962475E25AF3550BAC6E9334814A8A137AC76BB7E30BA7745F797160CF3 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
18:20:01.0676 0x048c  Ati External Event Utility - ok
18:20:01.0910 0x048c  [ 5E80C91CA04C46A9AC6D4F39E1BCE636, B423304E70CF61FD4719971F34AF9226B288C8410F60E62CA06FD77ED8C53A6E ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
18:20:02.0253 0x048c  atikmdag - ok
18:20:02.0315 0x048c  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:20:02.0393 0x048c  AudioEndpointBuilder - ok
18:20:02.0440 0x048c  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
18:20:02.0471 0x048c  Audiosrv - ok
18:20:02.0565 0x048c  [ 9330941C8F6DF417F6DBBE998DB6687E, 28BC051D7C74721BAF85BE2AAB97EAE44152779106C5BDA1FDA07B9C049E2FDC ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:20:02.0581 0x048c  avast! Antivirus - ok
18:20:02.0627 0x048c  [ CD2CDEE3516F4F700EF8970EC04612A8, 511F31CCEE77B9D9773A02534AA74781418F90A0534B7C1DC2E01D244D910DA9 ] bcm             C:\Windows\system32\DRIVERS\drxvi314.sys
18:20:02.0674 0x048c  bcm - ok
18:20:02.0737 0x048c  [ 746F59822A5187510471FC46889B8CC9, 7D731460D5EE677C19C632366E3B055AD10B1E65808AE10D3E082641C9F705FF ] BCM43XV         C:\Windows\system32\DRIVERS\bcmwl6.sys
18:20:02.0830 0x048c  BCM43XV - ok
18:20:02.0861 0x048c  [ 746F59822A5187510471FC46889B8CC9, 7D731460D5EE677C19C632366E3B055AD10B1E65808AE10D3E082641C9F705FF ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
18:20:02.0893 0x048c  BCM43XX - ok
18:20:02.0939 0x048c  [ 1902E88C2AFAAD425611E79054189579, 552D2014807468282713CC36641307149FBC7028AA4FD91EF7E5D5E505ED1E60 ] bcmbusctr       C:\Windows\system32\DRIVERS\BcmBusCtr.sys
18:20:02.0986 0x048c  bcmbusctr - ok
18:20:03.0064 0x048c  [ 6163664C7E9CD110AF70180C126C3FDC, 9A801295CDE2BDE4EE0E96C610E4C01F6915DBDA2104D0E8873AFF1BC34A0FA1 ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
18:20:03.0080 0x048c  BcmSqlStartupSvc - ok
18:20:03.0111 0x048c  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:20:03.0189 0x048c  Beep - ok
18:20:03.0236 0x048c  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
18:20:03.0314 0x048c  BFE - ok
18:20:03.0392 0x048c  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\System32\qmgr.dll
18:20:03.0735 0x048c  BITS - ok
18:20:03.0735 0x048c  blbdrive - ok
18:20:03.0766 0x048c  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:20:03.0813 0x048c  bowser - ok
18:20:03.0844 0x048c  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
18:20:03.0891 0x048c  BrFiltLo - ok
18:20:03.0922 0x048c  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
18:20:03.0953 0x048c  BrFiltUp - ok
18:20:03.0985 0x048c  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
18:20:04.0047 0x048c  Browser - ok
18:20:04.0078 0x048c  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
18:20:04.0141 0x048c  Brserid - ok
18:20:04.0172 0x048c  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
18:20:04.0250 0x048c  BrSerWdm - ok
18:20:04.0281 0x048c  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
18:20:04.0343 0x048c  BrUsbMdm - ok
18:20:04.0359 0x048c  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
18:20:04.0437 0x048c  BrUsbSer - ok
18:20:04.0437 0x048c  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:20:04.0515 0x048c  BTHMODEM - ok
18:20:04.0546 0x048c  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:20:04.0609 0x048c  cdfs - ok
18:20:04.0640 0x048c  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:20:04.0671 0x048c  cdrom - ok
18:20:04.0718 0x048c  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
18:20:04.0749 0x048c  CertPropSvc - ok
18:20:04.0765 0x048c  [ DA8E0AFC7BAA226C538EF53AC2F90897, 2BBB9966671A3B8325D215DBC29FBD7D912C13ADC562A0D4521D1FF9A6F445C0 ] circlass        C:\Windows\system32\drivers\circlass.sys
18:20:04.0811 0x048c  circlass - ok
18:20:04.0874 0x048c  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
18:20:04.0889 0x048c  CLFS - ok
18:20:04.0967 0x048c  [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:20:04.0983 0x048c  clr_optimization_v2.0.50727_32 - ok
18:20:05.0014 0x048c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:20:05.0186 0x048c  clr_optimization_v4.0.30319_32 - ok
18:20:05.0217 0x048c  CLTNetCnService - ok
18:20:05.0248 0x048c  [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:20:05.0311 0x048c  CmBatt - ok
18:20:05.0311 0x048c  [ 45201046C776FFDAF3FC8A0029C581C8, 68A68CF2B76598BC8610EB5B2D3FD5BDC9D51CFC6F51FB7A0B0C92A2BE910FC6 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:20:05.0326 0x048c  cmdide - ok
18:20:05.0357 0x048c  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:20:05.0373 0x048c  Compbatt - ok
18:20:05.0389 0x048c  COMSysApp - ok
18:20:05.0420 0x048c  [ 2A213AE086BBEC5E937553C7D9A2B22C, 1F91ACC0426E0ED1717555B282F65629EF15021375B24A63C29C89ADE916EE2A ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:20:05.0435 0x048c  crcdisk - ok
18:20:05.0467 0x048c  [ 22A7F883508176489F559EE745B5BF5D, D6341E3FBC8A46D2D1F0477FA60EC4828B585D35B14609CD02868FD04ECD14DB ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
18:20:05.0529 0x048c  Crusoe - ok
18:20:05.0576 0x048c  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:20:05.0623 0x048c  CryptSvc - ok
18:20:05.0701 0x048c  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:20:05.0825 0x048c  DcomLaunch - ok
18:20:05.0857 0x048c  [ D38C27DF7B3E8840B4B92ED5C5C06C2C, 22C9B18FDAF822EE6721E6AF5FE35DD08E1B05AA02041D700A27F817F9BDC8A3 ] DefragFS        C:\Windows\system32\drivers\DefragFS.sys
18:20:05.0872 0x048c  DefragFS - ok
18:20:05.0919 0x048c  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:20:05.0966 0x048c  DfsC - ok
18:20:06.0106 0x048c  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
18:20:06.0325 0x048c  DFSR - ok
18:20:06.0387 0x048c  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
18:20:06.0434 0x048c  Dhcp - ok
18:20:06.0481 0x048c  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
18:20:06.0496 0x048c  disk - ok
18:20:06.0527 0x048c  [ 73BAF270D24FE726B9CD7F80BB17A23D, 12ADFB26C16A7D3F623C1A6B72D4C6AB9163EBC93CF13CB2AC6897FB95E96105 ] DKbFltr         C:\Windows\system32\DRIVERS\DKbFltr.sys
18:20:06.0543 0x048c  DKbFltr - ok
18:20:06.0574 0x048c  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:20:06.0621 0x048c  Dnscache - ok
18:20:06.0668 0x048c  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
18:20:06.0699 0x048c  dot3svc - ok
18:20:06.0730 0x048c  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
18:20:06.0793 0x048c  DPS - ok
18:20:06.0824 0x048c  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:20:06.0839 0x048c  drmkaud - ok
18:20:06.0917 0x048c  [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:20:06.0980 0x048c  DXGKrnl - ok
18:20:07.0042 0x048c  [ F88FB26547FD2CE6D0A5AF2985892C48, F02E06E16830F5D3FAF61991F5A91E54BB3461F58AFE3BFB7A9066CD302B879F ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
18:20:07.0136 0x048c  E1G60 - ok
18:20:07.0167 0x048c  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
18:20:07.0198 0x048c  EapHost - ok
18:20:07.0245 0x048c  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
18:20:07.0261 0x048c  Ecache - ok
18:20:07.0354 0x048c  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:20:07.0432 0x048c  ehRecvr - ok
18:20:07.0463 0x048c  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
18:20:07.0526 0x048c  ehSched - ok
18:20:07.0557 0x048c  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
18:20:07.0588 0x048c  ehstart - ok
18:20:07.0635 0x048c  [ E8F3F21A71720C84BCF423B80028359F, 63114E6120F634224A0E83A5047B37C7D6F26CF99FE3C01CFC0AB8B1763BB084 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:20:07.0666 0x048c  elxstor - ok
18:20:07.0729 0x048c  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
18:20:07.0822 0x048c  EMDMgmt - ok
18:20:07.0931 0x048c  [ 207E2DDA01AAC6AD64F0368CA59FC179, 73F1C2FC6140EAFA73156EECD37C3D20E489C72BDA6EB86AA79B7D7206B33614 ] eNet Service    C:\Acer\Empowering Technology\eNet\eNet Service.exe
18:20:07.0963 0x048c  eNet Service - detected UnsignedFile.Multi.Generic ( 1 )
18:20:10.0646 0x048c  Detect skipped due to KSN trusted
18:20:10.0646 0x048c  eNet Service - ok
18:20:10.0739 0x048c  [ A7B084BFBBD582A843D2F5C35220F962, EFB87F3C42B475D2732ED125E290C5048539AB0B39087135779B380EF27FD84C ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
18:20:10.0771 0x048c  eRecoveryService - detected UnsignedFile.Multi.Generic ( 1 )
18:20:13.0547 0x048c  Detect skipped due to KSN trusted
18:20:13.0547 0x048c  eRecoveryService - ok
18:20:13.0641 0x048c  [ 06484E97D22F06DE8DE0F8E2BEC6FA9E, 57BEA62E5F36BB6F0504FC3319A84E7734D1B69C4C77E91FD2589D2D777A0EDA ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
18:20:13.0657 0x048c  eSettingsService - detected UnsignedFile.Multi.Generic ( 1 )
18:20:16.0496 0x048c  Detect skipped due to KSN trusted
18:20:16.0496 0x048c  eSettingsService - ok
18:20:16.0621 0x048c  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
18:20:16.0667 0x048c  EventSystem - ok
18:20:16.0714 0x048c  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
18:20:16.0777 0x048c  exfat - ok
18:20:16.0808 0x048c  [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:20:16.0839 0x048c  fastfat - ok
18:20:16.0870 0x048c  [ 63BDADA84951B9C03E641800E176898A, AD3EA20CAD0E0C438422D5D39AEA9E0AAD9E1DC866A696AE503C76F5FAC4BE6E ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:20:16.0933 0x048c  fdc - ok
18:20:16.0979 0x048c  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
18:20:17.0011 0x048c  fdPHost - ok
18:20:17.0057 0x048c  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:20:17.0120 0x048c  FDResPub - ok
18:20:17.0151 0x048c  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:20:17.0167 0x048c  FileInfo - ok
18:20:17.0276 0x048c  [ 7EBAB88FEE6E97397C183ED3B71F0797, 8E84342B709619C1EC09430D0DCCE61944381119A7B6BD583307F40888B103C4 ] FileMonitor     C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys
18:20:17.0276 0x048c  FileMonitor - ok
18:20:17.0323 0x048c  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:20:17.0369 0x048c  Filetrace - ok
18:20:17.0385 0x048c  [ 6603957EFF5EC62D25075EA8AC27DE68, B52D112301A6BFBD60959D7D2502AB2E1EB6BB7F5DCED46899F1F006C7F1E887 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:20:17.0432 0x048c  flpydisk - ok
18:20:17.0479 0x048c  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:20:17.0510 0x048c  FltMgr - ok
18:20:17.0572 0x048c  [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache       C:\Windows\system32\FntCache.dll
18:20:17.0697 0x048c  FontCache - ok
18:20:17.0775 0x048c  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:20:17.0791 0x048c  FontCache3.0.0.0 - ok
18:20:17.0822 0x048c  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:20:17.0869 0x048c  Fs_Rec - ok
18:20:17.0884 0x048c  [ 4E1CD0A45C50A8882616CAE5BF82F3C5, 1B909AF150F7119A5685999451A85012F4A92F15F38390A281EA507E2D247BAE ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:20:17.0900 0x048c  gagp30kx - ok
18:20:17.0962 0x048c  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
18:20:18.0040 0x048c  gpsvc - ok
18:20:18.0118 0x048c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
18:20:18.0134 0x048c  gupdate - ok
18:20:18.0181 0x048c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
18:20:18.0181 0x048c  gupdatem - ok
18:20:18.0227 0x048c  [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:20:18.0305 0x048c  HdAudAddService - ok
18:20:18.0368 0x048c  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:20:18.0430 0x048c  HDAudBus - ok
18:20:18.0477 0x048c  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:20:18.0555 0x048c  HidBth - ok
18:20:18.0555 0x048c  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:20:18.0617 0x048c  HidIr - ok
18:20:18.0649 0x048c  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\system32\hidserv.dll
18:20:18.0695 0x048c  hidserv - ok
18:20:18.0742 0x048c  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:20:18.0773 0x048c  HidUsb - ok
18:20:18.0820 0x048c  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:20:18.0867 0x048c  hkmsvc - ok
18:20:18.0883 0x048c  [ DF353B401001246853763C4B7AAA6F50, 05C043493BDD99DEFBB0F5C3D8C475B06C2BF5629565ACF6F3B754002519B836 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
18:20:18.0898 0x048c  HpCISSs - ok
18:20:18.0992 0x048c  [ 46D67209550973257601A533E2AC5785, 3C0D97781947BA8532344AA5D9F3B684761B5B3263A0A294F4593E76EE41DB0C ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
18:20:19.0039 0x048c  HSFHWAZL - ok
18:20:19.0132 0x048c  [ 9EFA5FEC26CEC696A66A891AC90B412D, 43D96BCE095CCCB2B808255EE9C64A5966E92BEB6404BF8B98147DAD73F13708 ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:20:19.0241 0x048c  HSF_DPV - ok
18:20:19.0319 0x048c  [ 7E775360ECE92156CED6ED3B1DAF6208, 8E0C3B6205546197E39D1AAF737016BFD86819AC78FE66B00A9B19FCB6252203 ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:20:19.0351 0x048c  HSXHWAZL - ok
18:20:19.0397 0x048c  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:20:19.0491 0x048c  HTTP - ok
18:20:19.0522 0x048c  [ 324C2152FF2C61ABAE92D09F3CCA4D63, 2D09964C8003277F7DB1FFAA0DAEF15B205F3C4100FF601950BC9E544DC0B91F ] i2omp           C:\Windows\system32\drivers\i2omp.sys
18:20:19.0538 0x048c  i2omp - ok
18:20:19.0569 0x048c  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:20:19.0616 0x048c  i8042prt - ok
18:20:19.0709 0x048c  [ 496DB78E6A0C4C44023D9A92B4A7AC31, 2B44213C39F05090D2057E3A21C1718DFC4478E976D44255B6FA5C3B8CF20FFF ] ialm            C:\Windows\system32\DRIVERS\igdkmd32.sys
18:20:19.0912 0x048c  ialm - ok
18:20:19.0959 0x048c  [ C957BF4B5D80B46C5017BF0101E6C906, 6B9186335E50E7E0DBAF574A224E524EC526B57AA02F509E4A8D0F905C9CE880 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
18:20:19.0975 0x048c  iaStorV - ok
18:20:20.0053 0x048c  [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:20:20.0146 0x048c  idsvc - ok
18:20:20.0177 0x048c  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:20:20.0193 0x048c  iirsp - ok
18:20:20.0287 0x048c  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
18:20:20.0365 0x048c  IKEEXT - ok
18:20:20.0443 0x048c  [ EAEA4B0005869A4ABE6070BD364143B7, BD439C15EFBBAFAF88ADD4C988CC7AA04128EF689B1C9CF49FEE9B57417C08B7 ] IMFservice      C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
18:20:20.0458 0x048c  IMFservice - ok
18:20:20.0505 0x048c  [ 9D64201C9E5AC8D1F088762BA00FF3AB, 1F83B0C828654B8C195A33CA4424AD9F9CFE411D503BB79986D7396DB9BBC994 ] int15           C:\Acer\Empowering Technology\eRecovery\int15.sys
18:20:20.0536 0x048c  int15 - ok
18:20:20.0677 0x048c  [ 9F5898EBD3BBE82EADF2EFA595F02A72, A9A8CEE12F968C35D88443099875A8F96F42547F1991F1DB2E0F14FD423A411D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:20:20.0833 0x048c  IntcAzAudAddService - ok
18:20:20.0879 0x048c  [ 97469037714070E45194ED318D636401, DDB5AE39BE0BD37ECB44969A5FA740E5B1169342347D0DB3E5DF0353A6708271 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:20:20.0879 0x048c  intelide - ok
18:20:20.0911 0x048c  [ CE44CC04262F28216DD4341E9E36A16F, 2B316C4124DCFEAD7838B3D8FB8DBEC3F3B1EA8EA612AABB05B1275D0B230CCD ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:20:20.0957 0x048c  intelppm - ok
18:20:20.0989 0x048c  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:20:21.0020 0x048c  IPBusEnum - ok
18:20:21.0067 0x048c  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:20:21.0113 0x048c  IpFilterDriver - ok
18:20:21.0160 0x048c  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:20:21.0207 0x048c  iphlpsvc - ok
18:20:21.0207 0x048c  IpInIp - ok
18:20:21.0223 0x048c  [ 40F34F8ABA2A015D780E4B09138B6C17, 22F86888C6B4F76836E863A90730D8F0DBD518305D87A399A159387E79E9D2F7 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
18:20:21.0285 0x048c  IPMIDRV - ok
18:20:21.0332 0x048c  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
18:20:21.0394 0x048c  IPNAT - ok
18:20:21.0441 0x048c  [ E50A95179211B12946F7E035D60AF560, 69765E2548BA708FF35545EC944DBA1940AD4065AF90E53B97A7792AC231DCF7 ] irda            C:\Windows\system32\DRIVERS\irda.sys
18:20:21.0472 0x048c  irda - ok
18:20:21.0503 0x048c  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:20:21.0550 0x048c  IRENUM - ok
18:20:21.0581 0x048c  [ CBB0D940221A281BCFEAEA695BD1CDA5, D05D192019524A02FE3FAE6827B98A942FA1AD651BF7AA53530A8A6F4ADFB7EB ] Irmon           C:\Windows\System32\irmon.dll
18:20:21.0659 0x048c  Irmon - ok
18:20:21.0691 0x048c  [ 350FCA7E73CF65BCEF43FAE1E4E91293, 68403FE3F4DC40919CD26A2CC42BE4386AE6874F47DD382348FFD79080721A13 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:20:21.0706 0x048c  isapnp - ok
18:20:21.0769 0x048c  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
18:20:21.0784 0x048c  iScsiPrt - ok
18:20:21.0831 0x048c  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
18:20:21.0831 0x048c  iteatapi - ok
18:20:21.0862 0x048c  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
18:20:21.0878 0x048c  iteraid - ok
18:20:21.0925 0x048c  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:20:21.0925 0x048c  kbdclass - ok
18:20:21.0987 0x048c  [ D2600CB17B7408B4A83F231DC9A11AC3, C3025C2ED3541F58E8C1D792B0683949286BE583AB17B0C48F7362B4FA512BC0 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
18:20:22.0049 0x048c  kbdhid - ok
18:20:22.0065 0x048c  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
18:20:22.0112 0x048c  KeyIso - ok
18:20:22.0174 0x048c  [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:20:22.0221 0x048c  KSecDD - ok
18:20:22.0283 0x048c  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:20:22.0361 0x048c  KtmRm - ok
18:20:22.0393 0x048c  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:20:22.0455 0x048c  LanmanServer - ok
18:20:22.0533 0x048c  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:20:22.0595 0x048c  LanmanWorkstation - ok
18:20:22.0673 0x048c  [ 793FF718477345CD5D232C50BED1E452, 1D39CF9F10742C79FF99B9B4E0361EAEA63B4FC545C58B54B55537D18C802941 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:20:22.0673 0x048c  LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
18:20:25.0372 0x048c  Detect skipped due to KSN trusted
18:20:25.0372 0x048c  LightScribeService - ok
18:20:25.0575 0x048c  [ 935E2093CEED8198C820B7F60BB63167, 7C8A7A0501BA31624143C576B0D8C6C74AF7869A9734E4AB142715B766F2B59D ] LiveUpdateSvc   C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
18:20:25.0747 0x048c  LiveUpdateSvc - ok
18:20:25.0809 0x048c  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:20:25.0856 0x048c  lltdio - ok
18:20:25.0903 0x048c  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:20:25.0949 0x048c  lltdsvc - ok
18:20:25.0996 0x048c  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:20:26.0043 0x048c  lmhosts - ok
18:20:26.0090 0x048c  [ A2262FB9F28935E862B4DB46438C80D2, 792684A68726BC007ACABB584682FDF4F059AE60888FB5B47ED68A97EA0BB5E6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:20:26.0105 0x048c  LSI_FC - ok
18:20:26.0121 0x048c  [ 30D73327D390F72A62F32C103DAF1D6D, 7BB5BFB0DCF33AF9907539B52DF7BA1943C1E75A17715B58DBC702ACA6D406EA ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:20:26.0137 0x048c  LSI_SAS - ok
18:20:26.0152 0x048c  [ E1E36FEFD45849A95F1AB81DE0159FE3, DA02B23A881D156A02D3874B41E6D042F84AD558B434280A6A6AC6B619668647 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:20:26.0168 0x048c  LSI_SCSI - ok
18:20:26.0215 0x048c  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
18:20:26.0261 0x048c  luafv - ok
18:20:26.0308 0x048c  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:20:26.0324 0x048c  Mcx2Svc - ok
18:20:26.0355 0x048c  [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:20:26.0386 0x048c  mdmxsdk - ok
18:20:26.0417 0x048c  [ D153B14FC6598EAE8422A2037553ADCE, D5408B07B6EBA0146A605F11106497DC3DF8EC72E0DCC44BE1366A2A58ABE478 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:20:26.0433 0x048c  megasas - ok
18:20:26.0464 0x048c  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
18:20:26.0511 0x048c  MMCSS - ok
18:20:26.0542 0x048c  MobilityService - ok
18:20:26.0605 0x048c  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
18:20:26.0651 0x048c  Modem - ok
18:20:26.0683 0x048c  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:20:26.0729 0x048c  monitor - ok
18:20:26.0761 0x048c  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:20:26.0776 0x048c  mouclass - ok
18:20:26.0807 0x048c  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:20:26.0839 0x048c  mouhid - ok
18:20:26.0901 0x048c  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
18:20:26.0917 0x048c  MountMgr - ok
18:20:26.0979 0x048c  [ E77DC03DD3C8E5A388BF9EED2A28F3D1, ED0DAA975D1EC35CE036F02596218E15CC6A054167628D12A0A5AD91B841F422 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
18:20:27.0010 0x048c  MpFilter - ok
18:20:27.0026 0x048c  [ 583A41F26278D9E0EA548163D6139397, 1F09D2FEEE1A8D4F1D9E53596158154099FD436A408F7E72E40F50778A3838A1 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:20:27.0041 0x048c  mpio - ok
18:20:27.0073 0x048c  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:20:27.0104 0x048c  mpsdrv - ok
18:20:27.0166 0x048c  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:20:27.0244 0x048c  MpsSvc - ok
18:20:27.0275 0x048c  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
18:20:27.0275 0x048c  Mraid35x - ok
18:20:27.0353 0x048c  [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:20:27.0369 0x048c  MRxDAV - ok
18:20:27.0431 0x048c  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:20:27.0463 0x048c  mrxsmb - ok
18:20:27.0509 0x048c  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:20:27.0541 0x048c  mrxsmb10 - ok
18:20:27.0587 0x048c  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:20:27.0603 0x048c  mrxsmb20 - ok
18:20:27.0650 0x048c  [ 742AED7939E734C36B7E8D6228CE26B7, 6F727144BBD42C9C5555087CA51DE8D501B5CBEFB9967866CC578733E3C5E681 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:20:27.0650 0x048c  msahci - ok
18:20:27.0681 0x048c  [ 3FC82A2AE4CC149165A94699183D3028, 8575BE62A209672A5D8C68D75BBBB4FF06220CA73A939B0793442DAD2272598C ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:20:27.0697 0x048c  msdsm - ok
18:20:27.0728 0x048c  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
18:20:27.0790 0x048c  MSDTC - ok
18:20:27.0837 0x048c  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:20:27.0868 0x048c  Msfs - ok
18:20:27.0899 0x048c  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:20:27.0899 0x048c  msisadrv - ok
18:20:27.0977 0x048c  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:20:28.0009 0x048c  MSiSCSI - ok
18:20:28.0024 0x048c  msiserver - ok
18:20:28.0071 0x048c  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:20:28.0118 0x048c  MSKSSRV - ok
18:20:28.0180 0x048c  [ B0F49DA36F30922F5DDC3B623B778FCE, EE025AEFA4A2095AFEABFB3A49639DA77D78068A3F5EEDA6C15D34853AFD5609 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
18:20:28.0196 0x048c  MsMpSvc - ok
18:20:28.0227 0x048c  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:20:28.0243 0x048c  MSPCLOCK - ok
18:20:28.0258 0x048c  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:20:28.0305 0x048c  MSPQM - ok
18:20:28.0367 0x048c  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:20:28.0399 0x048c  MsRPC - ok
18:20:28.0430 0x048c  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:20:28.0445 0x048c  mssmbios - ok
18:20:28.0508 0x048c  MSSQL$MSSMLBIZ - ok
18:20:28.0570 0x048c  [ 1D89EB4E2A99CABD4E81225F4F4C4B25, B9C4D956E3F74CB463A1A14287F4B550381FBB3E4B2DF9418E041E02A159E31E ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
18:20:28.0601 0x048c  MSSQLServerADHelper - ok
18:20:28.0633 0x048c  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:20:28.0664 0x048c  MSTEE - ok
18:20:28.0695 0x048c  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:20:28.0711 0x048c  Mup - ok
18:20:28.0773 0x048c  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
18:20:28.0820 0x048c  napagent - ok
18:20:28.0867 0x048c  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:20:28.0898 0x048c  NativeWifiP - ok
18:20:28.0960 0x048c  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:20:29.0007 0x048c  NDIS - ok
18:20:29.0054 0x048c  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:20:29.0085 0x048c  NdisTapi - ok
18:20:29.0132 0x048c  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:20:29.0179 0x048c  Ndisuio - ok
18:20:29.0225 0x048c  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:20:29.0257 0x048c  NdisWan - ok
18:20:29.0335 0x048c  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:20:29.0350 0x048c  NDProxy - ok
18:20:29.0413 0x048c  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:20:29.0459 0x048c  NetBIOS - ok
18:20:29.0506 0x048c  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
18:20:29.0553 0x048c  netbt - ok
18:20:29.0584 0x048c  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
18:20:29.0600 0x048c  Netlogon - ok
18:20:29.0647 0x048c  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
18:20:29.0709 0x048c  Netman - ok
18:20:29.0756 0x048c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:20:29.0849 0x048c  NetMsmqActivator - ok
18:20:29.0881 0x048c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:20:29.0896 0x048c  NetPipeActivator - ok
18:20:29.0959 0x048c  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
18:20:30.0021 0x048c  netprofm - ok
18:20:30.0083 0x048c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:20:30.0099 0x048c  NetTcpActivator - ok
18:20:30.0115 0x048c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:20:30.0130 0x048c  NetTcpPortSharing - ok
18:20:30.0193 0x048c  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:20:30.0193 0x048c  nfrd960 - ok
18:20:30.0255 0x048c  [ 32FF06EC6D946EF791D98D6C838A3090, 319BDD491CB22D0CCCCE76A2854CF469D7AF046289F9C56CD03AE3D3CBC0275E ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:20:30.0271 0x048c  NisDrv - ok
18:20:30.0317 0x048c  [ 42D33042371BFB1A7D40834590CAFD30, 53DA3618EC10293B2DF686E291A4EF6ACBBD41D116EC762D54106D201A784E87 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
18:20:30.0349 0x048c  NisSrv - ok
18:20:30.0427 0x048c  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:20:30.0473 0x048c  NlaSvc - ok
18:20:30.0505 0x048c  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:20:30.0536 0x048c  Npfs - ok
18:20:30.0583 0x048c  [ 6D8D2E5652FC2442C810C5D8BE784148, 013FF4FA03CA2E066B1946CC09889616B243068BA0FB2E58D4C1435BF66FBC87 ] NSCIRDA         C:\Windows\system32\DRIVERS\nscirda.sys
18:20:30.0629 0x048c  NSCIRDA - ok
18:20:30.0661 0x048c  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
18:20:30.0707 0x048c  nsi - ok
18:20:30.0739 0x048c  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:20:30.0785 0x048c  nsiproxy - ok
18:20:30.0879 0x048c  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:20:30.0988 0x048c  Ntfs - ok
18:20:31.0035 0x048c  [ 7F1C1F78D709C4A54CBB46EDE7E0B48D, 52135D41983A9E9E1DCA250A63017076AE22AA06D77CCF2E5EF41154F958584A ] NTIDrvr         C:\Windows\system32\DRIVERS\NTIDrvr.sys
18:20:31.0051 0x048c  NTIDrvr - detected UnsignedFile.Multi.Generic ( 1 )
18:20:33.0562 0x048c  Detect skipped due to KSN trusted
18:20:33.0562 0x048c  NTIDrvr - ok
18:20:33.0593 0x048c  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
18:20:33.0656 0x048c  ntrigdigi - ok
18:20:33.0671 0x048c  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
18:20:33.0718 0x048c  Null - ok
18:20:33.0781 0x048c  [ E69E946F80C1C31C53003BFBF50CBB7C, A0A4BC57822B2CBC75602A969E28DCEDE04B41CC084E1EF1532B1BCDAEAA43BB ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:20:33.0812 0x048c  nvraid - ok
18:20:33.0827 0x048c  [ 9E0BA19A28C498A6D323D065DB76DFFC, EA9E33ED2820ED39932FAE114A9CF1D87780ED6605D0260A6F22F920B48F34E9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:20:33.0843 0x048c  nvstor - ok
18:20:33.0890 0x048c  [ 07C186427EB8FCC3D8D7927187F260F7, 9AFDE1CB7B7232BD019804BFC691580B9CC2E51A5BC0E5584B23907D532600D8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:20:33.0921 0x048c  nv_agp - ok
18:20:33.0937 0x048c  NwlnkFlt - ok
18:20:33.0968 0x048c  NwlnkFwd - ok
18:20:34.0124 0x048c  [ D955D5DE998DB2476BF0892BE3A96C26, 3828FC1D4A4F9CD685E6D938B92370A602B84A3ACE2C9A674B3B59E633B0AE07 ] o2flash         C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
18:20:34.0186 0x048c  o2flash - detected UnsignedFile.Multi.Generic ( 1 )
18:20:36.0698 0x048c  Detect skipped due to KSN trusted
18:20:36.0698 0x048c  o2flash - ok
18:20:36.0760 0x048c  [ 36ED541FF0AD27D7F1C1E8F86F026309, F4E5DC49BCAC65815EC7EB1C3C9A350ADF9BEC69830C8581662D0EB26155279A ] O2MDRDR         C:\Windows\system32\DRIVERS\o2media.sys
18:20:36.0838 0x048c  O2MDRDR - ok
18:20:36.0901 0x048c  [ F3D467025D365A96B5E51C6229562716, C912505744D823038F571FB18E66C10CAFABA55A52407A20D0E4FBCE40E6F333 ] O2SDRDR         C:\Windows\system32\DRIVERS\o2sd.sys
18:20:36.0979 0x048c  O2SDRDR - ok
18:20:37.0244 0x048c  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:20:37.0400 0x048c  odserv - ok
18:20:37.0525 0x048c  [ 6F310E890D46E246E0E261A63D9B36B4, 7050B0C43CC0DF2DDAD3EB8D2FF9EEE425A627C68654CBB154D55A4B1A47AA08 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
18:20:37.0587 0x048c  ohci1394 - ok
18:20:37.0696 0x048c  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:20:37.0821 0x048c  ose - ok
18:20:38.0133 0x048c  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
18:20:38.0554 0x048c  p2pimsvc - ok
18:20:38.0726 0x048c  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:20:38.0819 0x048c  p2psvc - ok
18:20:38.0866 0x048c  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
18:20:39.0053 0x048c  Parport - ok
18:20:39.0131 0x048c  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:20:39.0194 0x048c  partmgr - ok
18:20:39.0225 0x048c  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
18:20:39.0334 0x048c  Parvdm - ok
18:20:39.0443 0x048c  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:20:39.0880 0x048c  PcaSvc - ok
18:20:40.0005 0x048c  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
18:20:40.0130 0x048c  pci - ok
18:20:40.0177 0x048c  [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide          C:\Windows\system32\drivers\pciide.sys
18:20:40.0192 0x048c  pciide - ok
18:20:40.0286 0x048c  [ 3BB2244F343B610C29C98035504C9B75, DA61EC2600199DFA32020D0484E9BBF5E0742E7C8C952370BF6FAF91C914A999 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:20:40.0317 0x048c  pcmcia - ok
18:20:40.0333 0x048c  PCTINDIS5 - ok
18:20:40.0442 0x048c  [ CF4F42B6F3F25D777E02D01EF8902821, C37572F9830162E0BF732A6D9C08DD5926A3452B5B74B5C5B0338D58569C1152 ] PDAgent         C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
18:20:40.0489 0x048c  PDAgent - ok
18:20:40.0754 0x048c  [ 24789D5E19BBBE02551EBBA59F36080B, 3C9B96A1BBF65BB800660AFBE12B91BD0FC0F77F8773EC4195A2CC6C88512870 ] PDEngine        C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
18:20:40.0816 0x048c  PDEngine - ok
18:20:41.0066 0x048c  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:20:41.0222 0x048c  PEAUTH - ok
18:20:41.0768 0x048c  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
18:20:41.0908 0x048c  pla - ok
18:20:42.0002 0x048c  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:20:42.0049 0x048c  PlugPlay - ok
18:20:42.0142 0x048c  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
18:20:42.0189 0x048c  PNRPAutoReg - ok
18:20:42.0298 0x048c  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
18:20:42.0376 0x048c  PNRPsvc - ok
18:20:42.0454 0x048c  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:20:42.0532 0x048c  PolicyAgent - ok
18:20:42.0579 0x048c  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:20:42.0610 0x048c  PptpMiniport - ok
18:20:42.0657 0x048c  [ 0E3CEF5D28B40CF273281D620C50700A, 8ADA99B4563AE2129B95136295EE92A94102B035EBBC83D4C8587ECE8B0DEE60 ] Processor       C:\Windows\system32\drivers\processr.sys
18:20:42.0751 0x048c  Processor - ok
18:20:42.0782 0x048c  [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc         C:\Windows\system32\profsvc.dll
18:20:42.0829 0x048c  ProfSvc - ok
18:20:42.0860 0x048c  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
18:20:42.0891 0x048c  ProtectedStorage - ok
18:20:42.0938 0x048c  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
18:20:42.0985 0x048c  PSched - ok
18:20:43.0031 0x048c  [ 03E0FE281823BA64B3782F5B38950E73, D47E5536AD28D02B7D784846CFB2F4FD96187BFD64FC07BACDE9DC7B75D1D2E2 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
18:20:43.0047 0x048c  PxHelp20 - ok
18:20:43.0109 0x048c  [ CCDAC889326317792480C0A67156A1EC, 3D3B561B6D4E12DE442C98993C929765F002AF5CFB5A00EFACE6ABE957F7E8AF ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:20:43.0203 0x048c  ql2300 - ok
18:20:43.0219 0x048c  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:20:43.0234 0x048c  ql40xx - ok
18:20:43.0281 0x048c  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
18:20:43.0343 0x048c  QWAVE - ok
18:20:43.0375 0x048c  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:20:43.0406 0x048c  QWAVEdrv - ok
18:20:43.0546 0x048c  [ AB51E1F08C8E789D6C9E8B94D15BE9A9, 35386087B0D57D181FE39E4AFBFFE4DB5B827DACA6D87F1F5563B26547993E24 ] RapportCerberus_59849 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys
18:20:43.0577 0x048c  RapportCerberus_59849 - ok
18:20:43.0687 0x048c  [ 528534113F229E56C2F22202AE2589B2, BB32E84C30D8806B0DA727312D39B19F29A924D346E42593FABFFA8BDAE01D08 ] RapportEI       C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
18:20:43.0702 0x048c  RapportEI - ok
18:20:43.0733 0x048c  [ A2882E8E32852F1FC46BB7ACF3E9F1B5, E0AFA723DE37EB46FE311DBD6BA7B07B119D7680581DB7DA12441401A849B0CB ] RapportKELL     C:\Windows\system32\Drivers\RapportKELL.sys
18:20:43.0749 0x048c  RapportKELL - ok
18:20:43.0843 0x048c  [ B22ACB059BD52A7091C54F16AEE8F040, 91548AC65FC3580A0B059C24B4C5F670A688F143293FE88707685252AE52BA1F ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
18:20:43.0967 0x048c  RapportMgmtService - ok
18:20:43.0999 0x048c  [ A621844BCFAED0DDF5808B032E296AED, 5280C6A5C30322F69FA79696F97503CC420CCCC07868FD9A6ACC380EC4AE2CBF ] RapportPG       C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
18:20:44.0045 0x048c  RapportPG - ok
18:20:44.0077 0x048c  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:20:44.0139 0x048c  RasAcd - ok
18:20:44.0170 0x048c  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
18:20:44.0233 0x048c  RasAuto - ok
18:20:44.0311 0x048c  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:20:44.0373 0x048c  Rasl2tp - ok
18:20:44.0404 0x048c  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
18:20:44.0467 0x048c  RasMan - ok
18:20:44.0498 0x048c  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:20:44.0545 0x048c  RasPppoe - ok
18:20:44.0576 0x048c  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:20:44.0591 0x048c  RasSstp - ok
18:20:44.0654 0x048c  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:20:44.0716 0x048c  rdbss - ok
18:20:44.0763 0x048c  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:20:44.0810 0x048c  RDPCDD - ok
18:20:44.0888 0x048c  [ E8BD98D46F2ED77132BA927FCCB47D8B, 5187CF8F00AD67EDDF27DF675F3210C0D72E552578A89C58DF6953B1D5BEBCB8 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
18:20:44.0966 0x048c  rdpdr - ok
18:20:44.0981 0x048c  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:20:45.0044 0x048c  RDPENCDD - ok
18:20:45.0091 0x048c  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:20:45.0137 0x048c  RDPWD - ok
18:20:45.0184 0x048c  [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
18:20:45.0231 0x048c  RealNetworks Downloader Resolver Service - ok
18:20:45.0262 0x048c  [ 4351FD537D4B5BFB5CC73ABBECD9D678, 29726DEFBBC8B92D401382870DA000EA18233BC7E8CF14CFAA155E8CC5FA85BC ] RegFilter       C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys
18:20:45.0309 0x048c  RegFilter - ok
18:20:45.0434 0x048c  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:20:45.0621 0x048c  RemoteAccess - ok
18:20:45.0699 0x048c  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:20:45.0777 0x048c  RemoteRegistry - ok
18:20:45.0995 0x048c  [ 2DE0A33A7E58BEDC8D70B1940E0FFE28, C813B5BACBC5D878C9ADFEBD81626E708464DFDB18659C147AB4794E678BC265 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
18:20:46.0058 0x048c  RichVideo - ok
18:20:46.0120 0x048c  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
18:20:46.0557 0x048c  RpcLocator - ok
18:20:46.0978 0x048c  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
18:20:47.0025 0x048c  RpcSs - ok
18:20:47.0165 0x048c  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:20:47.0290 0x048c  rspndr - ok
18:20:47.0368 0x048c  [ 283392AF1860ECDB5E0F8EBD7F3D72DF, B947025A41D7A16C48330ECE469860023D2109537A3DDC631C8EF9672687FF93 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
18:20:47.0493 0x048c  RTL8169 - ok
18:20:47.0555 0x048c  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
18:20:47.0571 0x048c  SamSs - ok
18:20:47.0602 0x048c  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:20:47.0758 0x048c  sbp2port - ok
18:20:47.0884 0x048c  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:20:48.0047 0x048c  SCardSvr - ok
18:20:48.0489 0x048c  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
18:20:48.0766 0x048c  Schedule - ok
18:20:48.0964 0x048c  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:20:48.0987 0x048c  SCPolicySvc - ok
18:20:49.0043 0x048c  [ 7B3973CC28B8AA3E9E2E5D53E720E2C9, 55A642869F92FCAA8FC149E61297D82FF2510D34FE22E84827E18A3D057D98DA ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
18:20:49.0267 0x048c  sdbus - ok
18:20:49.0354 0x048c  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:20:49.0593 0x048c  SDRSVC - ok
18:20:49.0671 0x048c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:20:49.0833 0x048c  secdrv - ok
18:20:50.0007 0x048c  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
18:20:50.0091 0x048c  seclogon - ok
18:20:50.0203 0x048c  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
18:20:50.0290 0x048c  SENS - ok
18:20:50.0361 0x048c  [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\drivers\serenum.sys
18:20:50.0433 0x048c  Serenum - ok
18:20:50.0485 0x048c  [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
18:20:50.0628 0x048c  Serial - ok
18:20:50.0673 0x048c  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:20:50.0734 0x048c  sermouse - ok
18:20:50.0799 0x048c  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:20:50.0881 0x048c  SessionEnv - ok
18:20:50.0935 0x048c  [ 103B79418DA647736EE95645F305F68A, E4D356FD8C62B616D3584FE84905995A1CEE452288E3A456CC358FF41FEAB1B7 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:20:51.0007 0x048c  sffdisk - ok
18:20:51.0038 0x048c  [ 8FD08A310645FE872EEEC6E08C6BF3EE, 702A148C9DE172E7B5E331F057487255E0729FD42F949BB0FF2D5A01775933CF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:20:51.0122 0x048c  sffp_mmc - ok
18:20:51.0149 0x048c  [ 9CFA05FCFCB7124E69CFC812B72F9614, E9CFCE695E4D1AF146781CFAA295878536E573F06AEA65438878DE29EC9959AD ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:20:51.0238 0x048c  sffp_sd - ok
18:20:51.0256 0x048c  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:20:51.0349 0x048c  sfloppy - ok
18:20:51.0501 0x048c  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:20:51.0588 0x048c  SharedAccess - ok
18:20:51.0682 0x048c  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:20:51.0752 0x048c  ShellHWDetection - ok
18:20:51.0780 0x048c  [ D2A595D6EEBEEAF4334F8E50EFBC9931, 851B8205C657BF806C4D815DC75356E99B4246016B6E1C1F51BAF8AD1E6D5299 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
18:20:51.0794 0x048c  sisagp - ok
18:20:51.0823 0x048c  [ CEDD6F4E7D84E9F98B34B3FE988373AA, E102977E6FAC30B5ABEEC0B412A9F2A10C5C42F4D9C3AD69296BF9E1E88B6141 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
18:20:51.0843 0x048c  SiSRaid2 - ok
18:20:51.0879 0x048c  [ DF843C528C4F69D12CE41CE462E973A7, A2BEC74FCB8D8B6B9D8DD4746C013DFDF1DD662AEFE9B88CA495E5B83B4A76F9 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:20:51.0906 0x048c  SiSRaid4 - ok
18:20:52.0374 0x048c  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
18:20:54.0245 0x048c  slsvc - ok
18:20:54.0345 0x048c  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
18:20:54.0427 0x048c  SLUINotify - ok
18:20:54.0533 0x048c  [ 70C20DDD0B62E7325962349FCF9F36F2, D5547E69D1643DC7D6C3A79B888E92ACE9D4DD4549B24B78829912D61AD73903 ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
18:20:54.0584 0x048c  SmartDefragDriver - ok
18:20:54.0668 0x048c  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:20:54.0717 0x048c  Smb - ok
18:20:54.0805 0x048c  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:20:54.0848 0x048c  SNMPTRAP - ok
18:20:55.0517 0x048c  [ 1C550748F896E53B7B0FE7717845132B, B745D22DCB6AFFCC9B5E0BF38B68440B54080B17ED9DF7EB414F84EB035E1F30 ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
18:20:57.0028 0x048c  SNP2UVC - ok
18:20:57.0068 0x048c  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:20:57.0097 0x048c  spldr - ok
18:20:57.0157 0x048c  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
18:20:57.0227 0x048c  Spooler - ok
18:20:57.0286 0x048c  [ 86EBD8B1F23E743AAD21F4D5B4D40985, 8FA4DFDAE15712266B878C364FEFDB63CB30A3DCC25F83CDFE8C8AB3AE864BE6 ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:20:57.0340 0x048c  SQLBrowser - ok
18:20:57.0388 0x048c  [ D89083C4EB02DACA8F944B0E05E57F9D, F96416B5877C280B4EE088A83956E0202F82DC5EACDEEFF06D5979FFFAA9FA74 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:20:57.0419 0x048c  SQLWriter - ok
18:20:57.0526 0x048c  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:20:57.0650 0x048c  srv - ok
18:20:57.0725 0x048c  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:20:57.0810 0x048c  srv2 - ok
18:20:57.0839 0x048c  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:20:57.0867 0x048c  srvnet - ok
18:20:57.0988 0x048c  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:20:58.0071 0x048c  SSDPSRV - ok
18:20:58.0261 0x048c  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:20:58.0366 0x048c  SstpSvc - ok
18:20:58.0504 0x048c  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
18:20:58.0691 0x048c  stisvc - ok
18:20:58.0780 0x048c  [ 7489520E98A119B5A9A00857F4F87D16, 818E070C16A85DD641A865CF439FF862A0D05B1E18B2329C24E8983074E0354E ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
18:20:58.0832 0x048c  stllssvr - ok
18:20:58.0978 0x048c  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:20:58.0992 0x048c  swenum - ok
18:20:59.0161 0x048c  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
18:20:59.0296 0x048c  swprv - ok
18:20:59.0408 0x048c  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
18:20:59.0586 0x048c  Symc8xx - ok
18:20:59.0741 0x048c  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
18:20:59.0857 0x048c  Sym_hi - ok
18:21:00.0065 0x048c  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
18:21:00.0108 0x048c  Sym_u3 - ok
18:21:00.0217 0x048c  [ F7A4250BB3E3AFCD4AF100E551509352, 9315238985753F3E89127D29DD6EC74C4817FEA6E179DB452A03AB247C28794D ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
18:21:00.0233 0x048c  SynTP - ok
18:21:00.0651 0x048c  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
18:21:01.0410 0x048c  SysMain - ok
18:21:01.0631 0x048c  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:21:01.0775 0x048c  TabletInputService - ok
18:21:01.0910 0x048c  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:21:02.0076 0x048c  TapiSrv - ok
18:21:02.0213 0x048c  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
18:21:02.0404 0x048c  TBS - ok
18:21:02.0913 0x048c  [ 6D0D344F643E28B31262AC2682109A3C, 276736661876CE69A30CEED117AFCF26677221F278E234B9C7D03B85869B2C92 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:21:04.0096 0x048c  Tcpip - ok
18:21:04.0686 0x048c  [ 6D0D344F643E28B31262AC2682109A3C, 276736661876CE69A30CEED117AFCF26677221F278E234B9C7D03B85869B2C92 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
18:21:04.0880 0x048c  Tcpip6 - ok
18:21:05.0019 0x048c  [ 5877A786EF27E42C4E84D1356F922302, 1CDCC7D91086DC0FE80057EE8E1AE609A38DD9D241BC17145E7811C916E662C3 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:21:05.0064 0x048c  tcpipreg - ok
18:21:05.0125 0x048c  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:21:05.0177 0x048c  TDPIPE - ok
18:21:05.0363 0x048c  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:21:05.0502 0x048c  TDTCP - ok
18:21:05.0641 0x048c  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:21:05.0770 0x048c  tdx - ok
18:21:05.0860 0x048c  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:21:05.0875 0x048c  TermDD - ok
18:21:05.0917 0x048c  [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService     C:\Windows\System32\termsrv.dll
18:21:06.0191 0x048c  TermService - ok
18:21:06.0254 0x048c  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
18:21:06.0282 0x048c  Themes - ok
18:21:06.0354 0x048c  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
18:21:06.0388 0x048c  THREADORDER - ok
18:21:06.0491 0x048c  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
18:21:06.0623 0x048c  TrkWks - ok
18:21:06.0827 0x048c  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:21:06.0947 0x048c  TrustedInstaller - ok
18:21:07.0189 0x048c  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:21:07.0292 0x048c  tssecsrv - ok
18:21:07.0393 0x048c  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
18:21:07.0487 0x048c  tunmp - ok
18:21:07.0571 0x048c  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:21:07.0662 0x048c  tunnel - ok
18:21:07.0763 0x048c  [ C3ADE15414120033A36C0F293D4A4121, 74A002C4B5EBD94E33EDEACB6639AF44ED72A8DDE3083C6DE71C1EE937EF1A9C ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:21:07.0839 0x048c  uagp35 - ok
18:21:07.0988 0x048c  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:21:08.0217 0x048c  udfs - ok
18:21:08.0409 0x048c  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:21:08.0465 0x048c  UI0Detect - ok
18:21:08.0539 0x048c  [ 75E6890EBFCE0841D3291B02E7A8BDB0, FDF9CDCCCCC0AA2A52623C5A67AC5F5224557EE4C8F6487CB13CAEB012575E2A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:21:08.0567 0x048c  uliagpkx - ok
18:21:08.0643 0x048c  [ 3CD4EA35A6221B85DCC25DAA46313F8D, 100A7E12B8EA395F70A00874328E87B930CE88FF442F3576FE88B105A22E04C5 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
18:21:08.0666 0x048c  uliahci - ok
18:21:08.0728 0x048c  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
18:21:08.0786 0x048c  UlSata - ok
18:21:08.0816 0x048c  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
18:21:08.0838 0x048c  ulsata2 - ok
18:21:08.0933 0x048c  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:21:09.0020 0x048c  umbus - ok
18:21:09.0130 0x048c  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
18:21:09.0188 0x048c  upnphost - ok
18:21:09.0223 0x048c  [ 9D6B3BF280120750A88BC8E08A2DE9CB, BEDFE055682F82732426B29FFE08CF57E07A620A800309C4CD40509F027C308E ] UrlFilter       C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys
18:21:09.0292 0x048c  UrlFilter - ok
18:21:09.0369 0x048c  [ 1114579556DB85E9FAF9590DBC64CD62, 10479A3C12BBBB9B5759082358FE11AC20BAEFA6B4977C8AE6E60AA17BE6C7FA ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
18:21:09.0462 0x048c  usbaudio - ok
18:21:09.0557 0x048c  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:21:09.0747 0x048c  usbccgp - ok
18:21:09.0779 0x048c  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:21:09.0938 0x048c  usbcir - ok
18:21:10.0015 0x048c  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:21:10.0077 0x048c  usbehci - ok
18:21:10.0220 0x048c  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:21:10.0343 0x048c  usbhub - ok
18:21:10.0388 0x048c  [ D457EBD0C3A8B3A3A144355B5EE91CBC, 6AD52BDBB1607A48F0B02E663B97C3A00E3345B1B12C259608A5AE728C1C06B2 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
18:21:10.0464 0x048c  usbohci - ok
18:21:10.0502 0x048c  [ B51E52ACF758BE00EF3A58EA452FE360, 79E629EC5DE8AB7F31B0EE9AE94C71E8F703FED5C09A816228726974F7790C85 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
18:21:10.0625 0x048c  usbprint - ok
18:21:10.0685 0x048c  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:21:10.0739 0x048c  USBSTOR - ok
18:21:10.0776 0x048c  [ 325DBBACB8A36AF9988CCF40EAC228CC, 22FE5658A12296634FBE9D8565485BEE8CB200C47182F70DC9D2B0442E10C4AA ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
18:21:10.0857 0x048c  usbuhci - ok
18:21:10.0900 0x048c  [ 0A6B81F01BC86399482E27E6FDA7B33B, EDED102916634ADE83F5ACE327E2E3FF1C145A35A80320FAF03872B069DDA626 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
18:21:11.0049 0x048c  usbvideo - ok
18:21:11.0082 0x048c  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
18:21:11.0122 0x048c  UxSms - ok
18:21:11.0171 0x048c  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
18:21:11.0236 0x048c  vds - ok
18:21:11.0264 0x048c  [ 7D92BE0028ECDEDEC74617009084B5EF, D0749CE6FA3415BA4364299F8D6D53F133E8D2F44C6F1057996243415A540A53 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:21:11.0328 0x048c  vga - ok
18:21:11.0374 0x048c  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:21:11.0443 0x048c  VgaSave - ok
18:21:11.0465 0x048c  [ 045D9961E591CF0674A920B6BA3BA5CB, EBF498A0424CEA0F7ECBAAE144A8669CE6B5DD67115DE22CEC5A46AED26CD90B ] viaagp          C:\Windows\system32\drivers\viaagp.sys
18:21:11.0530 0x048c  viaagp - ok
18:21:11.0553 0x048c  [ 56A4DE5F02F2E88182B0981119B4DD98, 36FC94BCFD41907838DBCB02E6EA24065FDED4224239CD19E90D14433BE9108B ] ViaC7           C:\Windows\system32\drivers\viac7.sys
18:21:11.0680 0x048c  ViaC7 - ok
18:21:11.0738 0x048c  [ FD2E3175FCADA350C7AB4521DCA187EC, 1C914B184478611A27E0141F90EBC34FC63DFB2A83441DD36DFA43D945FB1C52 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:21:11.0781 0x048c  viaide - ok
18:21:11.0832 0x048c  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:21:11.0849 0x048c  volmgr - ok
18:21:11.0962 0x048c  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:21:12.0022 0x048c  volmgrx - ok
18:21:12.0089 0x048c  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:21:12.0119 0x048c  volsnap - ok
18:21:12.0151 0x048c  [ D984439746D42B30FC65A4C3546C6829, B134A9890638C2B4964A9C30812A2828A3E0CC641690CBF22D9FCE65EE3C2385 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:21:12.0194 0x048c  vsmraid - ok
18:21:12.0295 0x048c  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
18:21:12.0571 0x048c  VSS - ok
18:21:12.0612 0x048c  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
18:21:12.0656 0x048c  W32Time - ok
18:21:12.0680 0x048c  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:21:12.0777 0x048c  WacomPen - ok
18:21:12.0824 0x048c  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
18:21:12.0853 0x048c  Wanarp - ok
18:21:12.0860 0x048c  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:21:12.0887 0x048c  Wanarpv6 - ok
18:21:12.0939 0x048c  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:21:13.0012 0x048c  wcncsvc - ok
18:21:13.0070 0x048c  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:21:13.0120 0x048c  WcsPlugInService - ok
18:21:13.0179 0x048c  [ AFC5AD65B991C1E205CF25CFDBF7A6F4, 544173AE85A11B99B9221DB30B6803DAEB3EB7FCA57FE62F0D13EF70B9C69A89 ] Wd              C:\Windows\system32\drivers\wd.sys
18:21:13.0194 0x048c  Wd - ok
18:21:13.0255 0x048c  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:21:13.0535 0x048c  Wdf01000 - ok
18:21:13.0606 0x048c  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:21:13.0721 0x048c  WdiServiceHost - ok
18:21:13.0769 0x048c  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:21:13.0804 0x048c  WdiSystemHost - ok
18:21:13.0883 0x048c  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
18:21:13.0910 0x048c  WebClient - ok
18:21:13.0956 0x048c  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:21:14.0012 0x048c  Wecsvc - ok
18:21:14.0077 0x048c  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:21:14.0122 0x048c  wercplsupport - ok
18:21:14.0188 0x048c  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:21:14.0238 0x048c  WerSvc - ok
18:21:14.0302 0x048c  [ CF27EDAC75C87F2B776D9218F02F8301, F54CBDF3B8253653E7E308AC9CBD7EEBC414628E215BF4FC2B6276D79DB5055A ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:21:14.0370 0x048c  winachsf - ok
18:21:14.0502 0x048c  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
18:21:14.0527 0x048c  WinDefend - ok
18:21:14.0537 0x048c  WinHttpAutoProxySvc - ok
18:21:14.0616 0x048c  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:21:14.0672 0x048c  Winmgmt - ok
18:21:14.0727 0x048c  [ 845AF1BA23C8D5E64DEF61BCC441604C, 206EE7A7C3F4D9496F742CCB84718F556ECB4BA2A95FE7E0CDF3A003FFBE4597 ] WinRing0_1_2_0  C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys
18:21:14.0742 0x048c  WinRing0_1_2_0 - ok
18:21:14.0836 0x048c  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
18:21:14.0992 0x048c  WinRM - ok
18:21:15.0085 0x048c  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:21:15.0164 0x048c  Wlansvc - ok
18:21:15.0304 0x048c  [ 94A85E956A065E23E0010A6A7826243B, F70A8301D071667718F04A9F261946ED8D64EE1B08055C518186252198F8F3F1 ] WLSetupSvc      C:\Program Files\Windows Live\installer\WLSetupSvc.exe
18:21:15.0345 0x048c  WLSetupSvc - detected UnsignedFile.Multi.Generic ( 1 )
18:21:17.0881 0x048c  Detect skipped due to KSN trusted
18:21:17.0881 0x048c  WLSetupSvc - ok
18:21:17.0947 0x048c  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
18:21:17.0986 0x048c  WmiAcpi - ok
18:21:18.0019 0x048c  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:21:18.0048 0x048c  wmiApSrv - ok
18:21:18.0154 0x048c  [ E8781CF1A4262881897444D22921A3A6, F63FD9BCE5549FC9FC788066E438CF46CFA0B1CA92D89A7CBDE6A2AA9B76754A ] WMIService      C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
18:21:18.0183 0x048c  WMIService - detected UnsignedFile.Multi.Generic ( 1 )
18:21:20.0988 0x048c  Detect skipped due to KSN trusted
18:21:20.0988 0x048c  WMIService - ok
18:21:21.0120 0x048c  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
18:21:21.0252 0x048c  WMPNetworkSvc - ok
18:21:21.0300 0x048c  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:21:21.0358 0x048c  WPCSvc - ok
18:21:21.0394 0x048c  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:21:21.0441 0x048c  WPDBusEnum - ok
18:21:21.0476 0x048c  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
18:21:21.0492 0x048c  WpdUsb - ok
18:21:21.0684 0x048c  [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:21:21.0752 0x048c  WPFFontCache_v0400 - ok
18:21:21.0800 0x048c  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:21:21.0843 0x048c  ws2ifsl - ok
18:21:21.0902 0x048c  [ F67C4950E3B07684AC483CB718C2A3C1, DF0B2358E46DE4B795994A21483BA702BE1A958F3DE60E419595F2CD37D01F7C ] WsAudio_Device(1) C:\Windows\system32\drivers\VirtualAudio1.sys
18:21:21.0915 0x048c  WsAudio_Device(1) - ok
18:21:21.0950 0x048c  [ F67C4950E3B07684AC483CB718C2A3C1, DF0B2358E46DE4B795994A21483BA702BE1A958F3DE60E419595F2CD37D01F7C ] WsAudio_Device(2) C:\Windows\system32\drivers\VirtualAudio2.sys
18:21:21.0963 0x048c  WsAudio_Device(2) - ok
18:21:21.0991 0x048c  [ F67C4950E3B07684AC483CB718C2A3C1, DF0B2358E46DE4B795994A21483BA702BE1A958F3DE60E419595F2CD37D01F7C ] WsAudio_Device(3) C:\Windows\system32\drivers\VirtualAudio3.sys
18:21:22.0011 0x048c  WsAudio_Device(3) - ok
18:21:22.0089 0x048c  [ F67C4950E3B07684AC483CB718C2A3C1, DF0B2358E46DE4B795994A21483BA702BE1A958F3DE60E419595F2CD37D01F7C ] WsAudio_Device(4) C:\Windows\system32\drivers\VirtualAudio4.sys
18:21:22.0101 0x048c  WsAudio_Device(4) - ok
18:21:22.0128 0x048c  [ F67C4950E3B07684AC483CB718C2A3C1, DF0B2358E46DE4B795994A21483BA702BE1A958F3DE60E419595F2CD37D01F7C ] WsAudio_Device(5) C:\Windows\system32\drivers\VirtualAudio5.sys
18:21:22.0140 0x048c  WsAudio_Device(5) - ok
18:21:22.0169 0x048c  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\System32\wscsvc.dll
18:21:22.0201 0x048c  wscsvc - ok
18:21:22.0208 0x048c  WSearch - ok
18:21:22.0339 0x048c  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:21:22.0508 0x048c  wuauserv - ok
18:21:22.0555 0x048c  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:21:22.0596 0x048c  WudfPf - ok
18:21:22.0628 0x048c  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:21:22.0666 0x048c  WUDFRd - ok
18:21:22.0707 0x048c  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:21:22.0727 0x048c  wudfsvc - ok
18:21:22.0763 0x048c  [ 5A7FF9A18FF6D7E0527FE3ABF9204EF8, 3660379AADB6DB56E54D9C680929CD3882CDE4E6A8BB888FC892110D6B50C627 ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
18:21:22.0775 0x048c  XAudio - ok
18:21:22.0814 0x048c  [ 28DC5D626E036A75A572556F0A6EB1F6, 9AE635C08B87AD85A552ADE0AF8BA10DC258E0DEFE133A2A74EFCD43B7A38A98 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
18:21:22.0859 0x048c  XAudioService - ok
18:21:22.0991 0x048c  [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService  C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
18:21:23.0042 0x048c  YahooAUService - ok
18:21:23.0127 0x048c  [ 04E268ADFC81964C49DC0C082D520F7E, 7D2574E366636AB1D59A08FE3038268095D627C39636C6ED6BCE1D5ACB44A179 ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
18:21:23.0174 0x048c  yukonwlh - ok
18:21:23.0229 0x048c  [ 8098180B3F6C430A4E60333BC036F936, 6304EDA656039EE846B31F8DC9466EA55A6435C93CF5D5E2D81284ADF0F292C2 ] {95808DC4-FA4A-4c74-92FE-5B863F82066B} C:\Program Files\CyberLink\PowerDVD\000.fcl
18:21:23.0239 0x048c  {95808DC4-FA4A-4c74-92FE-5B863F82066B} - ok
18:21:23.0243 0x048c  ================ Scan global ===============================
18:21:23.0311 0x048c  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
18:21:23.0362 0x048c  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
18:21:23.0413 0x048c  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
18:21:23.0469 0x048c  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
18:21:23.0482 0x048c  [ Global ] - ok
18:21:23.0483 0x048c  ================ Scan MBR ==================================
18:21:23.0501 0x048c  [ 6FC6F9186C07BCA94E140F63BFE6E9B4 ] \Device\Harddisk0\DR0
18:21:26.0710 0x048c  \Device\Harddisk0\DR0 - ok
18:21:26.0711 0x048c  ================ Scan VBR ==================================
18:21:26.0714 0x048c  [ 54016FA80C1894C1E779FD30FCB51E17 ] \Device\Harddisk0\DR0\Partition1
18:21:26.0759 0x048c  \Device\Harddisk0\DR0\Partition1 - ok
18:21:26.0763 0x048c  [ EA553778C95CC2A99404A6EEC0D07006 ] \Device\Harddisk0\DR0\Partition2
18:21:26.0778 0x048c  \Device\Harddisk0\DR0\Partition2 - ok
18:21:26.0779 0x048c  Waiting for KSN requests completion. In queue: 21
18:21:27.0779 0x048c  Waiting for KSN requests completion. In queue: 21
18:21:28.0779 0x048c  Waiting for KSN requests completion. In queue: 21
18:21:29.0854 0x048c  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.4.304.0 ), 0x60000 ( disabled : updated )
18:21:29.0888 0x048c  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 8.0.1497.376 ), 0x41000 ( enabled : updated )
18:21:29.0897 0x048c  Win FW state via NFP2: enabled
18:21:32.0453 0x048c  ============================================================
18:21:32.0453 0x048c  Scan finished
18:21:32.0453 0x048c  ============================================================
18:21:32.0467 0x0288  Detected object count: 0
18:21:32.0467 0x0288  Actual detected object count: 0


#5 oakminde

oakminde
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 26 February 2014 - 07:58 PM

I was unable to check the loaded modules checkbox for the killer program.  It did, indeed, require a reboot.  Unfortunately, upon restart, my computer still shuts down, so I am forced to make it go into safe mode.  Apparently the killer program does not recognize that as a valid reboot.



#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:00 AM

Posted 27 February 2014 - 11:21 AM

Hi,
 
Ah, sorry. Don't worry about that.
 
The Malwarebytes log shows no action taken on those files, please run the program again and make sure to check all detected.
 
---------------

 

Please download Autoruns.
 
Open Downloads in your browser and click on the Autoruns download.
 
Click on Run to initiate the installation.
 
When Autoruns loads you will see an image similar to the one below.
 
autorunsscreen_zps2ac55e2e.png
 
Click on File, then click on Save.
 
Choose Desktop as the destination, then click on the down arrow in the Save as type: box and click on Text (*.txt), then click on Save.
 
There will be a Text icon on the desktop titled AutoRuns, click on it to open the log.
 
Copy the log and paste it in your next post.
 
xXToffeeXx~

Edited by xXToffeeXx, 27 February 2014 - 11:21 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 oakminde

oakminde
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 27 February 2014 - 01:12 PM

Ok, here is the second run on malware bytes.  I think I copied the first log too early, before it did its thing with what it found.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.26.08
 
Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
bestbuy :: MICHAEL [administrator]
 
2/27/2014 10:46:08 AM
mbam-log-2014-02-27 (10-46-08).txt
 
Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 380657
Time elapsed: 1 hour(s), 19 minute(s), 56 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bad: (http://search.conduit.com?SearchSource=10&CUI=UN30031590291838819&UM=2&ctid=CT3289847) Good: (http://www.google.com) -> Quarantined and repaired successfully.
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#8 oakminde

oakminde
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 27 February 2014 - 01:18 PM

And here is the Autoruns log.

 

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" "" "11/2/2006 6:49 AM"
+ "rdpclip" "" "" "File not found: rdpclip" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "2/27/2014 10:37 AM"
+ "Acer Product Registration" "Acer Product Registration" "Leader Technologies" "c:\program files\acer registration\ace1.exe" "2/2/2007 1:24 PM"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files\adobe\reader 8.0\reader\reader_sl.exe" "1/12/2008 12:16 AM"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe" "4/16/2013 9:13 PM"
+ "avast" "avast! Antivirus" "AVAST Software" "c:\program files\avast software\avast\avastui.exe" "8/30/2013 1:41 AM"
+ "IObit Malware Fighter" "IObit Malware Fighter" "IObit" "c:\program files\iobit\iobit malware fighter\imf.exe" "12/13/2013 3:43 AM"
+ "LanguageShortcut" "Language Application" "" "c:\program files\cyberlink\powerdvd\language\language.exe" "12/5/2006 8:54 AM"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe" "10/23/2013 3:54 PM"
+ "PLFSet" "The utilities for device installation" " " "c:\windows\plfset.dll" "4/23/2007 9:29 PM"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe" "5/1/2013 4:42 AM"
+ "RemoteControl" "PowerDVD RC Service" "Cyberlink Corp." "c:\program files\cyberlink\powerdvd\pdvdserv.exe" "12/6/2006 4:27 AM"
+ "RtHDVCpl" "HD Audio Control Panel" "Realtek Semiconductor" "c:\windows\rthdvcpl.exe" "8/16/2007 11:26 PM"
+ "SearchSettings" "Search Settings" "Spigot, Inc." "c:\program files\common files\spigot\search settings\searchsettings.exe" "6/7/2013 8:12 AM"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics, Inc." "c:\program files\synaptics\syntp\syntpenh.exe" "10/23/2006 12:00 PM"
+ "TkBellExe" "RealNetworks Scheduler" "RealNetworks, Inc." "c:\program files\real\realplayer\update\realsched.exe" "8/14/2013 6:12 PM"
+ "Windows Defender" "Windows Defender User Interface" "Microsoft Corporation" "c:\program files\windows defender\msascui.exe" "1/18/2008 11:42 PM"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" "5/24/2013 1:13 AM"
+ "Google Chrome" "Google Chrome" "Google Inc." "c:\program files\google\chrome\application\33.0.1750.117\installer\chrmstp.exe" "2/19/2014 4:40 PM"
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "1/18/2008 11:47 PM"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" "" "1/16/2014 9:05 AM"
+ "Amazon Cloud Player" "" "" "c:\users\bestbuy\appdata\local\amazon cloud player\amazon music helper.exe" "6/21/2013 5:23 PM"
+ "Google Update" "Google Installer" "Google Inc." "c:\users\bestbuy\appdata\local\google\update\googleupdate.exe" "3/9/2010 12:10 AM"
+ "SanDiskSecureAccess_Manager.exe" "RunSanDiskSecureAccess_Win" "Gemalto N.V." "c:\users\bestbuy\appdata\roaming\sandisk\sandisksecureaccess_manager.exe" "2/14/2012 5:37 PM"
+ "WMPNSCFG" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe" "1/19/2008 12:06 AM"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" "" "11/2/2006 6:53 AM"
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll" "2/26/2009 10:00 AM"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" "" "11/2/2006 6:53 AM"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll" "11/7/2012 4:30 AM"
+ "mso-offdap11" "Microsoft Office Web Components 2003" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\11\owc11.dll" "3/24/2009 6:45 PM"
+ "wlmailhtml" "Microsoft Internet Messaging API Resources" "Microsoft Corporation" "c:\program files\windows live\mail\mailcomm.dll" "10/23/2007 1:00 PM"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "8/11/2008 3:00 PM"
+ "Advanced SystemCare" "ASCExtMenu Module" "IObit" "c:\program files\iobit\advanced systemcare 7\ascextmenu.dll" "11/25/2013 9:00 PM"
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll" "8/30/2013 1:37 AM"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll" "10/23/2013 3:54 PM"
+ "IObit Malware Fighter" "BlueBirdShellExt Module" "IObit" "c:\program files\iobit\iobit malware fighter\imfshellext.dll" "11/4/2013 8:23 PM"
+ "SmartDefragExtension" "IObit Smart Defrag Extension" "IObit" "c:\windows\system32\iobitsmartdefragextension.dll" "1/8/2014 1:54 AM"
+ "UnLockerMenu" "IObitUnlockerExtension" "IObit" "c:\program files\iobit\iobit uninstaller\uninstallmenuright32.dll" "10/22/2013 12:52 AM"
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers" "" "" "" "11/2/2006 6:53 AM"
+ "Advanced SystemCare" "ASCExtMenu Module" "IObit" "c:\program files\iobit\advanced systemcare 7\ascextmenu.dll" "11/25/2013 9:00 PM"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll" "10/23/2013 3:54 PM"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "11/2/2006 6:53 AM"
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll" "8/30/2013 1:37 AM"
+ "GB3ContextMenu" "Game Booster v3 Context Menu" "" "c:\program files\razer\razer game booster\gbv3contextmenu.dll" "6/14/2012 4:11 AM"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\users\bestbuy\desktop\malwarebytes' anti-malware\mbamext.dll" "2/28/2013 2:39 PM"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "11/2/2006 6:53 AM"
+ "Advanced SystemCare" "ASCExtMenu Module" "IObit" "c:\program files\iobit\advanced systemcare 7\ascextmenu.dll" "11/25/2013 9:00 PM"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll" "10/23/2013 3:54 PM"
+ "IObit Malware Fighter" "BlueBirdShellExt Module" "IObit" "c:\program files\iobit\iobit malware fighter\imfshellext.dll" "11/4/2013 8:23 PM"
+ "UnLockerMenu" "IObitUnlockerExtension" "IObit" "c:\program files\iobit\iobit uninstaller\uninstallmenuright32.dll" "10/22/2013 12:52 AM"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "11/2/2006 6:53 AM"
+ "ACE" "ACE Context Menu" "" "c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll" "3/2/2007 10:44 AM"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "10/7/2010 9:07 PM"
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll" "5/11/2007 12:54 AM"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "10/7/2010 9:07 PM"
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll" "8/30/2013 1:37 AM"
+ "IObit Malware Fighter" "BlueBirdShellExt Module" "IObit" "c:\program files\iobit\iobit malware fighter\imfshellext.dll" "11/4/2013 8:23 PM"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\users\bestbuy\desktop\malwarebytes' anti-malware\mbamext.dll" "2/28/2013 2:39 PM"
+ "SmartDefragExtension" "IObit Smart Defrag Extension" "IObit" "c:\windows\system32\iobitsmartdefragextension.dll" "1/8/2014 1:54 AM"
+ "UnLockerMenu" "IObitUnlockerExtension" "IObit" "c:\program files\iobit\iobit uninstaller\uninstallmenuright32.dll" "10/22/2013 12:52 AM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "2/27/2014 12:10 PM"
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll" "8/30/2013 1:37 AM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "2/27/2014 12:10 PM"
+ "Adobe PDF Reader Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll" "10/23/2006 1:08 AM"
+ "Advanced SystemCare Browser Protection" "Advanced SystemCare 7  ASCPlugin_Protection" "IObit" "c:\program files\iobit\surfing protection\browerprotect\ascplugin_protection.dll" "11/13/2013 7:36 PM"
+ "avast! Online Security" "IE Webrep plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie.dll" "8/30/2013 1:44 AM"
+ "ExplorerWnd Helper" "Uninstall for explorer" "IObit" "c:\program files\iobit\iobit uninstaller\uninstallexplorer32.dll" "10/22/2013 3:26 AM"
+ "IObit Apps Toolbar" "Widgi Toolbar for Internet Explorer" "Spigot, Inc." "c:\program files\iobit apps toolbar\ie\7.2\iobitappstoolbarie.dll" "6/7/2013 8:12 AM"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre1.6.0_07\bin\ssv.dll" "6/10/2008 4:32 AM"
+ "RealNetworks Download and Record Plugin for Internet Explorer" "RealPlayer Download and Record Plugin" "RealDownloader" "c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll" "8/14/2013 4:21 PM"
"HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" "" "" "" "9/1/2013 12:21 AM"
+ "IObit Apps Toolbar" "Widgi Toolbar for Internet Explorer" "Spigot, Inc." "c:\program files\iobit apps toolbar\ie\7.2\iobitappstoolbarie.dll" "6/7/2013 8:12 AM"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" "" "2/26/2014 12:12 PM"
+ "avast! Online Security" "IE Webrep plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie.dll" "8/30/2013 1:44 AM"
+ "IObit Apps Toolbar" "Widgi Toolbar for Internet Explorer" "Spigot, Inc." "c:\program files\iobit apps toolbar\ie\7.2\iobitappstoolbarie.dll" "6/7/2013 8:12 AM"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" "" "2/26/2014 12:12 PM"
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office12\onbttnie.dll" "7/20/2011 12:13 AM"
+ "Sun Java Console" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre1.6.0_07\bin\ssv.dll" "6/10/2008 4:32 AM"
"HKLM\System\CurrentControlSet\Services" "" "" "" "2/25/2014 5:38 PM"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe" "2/28/2013 8:40 PM"
+ "AdvancedSystemCareService7" "Advanced SystemCare Service" "IObit" "c:\program files\iobit\advanced systemcare 7\ascservice.exe" "12/5/2013 11:49 PM"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe" "5/17/2012 9:06 PM"
+ "Application Updater" "Automatically downloads and installs application updates." "Spigot, Inc." "c:\program files\application updater\applicationupdater.exe" "6/7/2013 8:10 AM"
+ "Ati External Event Utility" "ATI External Event Utility EXE Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.exe" "9/29/2008 1:49 PM"
+ "avast! Antivirus" "Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler." "AVAST Software" "c:\program files\avast software\avast\avastsvc.exe" "8/30/2013 1:37 AM"
+ "BcmSqlStartupSvc" "Controls the start of the Business Contact Manager SQL Server instance (MSSMLBIZ)." "Microsoft Corporation" "c:\program files\microsoft small business\business contact manager\bcmsqlstartupsvc.exe" "1/11/2008 6:30 PM"
+ "CLTNetCnService" "Symantec Lic NetConnect Service" "" "File not found: c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" ""
+ "eNet Service" "Acer eNet Management Service" "Acer Inc." "c:\acer\empowering technology\enet\enet service.exe" "6/13/2007 2:54 AM"
+ "eRecoveryService" "Acer eRecovery Management" "Acer Inc." "c:\acer\empowering technology\erecovery\erecoveryservice.exe" "7/3/2007 11:40 AM"
+ "eSettingsService" "Acer eSettings Management Service" "" "c:\acer\empowering technology\esettings\service\capuserv.exe" "6/28/2007 4:50 AM"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe" "2/15/2012 8:43 PM"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe" "2/15/2012 8:43 PM"
+ "IMFservice" "IObit Malware Fighter Service" "IObit" "c:\program files\iobit\iobit malware fighter\imfsrv.exe" "11/11/2013 2:24 AM"
+ "LightScribeService" "Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work." "Hewlett-Packard Company" "c:\program files\common files\lightscribe\lssrvc.exe" "1/17/2007 1:08 PM"
+ "LiveUpdateSvc" "LiveUpdate" "IObit" "c:\program files\iobit\liveupdate\liveupdate.exe" "12/1/2013 8:54 PM"
+ "MobilityService" "" "" "c:\acer\mobility center\mobilityservice.exe" "11/23/2006 10:57 PM"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe" "10/23/2013 3:53 PM"
+ "MSSQL$MSSMLBIZ" "Provides storage, processing and controlled access of data and rapid transaction processing." "Microsoft Corporation" "c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe" "12/10/2010 4:23 PM"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe" "10/23/2013 3:53 PM"
+ "o2flash" "O2 Flash Memory Service" "O2Micro International" "c:\program files\o2micro oz128 driver\o2flash.exe" "10/19/2006 12:41 AM"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe" "7/19/2011 11:12 PM"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe" "10/26/2006 3:00 PM"
+ "PDAgent" "This service controls PerfectDisk's scheduling and remote communication." "Raxco Software, Inc." "c:\program files\raxco\perfectdisk\pdagent.exe" "11/6/2007 7:13 AM"
+ "PDEngine" "PerfectDisk's defrag engine" "Raxco Software, Inc." "c:\program files\raxco\perfectdisk\pdengine.exe" "11/6/2007 7:09 AM"
+ "RapportMgmtService" "Trusteer Endpoint Protection Central Management and Monitoring Service" "Trusteer Ltd." "c:\program files\trusteer\rapport\bin\rapportmgmtservice.exe" "2/10/2014 3:10 AM"
+ "RealNetworks Downloader Resolver Service" "Manage different Downloader versions in RealNetworks' products." "" "c:\program files\realnetworks\realdownloader\rndlresolversvc.exe" "8/14/2013 4:19 PM"
+ "RichVideo" "RichVideo Module" "" "c:\program files\cyberlink\shared files\richvideo.exe" "2/6/2007 9:29 PM"
+ "SQLBrowser" "Provides SQL Server connection information to client computers." "Microsoft Corporation" "c:\program files\microsoft sql server\90\shared\sqlbrowser.exe" "12/10/2010 1:40 PM"
+ "SQLWriter" "Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure." "Microsoft Corporation" "c:\program files\microsoft sql server\90\shared\sqlwriter.exe" "12/10/2010 1:39 PM"
+ "stllssvr" "SureThing Labelflash Disc Printer Service Module" "MicroVision Development, Inc." "c:\program files\common files\surething shared\stllssvr.exe" "11/26/2007 3:51 PM"
+ "WinDefend" "Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions." "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll" "1/19/2008 1:26 AM"
+ "WLSetupSvc" "Windows Live Setup Service" "Microsoft Corporation" "c:\program files\windows live\installer\wlsetupsvc.exe" "10/25/2007 4:27 PM"
+ "WMIService" "Acer ePower Management Service" "acer" "c:\acer\empowering technology\epower\epowersvc.exe" "6/12/2007 9:23 PM"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe" "1/19/2008 12:06 AM"
+ "XAudioService" "User-mode gate for Modem Speakerphone" "Conexant Systems, Inc." "c:\windows\system32\drivers\xaudio.exe" "8/4/2006 6:39 PM"
+ "YahooAUService" "Keeps your favorite Yahoo! software up-to-date with the latest features, tools, and enhancements." "Yahoo! Inc." "c:\program files\yahoo!\softwareupdate\yahooauservice.exe" "11/9/2008 2:47 PM"
"HKLM\System\CurrentControlSet\Services" "" "" "" "2/25/2014 5:38 PM"
+ "aswFsBlk" "avast! mini-filter driver (aswFsBlk)" "AVAST Software" "c:\windows\system32\drivers\aswfsblk.sys" "8/30/2013 1:36 AM"
+ "aswKbd" "avast! keyboard filter driver (aswKbd)" "AVAST Software" "c:\windows\system32\drivers\aswkbd.sys" "8/30/2013 1:37 AM"
+ "aswMonFlt" "avast! mini-filter driver (aswMonFlt)" "AVAST Software" "c:\windows\system32\drivers\aswmonflt.sys" "8/30/2013 1:37 AM"
+ "AswRdr" "avast! TDI Redirect driver" "AVAST Software" "c:\windows\system32\drivers\aswrdr.sys" "8/30/2013 1:37 AM"
+ "aswRvrt" "avast! Revert" "" "c:\windows\system32\drivers\aswrvrt.sys" "8/30/2013 1:36 AM"
+ "aswSnx" "avast! virtualization driver (aswSnx)" "AVAST Software" "c:\windows\system32\drivers\aswsnx.sys" "8/30/2013 1:38 AM"
+ "aswSP" "avast! Self Protection" "AVAST Software" "c:\windows\system32\drivers\aswsp.sys" "8/30/2013 1:37 AM"
+ "aswTdi" "avast! Network Shield TDI driver" "AVAST Software" "c:\windows\system32\drivers\aswtdi.sys" "8/30/2013 1:37 AM"
+ "aswVmm" "avast! VM Monitor" "" "c:\windows\system32\drivers\aswvmm.sys" "8/30/2013 1:36 AM"
+ "athr" "Atheros Extensible Wireless LAN device driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\athr.sys" "10/2/2006 4:45 PM"
+ "atikmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys" "9/29/2008 2:08 PM"
+ "bcm" "Beceem Communications Inc. WiMAX driver" "Beceem communications pvt ltd." "c:\windows\system32\drivers\drxvi314.sys" "10/17/2011 1:35 AM"
+ "BCM43XV" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl6.sys" "12/19/2006 1:55 PM"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl6.sys" "12/19/2006 1:55 PM"
+ "bcmbusctr" "Beceem Communications Inc. WiMAX driver" "Beceem communications pvt ltd." "c:\windows\system32\drivers\bcmbusctr.sys" "10/17/2011 1:33 AM"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys" "8/6/2006 3:33 PM"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys" "8/6/2006 3:33 PM"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys" "8/9/2006 6:02 AM"
+ "DefragFS" "Defragmentation Support Driver" "Raxco Software, Inc." "c:\windows\system32\drivers\defragfs.sys" "10/3/2007 11:01 AM"
+ "DKbFltr" "Dritek PS2 Keyboard Filter Driver" "Dritek System Inc." "c:\windows\system32\drivers\dkbfltr.sys" "10/19/2006 2:24 AM"
+ "E1G60" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1g60i32.sys" "8/3/2006 3:30 PM"
+ "FileMonitor" "File Filter driver of IMF" "IObit" "c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\filemonitor.sys" "2/28/2013 8:50 PM"
+ "HSF_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsx_dpv.sys" "11/8/2006 5:55 PM"
+ "HSFHWAZL" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstazl3.sys" "6/20/2006 11:39 AM"
+ "HSXHWAZL" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsxhwazl.sys" "11/8/2006 5:53 PM"
+ "ialm" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd32.sys" "10/17/2006 2:15 PM"
+ "int15" "Acer int15 service" "" "c:\acer\empowering technology\erecovery\int15.sys" "9/30/2003 11:29 PM"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhda.sys" "8/22/2007 4:44 AM"
+ "IpInIp" "IP in IP Tunnel Driver" "" "File not found: system32\DRIVERS\ipinip.sys" ""
+ "mdmxsdk" "Diagnostic Interface x86 Driver" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys" "6/19/2006 3:26 PM"
+ "NSCIRDA" "NSC Fast Infrared Driver." "National Semiconductor Corporation" "c:\windows\system32\drivers\nscirda.sys" "1/18/2008 11:55 PM"
+ "NTIDrvr" "NTI CD-ROM Filter Driver" "NewTech Infosystems, Inc." "c:\windows\system32\drivers\ntidrvr.sys" "12/21/2004 2:33 PM"
+ "NwlnkFlt" "IPX Traffic Filter Driver" "" "File not found: system32\DRIVERS\nwlnkflt.sys" ""
+ "NwlnkFwd" "IPX Traffic Forwarder Driver" "" "File not found: system32\DRIVERS\nwlnkfwd.sys" ""
+ "O2MDRDR" "o2media" "O2Micro " "c:\windows\system32\drivers\o2media.sys" "4/2/2007 8:04 PM"
+ "O2SDRDR" "O2Micro SD Reader Driver" "O2Micro " "c:\windows\system32\drivers\o2sd.sys" "4/2/2007 2:11 AM"
+ "PCTINDIS5" "" "" "File not found: C:\Windows\System32\Drivers\PCTINDIS5.sys" ""
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys" "10/17/2007 12:24 PM"
+ "RapportCerberus_59849" "" "" "c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\rapportcerberus32_59849.sys" "9/21/2013 3:41 PM"
+ "RapportEI" "RapportEI" "Trusteer Ltd." "c:\program files\trusteer\rapport\bin\rapportei.sys" "2/10/2014 3:31 AM"
+ "RapportKELL" "RapportKE" "Trusteer Ltd." "c:\windows\system32\drivers\rapportkell.sys" "2/10/2014 3:31 AM"
+ "RapportPG" "RapportPG" "Trusteer Ltd." "c:\program files\trusteer\rapport\bin\rapportpg.sys" "2/10/2014 3:31 AM"
+ "RegFilter" "Registry Filter" "IObit.com" "c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\regfilter.sys" "11/18/2013 10:39 PM"
+ "RTL8169" "Realtek 8101/8168/8169 NDIS6 32-bit Driver" "Realtek Corporation" "c:\windows\system32\drivers\rtlh86.sys" "9/26/2006 5:20 AM"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys" "9/13/2006 7:18 AM"
+ "SmartDefragDriver" "File driver of SmartDefrag" "IObit" "c:\windows\system32\drivers\smartdefragdriver.sys" "12/23/2013 4:05 AM"
+ "SNP2UVC" "USB2.0 PC Camera driver" "" "c:\windows\system32\drivers\snp2uvc.sys" "6/11/2007 8:38 PM"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics, Inc." "c:\windows\system32\drivers\syntp.sys" "10/23/2006 11:52 AM"
+ "UrlFilter" "URL Filter" "IObit.com" "c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\urlfilter.sys" "11/18/2013 3:22 AM"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsx_cnxt.sys" "11/8/2006 5:53 PM"
+ "WinRing0_1_2_0" "WinRing0" "OpenLibSys.org" "c:\program files\razer\razer game booster\driver\winring0.sys" "7/26/2008 7:25 AM"
+ "WsAudio_Device(1)" "Wondershare Virtual Audio Device" "Wondershare" "c:\windows\system32\drivers\virtualaudio1.sys" "7/29/2009 8:09 AM"
+ "WsAudio_Device(2)" "Wondershare Virtual Audio Device" "Wondershare" "c:\windows\system32\drivers\virtualaudio2.sys" "7/29/2009 8:09 AM"
+ "WsAudio_Device(3)" "Wondershare Virtual Audio Device" "Wondershare" "c:\windows\system32\drivers\virtualaudio3.sys" "7/29/2009 8:09 AM"
+ "WsAudio_Device(4)" "Wondershare Virtual Audio Device" "Wondershare" "c:\windows\system32\drivers\virtualaudio4.sys" "7/29/2009 8:09 AM"
+ "WsAudio_Device(5)" "Wondershare Virtual Audio Device" "Wondershare" "c:\windows\system32\drivers\virtualaudio5.sys" "7/29/2009 8:09 AM"
+ "XAudio" "Modem Audio Device Driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\xaudio.sys" "8/4/2006 6:39 PM"
+ "yukonwlh" "Miniport Driver for Marvell Yukon Ethernet Controller." "Marvell" "c:\windows\system32\drivers\yk60x86.sys" "12/6/2007 6:25 AM"
+ "{95808DC4-FA4A-4c74-92FE-5B863F82066B}" "FCL Driver" "Cyberlink Corp." "c:\program files\cyberlink\powerdvd\000.fcl" "5/3/2006 8:21 PM"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "2/19/2014 10:41 AM"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm" "1/21/2010 9:05 AM"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll" "5/27/2010 2:08 PM"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "11/2/2006 6:53 AM"
+ "9x8Resize" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/11/2009 12:28 AM"
+ "AC3Filter" "ac3filter" "" "c:\windows\system32\ac3filter.ax" "7/9/2008 2:06 AM"
+ "Allocator Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/11/2009 12:28 AM"
+ "Bitmap" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/11/2009 12:28 AM"
+ "Capture ASF Writer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/11/2009 12:28 AM"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll" "7/18/2008 12:35 PM"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\audiofilter\claud.ax" "4/24/2007 4:22 AM"
+ "CyberLink Audio Digital Transcoder" "CyberLink Audio Digital Transcoder" "CyberLink" "c:\program files\cyberlink\powerdvd\audiofilter\cladt.ax" "7/17/2006 3:01 AM"
+ "CyberLink Audio Effect (PDVD7)" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\powerdvd\audiofilter\claudfx.ax" "3/31/2006 3:36 AM"
+ "CyberLink Audio Spectrum Analyzer (PDVD7)" "CLAudSpa.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\audiofilter\claudspa.ax" "9/24/2004 5:08 AM"
+ "CyberLink Audio Wizard" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\audiofilter\claudwizard.ax" "4/25/2007 4:04 AM"
+ "CyberLink AudioCD Filter (PDVD7)" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\audiofilter\claudiocd.ax" "8/16/2006 8:04 PM"
+ "CyberLink Demux (PDVD7)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\navfilter\cldemuxer.ax" "9/28/2006 4:23 AM"
+ "CyberLink DVD Navigator (PDVD7)" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\navfilter\clnavx.ax" "4/12/2007 1:52 AM"
+ "CyberLink HD/BD Mixer (PDVD7.x)" "CLHBMixer" " " "c:\program files\cyberlink\powerdvd\audiofilter\clhbmixer.ax" "4/2/2007 6:14 AM"
+ "CyberLink Line21 Decoder (PDVD7.x)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\videofilter\clline21.ax" "4/1/2007 9:14 PM"
+ "CyberLink MPEG-4 Splitter (PDVD7)" "CyberLink MPEG-4 Splitter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\navfilter\clm4splt.ax" "8/29/2006 3:02 AM"
+ "Cyberlink SubTitle Importor" "CLSubTitle.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\videofilter\clsubtitle.ax" "4/4/2005 1:48 AM"
+ "CyberLink TimeStretch Filter (PDVD7)" "CLAuTS.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\audiofilter\clauts.ax" "4/24/2006 4:45 AM"
+ "CyberLink Video/SP Decoder (PDVD7)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\videofilter\clvsd.ax" "4/26/2007 6:20 AM"
+ "Frame Eater" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/11/2009 12:28 AM"
+ "Honestech VCD/SVCD Encoder" "honest technology, VCD/SVCD encoder" "honest technology" "c:\windows\system32\htvcdsvcd.ax" "4/25/2002 8:39 PM"
+ "Multiple File Output" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/11/2009 12:28 AM"
+ "muvee HXImage Filter" "HXImage Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\hximagefilter.ax" "7/21/2004 7:19 AM"
+ "muvee Music Analyser" "Music Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mvmanalyse.ax" "7/21/2004 7:17 AM"
+ "muvee Video Analyser" "Video Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mvvanalyse.ax" "7/21/2004 7:18 AM"
+ "Proxy Sink" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/11/2009 12:28 AM"
+ "Proxy Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/11/2009 12:28 AM"
+ "RealPlayer Audio Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll" "8/14/2013 6:14 PM"
+ "RealPlayer Mp3 Transform Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll" "8/14/2013 6:14 PM"
+ "RealPlayer MPEG4 Transform Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll" "8/14/2013 6:14 PM"
+ "RealPlayer Transcode Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll" "8/14/2013 6:14 PM"
+ "RealPlayer Video Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll" "8/14/2013 6:14 PM"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll" "7/18/2008 12:35 PM"
+ "Record Queue" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/11/2009 12:28 AM"
+ "ShotDetect" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/11/2009 12:28 AM"
+ "Stetch" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/11/2009 12:28 AM"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll" "7/18/2008 12:35 PM"
+ "WM VIH2 Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/11/2009 12:28 AM"
+ "WMT Audio Analyzer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/11/2009 12:28 AM"
+ "WMT Black Frame Generator" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/11/2009 12:28 AM"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll" "7/18/2008 12:35 PM"
+ "WMT DV Extract Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/11/2009 12:28 AM"
+ "WMT FormatConversion" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/11/2009 12:28 AM"
+ "WMT Import Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/11/2009 12:28 AM"
+ "WMT Interlacer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/11/2009 12:28 AM"
+ "WMT Log Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/11/2009 12:28 AM"
+ "WMT MuxDeMux Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/11/2009 12:28 AM"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll" "7/18/2008 12:35 PM"
+ "WMT Sample Info Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/11/2009 12:28 AM"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll" "7/18/2008 12:35 PM"
+ "WMT Switch Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/11/2009 12:28 AM"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll" "7/18/2008 12:35 PM"
+ "WMT Virtual Renderer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/11/2009 12:28 AM"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll" "7/18/2008 12:35 PM"
+ "WMT Virtual Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/11/2009 12:28 AM"
+ "WMT Volume" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/11/2009 12:28 AM"
+ "Xvid MPEG-4 Video Decoder" "" "" "c:\windows\system32\xvid.ax" "9/25/2008 9:23 PM"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" "" "7/7/2013 2:51 AM"
+ "mdnsNSP" "" "" "File not found: C:\Program Files\Bonjour\mdnsNSP.dll" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" "" "2/27/2014 9:00 AM"
+ "Canon BJ Language Monitor MP250 series" "IJ Language Monitor" "CANON INC." "c:\windows\system32\cnmlm9w.dll" "4/22/2010 7:30 PM"
"C:\Users\bestbuy\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" "" "11/15/2012 10:13 PM"
+ "Avast! antivirus monitor" "Avast! antivirus sidebar gadget." "AVAST Software" "C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget\Gadget.xml" "9/21/2012 3:29 AM"


#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:00 AM

Posted 27 February 2014 - 03:09 PM

Hi,
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

---------------

 

Clean Boot:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time - Windows 8 swipe the right side and click Search icon
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • In the System Configuration Utility dialog box, click Selective Startup on the General tab
  • Click to clear the Load Startup Items check box
  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart and boot into Normal Mode
  • Attempt to shut down your computer.

 

Were you able to boot into normal mode properly?

 

xXToffeeXx~


Edited by xXToffeeXx, 27 February 2014 - 03:10 PM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 oakminde

oakminde
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 28 February 2014 - 04:05 AM

# AdwCleaner v3.020 - Report created 28/02/2014 at 01:19:58

# Updated 27/02/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : bestbuy - MICHAEL
# Running from : C:\Users\bestbuy\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : Application Updater
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\IObit Apps Toolbar
Folder Deleted : C:\Program Files\VideoPlayerV3
Folder Deleted : C:\Program Files\Common Files\Spigot
Folder Deleted : C:\Users\bestbuy\AppData\Local\Conduit
Folder Deleted : C:\Users\bestbuy\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\bestbuy\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\bestbuy\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\bestbuy\AppData\Roaming\Mozilla\Firefox\Profiles\9zpmikmf.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\bestbuy\AppData\Roaming\Mozilla\Firefox\Profiles\9zpmikmf.default\Extensions\adsremoval@adsremoval.net
Folder Deleted : C:\Users\bestbuy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod
Folder Deleted : C:\Users\bestbuy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Folder Deleted : C:\Users\bestbuy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
File Deleted : C:\END
File Deleted : C:\Users\bestbuy\AppData\Roaming\Mozilla\Firefox\Profiles\9zpmikmf.default\user.js
File Deleted : C:\Users\bestbuy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\bestbuy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [12x3q@3244516.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16533
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\bestbuy\AppData\Roaming\Mozilla\Firefox\Profiles\9zpmikmf.default\prefs.js ]
 
 
-\\ Google Chrome v33.0.1750.117
 
[ File : C:\Users\bestbuy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [6104 octets] - [27/02/2014 18:30:47]
AdwCleaner[S0].txt - [6088 octets] - [28/02/2014 01:19:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6148 octets] ##########


#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:00 AM

Posted 28 February 2014 - 01:50 PM

Hi,

 

Any luck on the clean boot steps?

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 oakminde

oakminde
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 28 February 2014 - 02:41 PM

Sorry, hadn't got to them when I posted that last log.  Was time for me to leave for work.  On the upside, the machine has quit shutting down every time I start it up, so I am now able to operate in normal fashion, rather than in safe mode.  She is still painfully slow, but I haven't tried her out since the adwcleaner ran.  going to the next step now.



#13 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:00 AM

Posted 28 February 2014 - 02:46 PM

Hi,

 

So normal mode is working? That is excellent news, hopefully we can find what is causing the slowness using that step, but otherwise I still have other options.

No worries by the way, I was just wondering if you had tried out the clean boot steps.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#14 oakminde

oakminde
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 28 February 2014 - 02:55 PM

Ok, clean boot accomplished.  Seems to be a little quicker that it was earlier.  Not sure if it is back to normal yet, but it is WAY better than it was 2 days ago.  You are a genius.



#15 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:00 AM

Posted 01 March 2014 - 03:23 PM

Hi,

 

You may want to try some of the steps here: http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/

 

If you need help with any of steps, feel free to ask me.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users