Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Task Manager shows multiple IE windows running in background


  • Please log in to reply
8 replies to this topic

#1 Mtex

Mtex

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 03 January 2015 - 04:10 PM

Hi There,
Unfortunately I don't have lots of background computer knowledge and while running Windows 7 I have issues with the computer being super slow as well as extremely slow and intermittent Internet service. I noticed that when I open Task Manager there are multiple Internet Explorer windows running. I have run Microsoft Security Essentials scans every night and a full scan in Microsoft Safety Scanner and while these do usually find a "severe threat" and remove it the problem has not been solved after over a week of trying.
Any help would be greatly appreciated and I apologize in advance for any extra explaining you may have to do for me.
Thank you,
Melanie

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:18 AM

Posted 03 January 2015 - 07:39 PM

Welcome aboard p22002758.gif

.

Download TDSSKiller and save it to your desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Mtex

Mtex
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 04 January 2015 - 12:56 AM

Hi There,

 

Thank you so much for your help.  It says no threats detected although Task Manager still shows all the IE windows.  

 

Here is the report:

 

23:50:10.0085 0x9ae98  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
23:50:26.0055 0x9ae98  ============================================================
23:50:26.0055 0x9ae98  Current date / time: 2015/01/03 23:50:26.0055
23:50:26.0055 0x9ae98  SystemInfo:
23:50:26.0055 0x9ae98  
23:50:26.0055 0x9ae98  OS Version: 6.1.7601 ServicePack: 1.0
23:50:26.0055 0x9ae98  Product type: Workstation
23:50:26.0055 0x9ae98  ComputerName: MELANIE-PC
23:50:26.0055 0x9ae98  UserName: melanie
23:50:26.0055 0x9ae98  Windows directory: C:\Windows
23:50:26.0055 0x9ae98  System windows directory: C:\Windows
23:50:26.0055 0x9ae98  Running under WOW64
23:50:26.0055 0x9ae98  Processor architecture: Intel x64
23:50:26.0055 0x9ae98  Number of processors: 2
23:50:26.0055 0x9ae98  Page size: 0x1000
23:50:26.0055 0x9ae98  Boot type: Normal boot
23:50:26.0055 0x9ae98  ============================================================
23:50:29.0441 0x9ae98  KLMD registered as C:\Windows\system32\drivers\56654023.sys
23:50:30.0111 0x9ae98  System UUID: {3493DD55-6B37-6A14-1B3C-78C9A910C6A7}
23:50:31.0079 0x9ae98  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:50:31.0874 0x9ae98  Drive \Device\Harddisk1\DR1 - Size: 0x0 ( 0.00 Gb ), SectorSize: 0x200, Cylinders: 0x0, SectorsPerTrack: 0x0, TracksPerCylinder: 0x0, Type 'W'
23:50:31.0874 0x9ae98  ============================================================
23:50:31.0874 0x9ae98  \Device\Harddisk0\DR0:
23:50:31.0874 0x9ae98  MBR partitions:
23:50:31.0874 0x9ae98  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x140249A, BlocksNum 0x1DCF37DB
23:50:31.0874 0x9ae98  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1F0F5C75, BlocksNum 0x2B76124C
23:50:31.0874 0x9ae98  ============================================================
23:50:31.0921 0x9ae98  C: <-> \Device\Harddisk0\DR0\Partition1
23:50:31.0983 0x9ae98  D: <-> \Device\Harddisk0\DR0\Partition2
23:50:32.0030 0x9ae98  ============================================================
23:50:32.0030 0x9ae98  Initialize success
23:50:32.0030 0x9ae98  ============================================================
23:51:04.0525 0x9b960  ============================================================
23:51:04.0525 0x9b960  Scan started
23:51:04.0525 0x9b960  Mode: Manual; 
23:51:04.0525 0x9b960  ============================================================
23:51:04.0525 0x9b960  KSN ping started
23:51:07.0294 0x9b960  KSN ping finished: true
23:51:08.0625 0x9b960  ================ Scan system memory ========================
23:51:08.0625 0x9b960  System memory - ok
23:51:08.0625 0x9b960  ================ Scan services =============================
23:51:08.0828 0x9b960  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:51:08.0843 0x9b960  1394ohci - ok
23:51:08.0906 0x9b960  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:51:08.0921 0x9b960  ACPI - ok
23:51:08.0953 0x9b960  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:51:08.0953 0x9b960  AcpiPmi - ok
23:51:09.0171 0x9b960  [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:51:09.0406 0x9b960  AdobeARMservice - ok
23:51:09.0593 0x9b960  [ 749F94C424524285DCDA84D695ABC12F, E5AD194AF5B8B4FDB3976D3E3F9EF942DECFEC4EBAA9881A8EF7707BB781E4AD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:51:09.0593 0x9b960  AdobeFlashPlayerUpdateSvc - ok
23:51:09.0702 0x9b960  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
23:51:09.0718 0x9b960  adp94xx - ok
23:51:09.0780 0x9b960  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
23:51:09.0780 0x9b960  adpahci - ok
23:51:09.0812 0x9b960  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
23:51:09.0812 0x9b960  adpu320 - ok
23:51:09.0843 0x9b960  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:51:09.0858 0x9b960  AeLookupSvc - ok
23:51:09.0936 0x9b960  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
23:51:09.0999 0x9b960  AFD - ok
23:51:10.0030 0x9b960  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
23:51:10.0077 0x9b960  agp440 - ok
23:51:10.0108 0x9b960  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
23:51:10.0108 0x9b960  ALG - ok
23:51:10.0217 0x9b960  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:51:10.0217 0x9b960  aliide - ok
23:51:10.0233 0x9b960  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
23:51:10.0233 0x9b960  amdide - ok
23:51:10.0280 0x9b960  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
23:51:10.0280 0x9b960  AmdK8 - ok
23:51:10.0311 0x9b960  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
23:51:10.0311 0x9b960  AmdPPM - ok
23:51:10.0358 0x9b960  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:51:10.0358 0x9b960  amdsata - ok
23:51:10.0373 0x9b960  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
23:51:10.0389 0x9b960  amdsbs - ok
23:51:10.0436 0x9b960  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:51:10.0436 0x9b960  amdxata - ok
23:51:10.0482 0x9b960  [ 48CD7E6520D47D62EAB0E6CE3EC30C65, D5E6206081202A005888F6F576DDE37C1EE973D7FD155B6C41C7BFE07DEE61F8 ] Andbus          C:\Windows\system32\DRIVERS\lgandbus64.sys
23:51:10.0482 0x9b960  Andbus - ok
23:51:10.0529 0x9b960  [ 08CBACC00D15DCDBBAAE1A7C8F231C61, E713CA0A7A1DC50408004523FC91149CB99AF443E511D00899244AA7C5D1E0EC ] AndDiag         C:\Windows\system32\DRIVERS\lganddiag64.sys
23:51:10.0545 0x9b960  AndDiag - ok
23:51:10.0560 0x9b960  [ CEA9A4CD6B3A83428CE8501240833668, B382AD9E0D5CBB057D64C505A6E1A1A1C3769C83981C60F4EDF966D7BB13A459 ] AndGps          C:\Windows\system32\DRIVERS\lgandgps64.sys
23:51:10.0560 0x9b960  AndGps - ok
23:51:10.0576 0x9b960  [ E2B5663E547FA5E756B253EFA8EC8286, 78FC406BF15615A6BA9AF9CDC49AC0B8EE7F54628BDB1B1FF8596AB2C65E5925 ] ANDModem        C:\Windows\system32\DRIVERS\lgandmodem64.sys
23:51:10.0576 0x9b960  ANDModem - ok
23:51:10.0638 0x9b960  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
23:51:10.0654 0x9b960  AppID - ok
23:51:10.0701 0x9b960  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:51:10.0701 0x9b960  AppIDSvc - ok
23:51:10.0748 0x9b960  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
23:51:10.0748 0x9b960  Appinfo - ok
23:51:10.0857 0x9b960  [ F518545E5B7623AD49ABE7F8776EFA46, CD39B6EC0D80C6DB857F34D4AC5C31085271B51B8851A56FEFC052B20B7CC40C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:51:10.0857 0x9b960  Apple Mobile Device - ok
23:51:10.0904 0x9b960  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
23:51:10.0904 0x9b960  arc - ok
23:51:10.0935 0x9b960  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:51:10.0935 0x9b960  arcsas - ok
23:51:11.0106 0x9b960  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:51:11.0138 0x9b960  aspnet_state - ok
23:51:11.0200 0x9b960  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:51:11.0200 0x9b960  AsyncMac - ok
23:51:11.0248 0x9b960  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
23:51:11.0248 0x9b960  atapi - ok
23:51:11.0326 0x9b960  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:51:11.0357 0x9b960  AudioEndpointBuilder - ok
23:51:11.0373 0x9b960  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:51:11.0388 0x9b960  AudioSrv - ok
23:51:11.0451 0x9b960  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:51:11.0451 0x9b960  AxInstSV - ok
23:51:11.0482 0x9b960  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
23:51:11.0497 0x9b960  b06bdrv - ok
23:51:11.0544 0x9b960  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:51:11.0544 0x9b960  b57nd60a - ok
23:51:11.0653 0x9b960  [ 44E6E51AEDBF3E0B38A6CD5432649E57, AB7F3EF0F5859B6C759BF1B9704C2F839166905C02300057997836C4B07A2221 ] BCMH43XX        C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
23:51:11.0731 0x9b960  BCMH43XX - ok
23:51:11.0763 0x9b960  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:51:11.0763 0x9b960  BDESVC - ok
23:51:11.0778 0x9b960  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:51:11.0778 0x9b960  Beep - ok
23:51:11.0825 0x9b960  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
23:51:11.0841 0x9b960  BFE - ok
23:51:11.0903 0x9b960  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
23:51:11.0934 0x9b960  BITS - ok
23:51:11.0981 0x9b960  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:51:11.0981 0x9b960  blbdrive - ok
23:51:12.0106 0x9b960  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:51:12.0121 0x9b960  Bonjour Service - ok
23:51:12.0168 0x9b960  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:51:12.0168 0x9b960  bowser - ok
23:51:12.0168 0x9b960  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
23:51:12.0168 0x9b960  BrFiltLo - ok
23:51:12.0215 0x9b960  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
23:51:12.0215 0x9b960  BrFiltUp - ok
23:51:12.0246 0x9b960  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
23:51:12.0262 0x9b960  BridgeMP - ok
23:51:12.0294 0x9b960  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
23:51:12.0310 0x9b960  Browser - ok
23:51:12.0325 0x9b960  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:51:12.0341 0x9b960  Brserid - ok
23:51:12.0403 0x9b960  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:51:12.0403 0x9b960  BrSerWdm - ok
23:51:12.0419 0x9b960  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:51:12.0419 0x9b960  BrUsbMdm - ok
23:51:12.0434 0x9b960  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:51:12.0434 0x9b960  BrUsbSer - ok
23:51:12.0450 0x9b960  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
23:51:12.0450 0x9b960  BTHMODEM - ok
23:51:12.0481 0x9b960  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
23:51:12.0481 0x9b960  bthserv - ok
23:51:12.0590 0x9b960  [ 07F135A94B04E61B1AACBEDF008FC797, 8B8AD28FB9A81EA80473AD2AE03003706E979E540FF193CC485CC5A41266F515 ] bzserv          C:\Program Files (x86)\Backblaze\bzserv.exe
23:51:12.0778 0x9b960  bzserv - ok
23:51:12.0840 0x9b960  catchme - ok
23:51:12.0902 0x9b960  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:51:12.0902 0x9b960  cdfs - ok
23:51:13.0012 0x9b960  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:51:13.0027 0x9b960  cdrom - ok
23:51:13.0121 0x9b960  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
23:51:13.0121 0x9b960  CertPropSvc - ok
23:51:13.0199 0x9b960  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
23:51:13.0214 0x9b960  circlass - ok
23:51:13.0246 0x9b960  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
23:51:13.0261 0x9b960  CLFS - ok
23:51:13.0370 0x9b960  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:51:13.0370 0x9b960  clr_optimization_v2.0.50727_32 - ok
23:51:13.0480 0x9b960  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:51:13.0480 0x9b960  clr_optimization_v2.0.50727_64 - ok
23:51:13.0651 0x9b960  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:51:13.0823 0x9b960  clr_optimization_v4.0.30319_32 - ok
23:51:13.0854 0x9b960  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:51:13.0870 0x9b960  clr_optimization_v4.0.30319_64 - ok
23:51:13.0932 0x9b960  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
23:51:13.0932 0x9b960  CmBatt - ok
23:51:13.0979 0x9b960  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:51:13.0979 0x9b960  cmdide - ok
23:51:14.0026 0x9b960  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
23:51:14.0041 0x9b960  CNG - ok
23:51:14.0057 0x9b960  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
23:51:14.0057 0x9b960  Compbatt - ok
23:51:14.0088 0x9b960  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
23:51:14.0088 0x9b960  CompositeBus - ok
23:51:14.0104 0x9b960  COMSysApp - ok
23:51:14.0104 0x9b960  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
23:51:14.0104 0x9b960  crcdisk - ok
23:51:14.0431 0x9b960  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:51:14.0665 0x9b960  CryptSvc - ok
23:51:14.0743 0x9b960  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:51:14.0759 0x9b960  DcomLaunch - ok
23:51:14.0806 0x9b960  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
23:51:14.0821 0x9b960  defragsvc - ok
23:51:14.0852 0x9b960  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:51:14.0852 0x9b960  DfsC - ok
23:51:14.0884 0x9b960  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:51:14.0884 0x9b960  Dhcp - ok
23:51:14.0899 0x9b960  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
23:51:14.0899 0x9b960  discache - ok
23:51:14.0915 0x9b960  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
23:51:14.0930 0x9b960  Disk - ok
23:51:14.0977 0x9b960  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:51:14.0993 0x9b960  Dnscache - ok
23:51:15.0055 0x9b960  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:51:15.0055 0x9b960  dot3svc - ok
23:51:15.0086 0x9b960  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
23:51:15.0102 0x9b960  DPS - ok
23:51:15.0242 0x9b960  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:51:15.0242 0x9b960  drmkaud - ok
23:51:15.0320 0x9b960  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:51:15.0352 0x9b960  DXGKrnl - ok
23:51:15.0445 0x9b960  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
23:51:15.0445 0x9b960  EapHost - ok
23:51:15.0570 0x9b960  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
23:51:15.0648 0x9b960  ebdrv - ok
23:51:15.0679 0x9b960  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
23:51:15.0679 0x9b960  EFS - ok
23:51:15.0788 0x9b960  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:51:15.0804 0x9b960  ehRecvr - ok
23:51:15.0835 0x9b960  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
23:51:15.0835 0x9b960  ehSched - ok
23:51:15.0882 0x9b960  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
23:51:15.0898 0x9b960  elxstor - ok
23:51:15.0913 0x9b960  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:51:15.0913 0x9b960  ErrDev - ok
23:51:15.0976 0x9b960  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
23:51:15.0991 0x9b960  EventSystem - ok
23:51:16.0007 0x9b960  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
23:51:16.0022 0x9b960  exfat - ok
23:51:16.0038 0x9b960  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:51:16.0038 0x9b960  fastfat - ok
23:51:16.0069 0x9b960  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
23:51:16.0100 0x9b960  Fax - ok
23:51:16.0116 0x9b960  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
23:51:16.0116 0x9b960  fdc - ok
23:51:16.0132 0x9b960  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
23:51:16.0132 0x9b960  fdPHost - ok
23:51:16.0147 0x9b960  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:51:16.0147 0x9b960  FDResPub - ok
23:51:16.0194 0x9b960  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:51:16.0194 0x9b960  FileInfo - ok
23:51:16.0210 0x9b960  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:51:16.0210 0x9b960  Filetrace - ok
23:51:16.0256 0x9b960  [ 227846995AFEEFA70D328BF5334A86A5, B8EF22DE552B44E7DC352742C775BB6B4992B653AF4B66B231A60182CE7A7201 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:51:16.0272 0x9b960  FLEXnet Licensing Service - ok
23:51:16.0303 0x9b960  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
23:51:16.0303 0x9b960  flpydisk - ok
23:51:16.0319 0x9b960  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:51:16.0334 0x9b960  FltMgr - ok
23:51:16.0412 0x9b960  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
23:51:16.0428 0x9b960  FontCache - ok
23:51:16.0506 0x9b960  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:51:16.0506 0x9b960  FontCache3.0.0.0 - ok
23:51:16.0522 0x9b960  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:51:16.0522 0x9b960  FsDepends - ok
23:51:16.0553 0x9b960  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:51:16.0553 0x9b960  Fs_Rec - ok
23:51:16.0615 0x9b960  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:51:16.0615 0x9b960  fvevol - ok
23:51:16.0646 0x9b960  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:51:16.0662 0x9b960  gagp30kx - ok
23:51:16.0693 0x9b960  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:51:16.0693 0x9b960  GEARAspiWDM - ok
23:51:16.0771 0x9b960  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:51:16.0787 0x9b960  gpsvc - ok
23:51:16.0912 0x9b960  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:51:16.0912 0x9b960  gupdate - ok
23:51:16.0912 0x9b960  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:51:16.0912 0x9b960  gupdatem - ok
23:51:16.0958 0x9b960  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:51:16.0958 0x9b960  gusvc - ok
23:51:16.0990 0x9b960  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:51:16.0990 0x9b960  hcw85cir - ok
23:51:17.0083 0x9b960  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:51:17.0099 0x9b960  HdAudAddService - ok
23:51:17.0130 0x9b960  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:51:17.0130 0x9b960  HDAudBus - ok
23:51:17.0161 0x9b960  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
23:51:17.0161 0x9b960  HidBatt - ok
23:51:17.0208 0x9b960  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:51:17.0224 0x9b960  HidBth - ok
23:51:17.0255 0x9b960  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
23:51:17.0270 0x9b960  HidIr - ok
23:51:17.0317 0x9b960  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
23:51:17.0333 0x9b960  hidserv - ok
23:51:17.0426 0x9b960  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:51:17.0489 0x9b960  HidUsb - ok
23:51:17.0536 0x9b960  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:51:17.0536 0x9b960  hkmsvc - ok
23:51:17.0614 0x9b960  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:51:17.0614 0x9b960  HomeGroupListener - ok
23:51:17.0692 0x9b960  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:51:17.0723 0x9b960  HomeGroupProvider - ok
23:51:17.0754 0x9b960  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:51:17.0754 0x9b960  HpSAMD - ok
23:51:17.0816 0x9b960  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:51:17.0832 0x9b960  HTTP - ok
23:51:17.0848 0x9b960  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:51:17.0863 0x9b960  hwpolicy - ok
23:51:17.0926 0x9b960  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:51:17.0926 0x9b960  i8042prt - ok
23:51:18.0035 0x9b960  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:51:18.0035 0x9b960  iaStorV - ok
23:51:18.0222 0x9b960  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:51:18.0253 0x9b960  idsvc - ok
23:51:18.0347 0x9b960  IEEtwCollectorService - ok
23:51:18.0690 0x9b960  [ C6238C6ABD6AC99F5D152DA4E9439A3D, 6FC490B94CEF523C7C099AEA3D36AB75C9896B1D83D4467D237E698A8E0D9E7B ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
23:51:19.0002 0x9b960  igfx - ok
23:51:19.0064 0x9b960  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
23:51:19.0064 0x9b960  iirsp - ok
23:51:19.0142 0x9b960  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
23:51:19.0174 0x9b960  IKEEXT - ok
23:51:19.0205 0x9b960  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:51:19.0205 0x9b960  intelide - ok
23:51:19.0236 0x9b960  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:51:19.0236 0x9b960  intelppm - ok
23:51:19.0283 0x9b960  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:51:19.0298 0x9b960  IPBusEnum - ok
23:51:19.0314 0x9b960  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:51:19.0314 0x9b960  IpFilterDriver - ok
23:51:19.0361 0x9b960  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:51:19.0376 0x9b960  iphlpsvc - ok
23:51:19.0423 0x9b960  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:51:19.0423 0x9b960  IPMIDRV - ok
23:51:19.0454 0x9b960  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:51:19.0454 0x9b960  IPNAT - ok
23:51:19.0548 0x9b960  [ 7E4F8065367AE5BA387262D57B868DF5, 3D09A778748D30AFD37B23603CCC151B028D505FF3CB7763CE393F6CFAED3A9E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:51:19.0579 0x9b960  iPod Service - ok
23:51:19.0595 0x9b960  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:51:19.0595 0x9b960  IRENUM - ok
23:51:19.0610 0x9b960  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:51:19.0610 0x9b960  isapnp - ok
23:51:19.0642 0x9b960  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:51:19.0657 0x9b960  iScsiPrt - ok
23:51:19.0704 0x9b960  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:51:19.0704 0x9b960  kbdclass - ok
23:51:19.0720 0x9b960  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:51:19.0735 0x9b960  kbdhid - ok
23:51:19.0735 0x9b960  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
23:51:19.0751 0x9b960  KeyIso - ok
23:51:19.0782 0x9b960  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:51:19.0798 0x9b960  KSecDD - ok
23:51:19.0844 0x9b960  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:51:19.0844 0x9b960  KSecPkg - ok
23:51:19.0860 0x9b960  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:51:19.0860 0x9b960  ksthunk - ok
23:51:19.0907 0x9b960  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:51:19.0922 0x9b960  KtmRm - ok
23:51:19.0969 0x9b960  [ D0C5D0B072CD69C292719F17B0E2EB49, 539F75F60E3D23AA1CF19B8247604B4924257C901EFD33987BA19491C6DA0311 ] L1c             C:\Windows\system32\DRIVERS\l1c51x64.sys
23:51:19.0985 0x9b960  L1c - ok
23:51:20.0047 0x9b960  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
23:51:20.0047 0x9b960  LanmanServer - ok
23:51:20.0110 0x9b960  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:51:20.0110 0x9b960  LanmanWorkstation - ok
23:51:20.0125 0x9b960  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:51:20.0125 0x9b960  lltdio - ok
23:51:20.0172 0x9b960  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:51:20.0188 0x9b960  lltdsvc - ok
23:51:20.0203 0x9b960  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:51:20.0203 0x9b960  lmhosts - ok
23:51:20.0297 0x9b960  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:51:20.0344 0x9b960  LSI_FC - ok
23:51:20.0359 0x9b960  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
23:51:20.0375 0x9b960  LSI_SAS - ok
23:51:20.0390 0x9b960  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
23:51:20.0390 0x9b960  LSI_SAS2 - ok
23:51:20.0422 0x9b960  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:51:20.0422 0x9b960  LSI_SCSI - ok
23:51:20.0484 0x9b960  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
23:51:20.0484 0x9b960  luafv - ok
23:51:20.0531 0x9b960  [ EF586B959F747E74C76603FF16AE417B, 751AAB31D7B5542C06F1E9145AC2DCB073EAF7FE5FDE100ED404564D21317417 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
23:51:20.0546 0x9b960  LVRS64 - ok
23:51:20.0671 0x9b960  [ EDF73BFA1BD24D74D1D64DC0ED28A7CD, BD8D9D15C83EF1C9467A137764E128D80CFE58A2B728CDB57CB272D426702318 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
23:51:20.0765 0x9b960  LVUVC64 - ok
23:51:20.0812 0x9b960  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:51:20.0812 0x9b960  Mcx2Svc - ok
23:51:20.0905 0x9b960  [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
23:51:20.0921 0x9b960  MDM - ok
23:51:20.0952 0x9b960  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
23:51:20.0952 0x9b960  megasas - ok
23:51:20.0983 0x9b960  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
23:51:20.0999 0x9b960  MegaSR - ok
23:51:21.0030 0x9b960  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
23:51:21.0030 0x9b960  MMCSS - ok
23:51:21.0046 0x9b960  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
23:51:21.0061 0x9b960  Modem - ok
23:51:21.0077 0x9b960  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:51:21.0077 0x9b960  monitor - ok
23:51:21.0108 0x9b960  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:51:21.0108 0x9b960  mouclass - ok
23:51:21.0108 0x9b960  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:51:21.0108 0x9b960  mouhid - ok
23:51:21.0124 0x9b960  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:51:21.0139 0x9b960  mountmgr - ok
23:51:21.0202 0x9b960  [ 6439D1E559D08BD8A1465A8943357053, 0E300508C22D12FBA3BE566B722F574CBE1B4A1A305356B92B8EA8B86267071B ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
23:51:21.0217 0x9b960  MpFilter - ok
23:51:21.0248 0x9b960  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:51:21.0248 0x9b960  mpio - ok
23:51:21.0295 0x9b960  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:51:21.0295 0x9b960  mpsdrv - ok
23:51:21.0358 0x9b960  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:51:21.0373 0x9b960  MpsSvc - ok
23:51:21.0420 0x9b960  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:51:21.0420 0x9b960  MRxDAV - ok
23:51:21.0482 0x9b960  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:51:21.0482 0x9b960  mrxsmb - ok
23:51:21.0529 0x9b960  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:51:21.0545 0x9b960  mrxsmb10 - ok
23:51:21.0560 0x9b960  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:51:21.0560 0x9b960  mrxsmb20 - ok
23:51:21.0607 0x9b960  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:51:21.0607 0x9b960  msahci - ok
23:51:21.0638 0x9b960  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:51:21.0654 0x9b960  msdsm - ok
23:51:21.0716 0x9b960  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
23:51:21.0732 0x9b960  MSDTC - ok
23:51:21.0763 0x9b960  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:51:21.0794 0x9b960  Msfs - ok
23:51:21.0810 0x9b960  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:51:21.0841 0x9b960  mshidkmdf - ok
23:51:21.0872 0x9b960  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:51:21.0888 0x9b960  msisadrv - ok
23:51:21.0950 0x9b960  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:51:21.0982 0x9b960  MSiSCSI - ok
23:51:21.0982 0x9b960  msiserver - ok
23:51:22.0044 0x9b960  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:51:22.0044 0x9b960  MSKSSRV - ok
23:51:22.0184 0x9b960  [ F0D5494D8B177C37E16966262F5D0F68, DD63427DFFD9DD2BEC8336F6AD1BEFE347012331631DC5FEC65E83B1EACDBC67 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
23:51:22.0184 0x9b960  MsMpSvc - ok
23:51:22.0216 0x9b960  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:51:22.0216 0x9b960  MSPCLOCK - ok
23:51:22.0247 0x9b960  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:51:22.0247 0x9b960  MSPQM - ok
23:51:22.0278 0x9b960  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:51:22.0294 0x9b960  MsRPC - ok
23:51:22.0309 0x9b960  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:51:22.0309 0x9b960  mssmbios - ok
23:51:22.0356 0x9b960  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:51:22.0372 0x9b960  MSTEE - ok
23:51:22.0403 0x9b960  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
23:51:22.0418 0x9b960  MTConfig - ok
23:51:22.0434 0x9b960  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
23:51:22.0434 0x9b960  Mup - ok
23:51:22.0559 0x9b960  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
23:51:22.0590 0x9b960  napagent - ok
23:51:22.0668 0x9b960  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:51:22.0684 0x9b960  NativeWifiP - ok
23:51:22.0746 0x9b960  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:51:22.0762 0x9b960  NDIS - ok
23:51:22.0793 0x9b960  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:51:22.0793 0x9b960  NdisCap - ok
23:51:22.0808 0x9b960  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:51:22.0808 0x9b960  NdisTapi - ok
23:51:22.0824 0x9b960  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:51:22.0824 0x9b960  Ndisuio - ok
23:51:22.0840 0x9b960  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:51:22.0840 0x9b960  NdisWan - ok
23:51:22.0855 0x9b960  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:51:22.0855 0x9b960  NDProxy - ok
23:51:22.0902 0x9b960  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:51:22.0902 0x9b960  NetBIOS - ok
23:51:22.0933 0x9b960  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:51:22.0949 0x9b960  NetBT - ok
23:51:22.0964 0x9b960  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
23:51:22.0964 0x9b960  Netlogon - ok
23:51:23.0011 0x9b960  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
23:51:23.0027 0x9b960  Netman - ok
23:51:23.0074 0x9b960  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:51:23.0089 0x9b960  NetMsmqActivator - ok
23:51:23.0089 0x9b960  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:51:23.0105 0x9b960  NetPipeActivator - ok
23:51:23.0136 0x9b960  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
23:51:23.0152 0x9b960  netprofm - ok
23:51:23.0245 0x9b960  [ 91C1AF448975764538F3B5CF9526CC3C, 10777763F1E97818A0354331A87A0543764675FD510C3BFA767DCEC47F21D023 ] netr28ux        C:\Windows\system32\DRIVERS\netr28ux.sys
23:51:23.0261 0x9b960  netr28ux - ok
23:51:23.0323 0x9b960  [ 44D4BD55191624C82A2745296BA42814, 03F1EECBF8F7AEABBB52E9AD41395B4984983D903ECC6BA499E884B15C034CF9 ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
23:51:23.0339 0x9b960  netr28x - ok
23:51:23.0339 0x9b960  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:51:23.0354 0x9b960  NetTcpActivator - ok
23:51:23.0354 0x9b960  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:51:23.0354 0x9b960  NetTcpPortSharing - ok
23:51:23.0386 0x9b960  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
23:51:23.0386 0x9b960  nfrd960 - ok
23:51:23.0464 0x9b960  [ F9EEFFC65C68A45001D1349E652B8B6F, E5F223129416083A12A85D48C65B2C8D1BF1124110399938E144308C89F9241D ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:51:23.0464 0x9b960  NisDrv - ok
23:51:23.0479 0x9b960  [ 9690F420A99364C1E5C439914B0DE25C, 6C6E0B27C4255001FE5F1EAD911DE1A8BF922C405B0C8031A6BD253CEB1D02A6 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
23:51:23.0495 0x9b960  NisSrv - ok
23:51:23.0510 0x9b960  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:51:23.0510 0x9b960  NlaSvc - ok
23:51:23.0573 0x9b960  [ C31FA031335EFF434B2D94278E74BCCE, F5DFD40C16E4013CBAD0E4FB8EF2B4419702B9C215218F69C4A2DD7C4C4C1E2B ] NPF             C:\Windows\system32\DRIVERS\npf.sys
23:51:23.0573 0x9b960  NPF - ok
23:51:23.0588 0x9b960  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:51:23.0604 0x9b960  Npfs - ok
23:51:23.0635 0x9b960  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
23:51:23.0635 0x9b960  nsi - ok
23:51:23.0651 0x9b960  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:51:23.0651 0x9b960  nsiproxy - ok
23:51:23.0776 0x9b960  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:51:23.0807 0x9b960  Ntfs - ok
23:51:23.0838 0x9b960  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
23:51:23.0838 0x9b960  Null - ok
23:51:23.0885 0x9b960  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:51:23.0900 0x9b960  nvraid - ok
23:51:23.0932 0x9b960  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:51:23.0932 0x9b960  nvstor - ok
23:51:23.0947 0x9b960  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:51:23.0947 0x9b960  nv_agp - ok
23:51:23.0963 0x9b960  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:51:23.0963 0x9b960  ohci1394 - ok
23:51:24.0010 0x9b960  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:51:24.0010 0x9b960  ose - ok
23:51:24.0072 0x9b960  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:51:24.0072 0x9b960  p2pimsvc - ok
23:51:24.0103 0x9b960  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
23:51:24.0119 0x9b960  p2psvc - ok
23:51:24.0166 0x9b960  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
23:51:24.0166 0x9b960  Parport - ok
23:51:24.0212 0x9b960  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:51:24.0228 0x9b960  partmgr - ok
23:51:24.0244 0x9b960  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:51:24.0244 0x9b960  PcaSvc - ok
23:51:24.0259 0x9b960  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
23:51:24.0259 0x9b960  pci - ok
23:51:24.0306 0x9b960  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
23:51:24.0306 0x9b960  pciide - ok
23:51:24.0322 0x9b960  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:51:24.0337 0x9b960  pcmcia - ok
23:51:24.0353 0x9b960  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:51:24.0353 0x9b960  pcw - ok
23:51:24.0384 0x9b960  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:51:24.0400 0x9b960  PEAUTH - ok
23:51:24.0493 0x9b960  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:51:24.0493 0x9b960  PerfHost - ok
23:51:24.0602 0x9b960  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
23:51:24.0634 0x9b960  pla - ok
23:51:24.0712 0x9b960  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:51:24.0727 0x9b960  PlugPlay - ok
23:51:24.0743 0x9b960  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:51:24.0743 0x9b960  PNRPAutoReg - ok
23:51:24.0758 0x9b960  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:51:24.0758 0x9b960  PNRPsvc - ok
23:51:24.0821 0x9b960  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:51:24.0821 0x9b960  PolicyAgent - ok
23:51:24.0868 0x9b960  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
23:51:24.0883 0x9b960  Power - ok
23:51:24.0930 0x9b960  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:51:24.0946 0x9b960  PptpMiniport - ok
23:51:24.0961 0x9b960  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
23:51:24.0961 0x9b960  Processor - ok
23:51:25.0008 0x9b960  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:51:25.0008 0x9b960  ProfSvc - ok
23:51:25.0024 0x9b960  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:51:25.0024 0x9b960  ProtectedStorage - ok
23:51:25.0039 0x9b960  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:51:25.0039 0x9b960  Psched - ok
23:51:25.0117 0x9b960  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:51:25.0148 0x9b960  ql2300 - ok
23:51:25.0180 0x9b960  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:51:25.0180 0x9b960  ql40xx - ok
23:51:25.0242 0x9b960  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
23:51:25.0242 0x9b960  QWAVE - ok
23:51:25.0273 0x9b960  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:51:25.0273 0x9b960  QWAVEdrv - ok
23:51:25.0320 0x9b960  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:51:25.0320 0x9b960  RasAcd - ok
23:51:25.0445 0x9b960  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:51:25.0445 0x9b960  RasAgileVpn - ok
23:51:25.0460 0x9b960  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
23:51:25.0476 0x9b960  RasAuto - ok
23:51:25.0492 0x9b960  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:51:25.0492 0x9b960  Rasl2tp - ok
23:51:25.0507 0x9b960  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
23:51:25.0523 0x9b960  RasMan - ok
23:51:25.0585 0x9b960  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:51:25.0601 0x9b960  RasPppoe - ok
23:51:25.0632 0x9b960  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:51:25.0648 0x9b960  RasSstp - ok
23:51:25.0694 0x9b960  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:51:25.0694 0x9b960  rdbss - ok
23:51:25.0741 0x9b960  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
23:51:25.0741 0x9b960  rdpbus - ok
23:51:25.0757 0x9b960  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:51:25.0757 0x9b960  RDPCDD - ok
23:51:25.0788 0x9b960  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:51:25.0788 0x9b960  RDPENCDD - ok
23:51:25.0835 0x9b960  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:51:25.0835 0x9b960  RDPREFMP - ok
23:51:25.0944 0x9b960  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:51:25.0975 0x9b960  RdpVideoMiniport - ok
23:51:26.0022 0x9b960  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:51:26.0022 0x9b960  RDPWD - ok
23:51:26.0100 0x9b960  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:51:26.0116 0x9b960  rdyboost - ok
23:51:26.0147 0x9b960  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:51:26.0178 0x9b960  RemoteAccess - ok
23:51:26.0272 0x9b960  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:51:26.0287 0x9b960  RemoteRegistry - ok
23:51:26.0303 0x9b960  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:51:26.0318 0x9b960  RpcEptMapper - ok
23:51:26.0350 0x9b960  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
23:51:26.0365 0x9b960  RpcLocator - ok
23:51:26.0474 0x9b960  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
23:51:26.0474 0x9b960  RpcSs - ok
23:51:26.0552 0x9b960  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:51:26.0568 0x9b960  rspndr - ok
23:51:26.0599 0x9b960  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
23:51:26.0599 0x9b960  SamSs - ok
23:51:26.0646 0x9b960  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:51:26.0662 0x9b960  sbp2port - ok
23:51:26.0693 0x9b960  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:51:26.0693 0x9b960  SCardSvr - ok
23:51:26.0724 0x9b960  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:51:26.0771 0x9b960  scfilter - ok
23:51:26.0818 0x9b960  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
23:51:26.0849 0x9b960  Schedule - ok
23:51:26.0958 0x9b960  [ 2A50BE713FAF033420466C25979C028E, 46EAF744B8EB23F5D134D63C4600EE46662FAB28282CD762945DFB448D2463B3 ] SCMNdisP        C:\Windows\system32\DRIVERS\scmndisp.sys
23:51:27.0083 0x9b960  SCMNdisP - ok
23:51:27.0114 0x9b960  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:51:27.0114 0x9b960  SCPolicySvc - ok
23:51:27.0161 0x9b960  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:51:27.0176 0x9b960  SDRSVC - ok
23:51:27.0254 0x9b960  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:51:27.0254 0x9b960  secdrv - ok
23:51:27.0254 0x9b960  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
23:51:27.0270 0x9b960  seclogon - ok
23:51:27.0301 0x9b960  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
23:51:27.0301 0x9b960  SENS - ok
23:51:27.0348 0x9b960  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:51:27.0348 0x9b960  SensrSvc - ok
23:51:27.0379 0x9b960  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:51:27.0379 0x9b960  Serenum - ok
23:51:27.0395 0x9b960  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:51:27.0395 0x9b960  Serial - ok
23:51:27.0426 0x9b960  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
23:51:27.0442 0x9b960  sermouse - ok
23:51:27.0473 0x9b960  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
23:51:27.0473 0x9b960  SessionEnv - ok
23:51:27.0520 0x9b960  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:51:27.0520 0x9b960  sffdisk - ok
23:51:27.0551 0x9b960  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:51:27.0551 0x9b960  sffp_mmc - ok
23:51:27.0566 0x9b960  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:51:27.0566 0x9b960  sffp_sd - ok
23:51:27.0582 0x9b960  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
23:51:27.0582 0x9b960  sfloppy - ok
23:51:27.0660 0x9b960  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:51:27.0660 0x9b960  SharedAccess - ok
23:51:27.0707 0x9b960  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:51:27.0707 0x9b960  ShellHWDetection - ok
23:51:27.0722 0x9b960  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
23:51:27.0722 0x9b960  SiSRaid2 - ok
23:51:27.0738 0x9b960  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:51:27.0754 0x9b960  SiSRaid4 - ok
23:51:27.0832 0x9b960  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
23:51:27.0832 0x9b960  SkypeUpdate - ok
23:51:27.0863 0x9b960  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:51:27.0863 0x9b960  Smb - ok
23:51:27.0910 0x9b960  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:51:27.0910 0x9b960  SNMPTRAP - ok
23:51:27.0972 0x9b960  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:51:27.0972 0x9b960  spldr - ok
23:51:28.0019 0x9b960  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
23:51:28.0034 0x9b960  Spooler - ok
23:51:28.0159 0x9b960  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
23:51:28.0237 0x9b960  sppsvc - ok
23:51:28.0300 0x9b960  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:51:28.0300 0x9b960  sppuinotify - ok
23:51:28.0346 0x9b960  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:51:28.0362 0x9b960  srv - ok
23:51:28.0378 0x9b960  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:51:28.0393 0x9b960  srv2 - ok
23:51:28.0409 0x9b960  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:51:28.0409 0x9b960  srvnet - ok
23:51:28.0424 0x9b960  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:51:28.0440 0x9b960  SSDPSRV - ok
23:51:28.0456 0x9b960  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:51:28.0456 0x9b960  SstpSvc - ok
23:51:28.0487 0x9b960  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
23:51:28.0487 0x9b960  stexstor - ok
23:51:28.0549 0x9b960  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
23:51:28.0565 0x9b960  stisvc - ok
23:51:28.0596 0x9b960  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:51:28.0596 0x9b960  swenum - ok
23:51:28.0674 0x9b960  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
23:51:28.0690 0x9b960  swprv - ok
23:51:28.0752 0x9b960  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
23:51:28.0799 0x9b960  SysMain - ok
23:51:28.0814 0x9b960  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:51:28.0814 0x9b960  TabletInputService - ok
23:51:28.0846 0x9b960  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:51:28.0846 0x9b960  TapiSrv - ok
23:51:28.0877 0x9b960  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
23:51:28.0877 0x9b960  TBS - ok
23:51:29.0002 0x9b960  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:51:29.0048 0x9b960  Tcpip - ok
23:51:29.0111 0x9b960  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:51:29.0142 0x9b960  TCPIP6 - ok
23:51:29.0204 0x9b960  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:51:29.0204 0x9b960  tcpipreg - ok
23:51:29.0251 0x9b960  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:51:29.0251 0x9b960  TDPIPE - ok
23:51:29.0298 0x9b960  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:51:29.0298 0x9b960  TDTCP - ok
23:51:29.0329 0x9b960  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:51:29.0345 0x9b960  tdx - ok
23:51:29.0376 0x9b960  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:51:29.0376 0x9b960  TermDD - ok
23:51:29.0438 0x9b960  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
23:51:29.0454 0x9b960  TermService - ok
23:51:29.0501 0x9b960  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
23:51:29.0501 0x9b960  Themes - ok
23:51:29.0501 0x9b960  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
23:51:29.0501 0x9b960  THREADORDER - ok
23:51:29.0516 0x9b960  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
23:51:29.0532 0x9b960  TrkWks - ok
23:51:29.0610 0x9b960  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:51:29.0610 0x9b960  TrustedInstaller - ok
23:51:29.0657 0x9b960  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:51:29.0657 0x9b960  tssecsrv - ok
23:51:29.0688 0x9b960  [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:51:29.0704 0x9b960  TsUsbFlt - ok
23:51:29.0719 0x9b960  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
23:51:29.0719 0x9b960  TsUsbGD - ok
23:51:29.0782 0x9b960  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:51:29.0782 0x9b960  tunnel - ok
23:51:29.0797 0x9b960  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:51:29.0797 0x9b960  uagp35 - ok
23:51:29.0828 0x9b960  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:51:29.0844 0x9b960  udfs - ok
23:51:29.0875 0x9b960  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:51:29.0875 0x9b960  UI0Detect - ok
23:51:29.0891 0x9b960  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:51:29.0906 0x9b960  uliagpkx - ok
23:51:29.0906 0x9b960  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:51:29.0922 0x9b960  umbus - ok
23:51:29.0922 0x9b960  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
23:51:29.0938 0x9b960  UmPass - ok
23:51:30.0000 0x9b960  [ 8B802B483CBDE06F62DBC04DC7AFAF8E, 92E20096D2953DF8C4812EED2ED1A8AD1AF9CE20740B3ACDA33A1DC5B4D0E00B ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
23:51:30.0016 0x9b960  UMVPFSrv - ok
23:51:30.0031 0x9b960  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
23:51:30.0047 0x9b960  upnphost - ok
23:51:30.0078 0x9b960  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
23:51:30.0078 0x9b960  USBAAPL64 - ok
23:51:30.0125 0x9b960  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
23:51:30.0140 0x9b960  usbaudio - ok
23:51:30.0187 0x9b960  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:51:30.0203 0x9b960  usbccgp - ok
23:51:30.0281 0x9b960  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:51:30.0281 0x9b960  usbcir - ok
23:51:30.0328 0x9b960  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
23:51:30.0328 0x9b960  usbehci - ok
23:51:30.0468 0x9b960  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:51:30.0499 0x9b960  usbhub - ok
23:51:30.0530 0x9b960  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:51:30.0546 0x9b960  usbohci - ok
23:51:30.0593 0x9b960  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:51:30.0624 0x9b960  usbprint - ok
23:51:30.0718 0x9b960  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
23:51:30.0718 0x9b960  usbscan - ok
23:51:30.0764 0x9b960  [ B57B4F0BEC4270A281B9F8537EB2FA04, 554273482EE85F010DC62E412C9933E65BD63AA09911BD25D86F86D2618EF382 ] usbser          C:\Windows\system32\DRIVERS\usbser.sys
23:51:30.0780 0x9b960  usbser - ok
23:51:30.0827 0x9b960  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:51:30.0827 0x9b960  USBSTOR - ok
23:51:30.0874 0x9b960  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
23:51:30.0874 0x9b960  usbuhci - ok
23:51:30.0967 0x9b960  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
23:51:30.0983 0x9b960  UxSms - ok
23:51:30.0998 0x9b960  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
23:51:30.0998 0x9b960  VaultSvc - ok
23:51:31.0061 0x9b960  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:51:31.0076 0x9b960  vdrvroot - ok
23:51:31.0217 0x9b960  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
23:51:31.0232 0x9b960  vds - ok
23:51:31.0310 0x9b960  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:51:31.0326 0x9b960  vga - ok
23:51:31.0357 0x9b960  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:51:31.0373 0x9b960  VgaSave - ok
23:51:31.0404 0x9b960  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:51:31.0435 0x9b960  vhdmp - ok
23:51:31.0591 0x9b960  [ EFACB927EFDD8D6AC26B1ADF0B8FFF84, 127D23D935CB3B93F1ABA7C67105946FE2ED3018425E3185805BC6B191FDE806 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
23:51:31.0622 0x9b960  VIAHdAudAddService - ok
23:51:31.0700 0x9b960  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:51:31.0716 0x9b960  viaide - ok
23:51:31.0778 0x9b960  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:51:31.0794 0x9b960  volmgr - ok
23:51:31.0872 0x9b960  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:51:31.0888 0x9b960  volmgrx - ok
23:51:31.0919 0x9b960  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:51:31.0919 0x9b960  volsnap - ok
23:51:31.0950 0x9b960  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
23:51:31.0950 0x9b960  vsmraid - ok
23:51:32.0402 0x9b960  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
23:51:32.0434 0x9b960  VSS - ok
23:51:32.0465 0x9b960  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
23:51:32.0465 0x9b960  vwifibus - ok
23:51:32.0527 0x9b960  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:51:32.0543 0x9b960  vwififlt - ok
23:51:32.0605 0x9b960  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
23:51:32.0636 0x9b960  W32Time - ok
23:51:32.0668 0x9b960  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
23:51:32.0683 0x9b960  WacomPen - ok
23:51:32.0699 0x9b960  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:51:32.0714 0x9b960  WANARP - ok
23:51:32.0714 0x9b960  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:51:32.0714 0x9b960  Wanarpv6 - ok
23:51:33.0104 0x9b960  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
23:51:33.0136 0x9b960  WatAdminSvc - ok
23:51:33.0260 0x9b960  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
23:51:33.0292 0x9b960  wbengine - ok
23:51:33.0323 0x9b960  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:51:33.0323 0x9b960  WbioSrvc - ok
23:51:33.0354 0x9b960  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:51:33.0370 0x9b960  wcncsvc - ok
23:51:33.0370 0x9b960  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:51:33.0385 0x9b960  WcsPlugInService - ok
23:51:33.0416 0x9b960  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
23:51:33.0416 0x9b960  Wd - ok
23:51:33.0463 0x9b960  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
23:51:33.0463 0x9b960  WDC_SAM - ok
23:51:33.0541 0x9b960  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:51:33.0557 0x9b960  Wdf01000 - ok
23:51:33.0572 0x9b960  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:51:33.0572 0x9b960  WdiServiceHost - ok
23:51:33.0588 0x9b960  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:51:33.0588 0x9b960  WdiSystemHost - ok
23:51:33.0604 0x9b960  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
23:51:33.0619 0x9b960  WebClient - ok
23:51:33.0666 0x9b960  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:51:33.0666 0x9b960  Wecsvc - ok
23:51:33.0697 0x9b960  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:51:33.0728 0x9b960  wercplsupport - ok
23:51:33.0760 0x9b960  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:51:33.0775 0x9b960  WerSvc - ok
23:51:33.0822 0x9b960  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:51:33.0822 0x9b960  WfpLwf - ok
23:51:33.0838 0x9b960  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:51:33.0838 0x9b960  WIMMount - ok
23:51:33.0884 0x9b960  WinDefend - ok
23:51:33.0900 0x9b960  WinHttpAutoProxySvc - ok
23:51:33.0994 0x9b960  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:51:34.0009 0x9b960  Winmgmt - ok
23:51:34.0103 0x9b960  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
23:51:34.0165 0x9b960  WinRM - ok
23:51:34.0228 0x9b960  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
23:51:34.0228 0x9b960  WinUsb - ok
23:51:34.0290 0x9b960  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:51:34.0306 0x9b960  Wlansvc - ok
23:51:34.0446 0x9b960  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:51:34.0508 0x9b960  wlidsvc - ok
23:51:34.0524 0x9b960  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
23:51:34.0524 0x9b960  WmiAcpi - ok
23:51:34.0571 0x9b960  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:51:34.0571 0x9b960  wmiApSrv - ok
23:51:34.0618 0x9b960  WMPNetworkSvc - ok
23:51:34.0649 0x9b960  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:51:34.0664 0x9b960  WPCSvc - ok
23:51:34.0680 0x9b960  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:51:34.0680 0x9b960  WPDBusEnum - ok
23:51:34.0711 0x9b960  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:51:34.0711 0x9b960  ws2ifsl - ok
23:51:34.0727 0x9b960  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
23:51:34.0727 0x9b960  wscsvc - ok
23:51:34.0742 0x9b960  WSearch - ok
23:51:34.0836 0x9b960  [ D161D62AE8D3F3EC1197B012D5E47431, 9D89B5C4B74231F41C039E142E69F4E8060259F1897E7077FE0EE94D58D4A1BA ] WSWNDA3100v2    C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
23:51:35.0382 0x9b960  WSWNDA3100v2 - ok
23:51:35.0569 0x9b960  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:51:35.0632 0x9b960  wuauserv - ok
23:51:35.0678 0x9b960  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:51:35.0694 0x9b960  WudfPf - ok
23:51:35.0772 0x9b960  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:51:35.0788 0x9b960  WUDFRd - ok
23:51:35.0834 0x9b960  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:51:35.0834 0x9b960  wudfsvc - ok
23:51:35.0912 0x9b960  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:51:35.0944 0x9b960  WwanSvc - ok
23:51:36.0006 0x9b960  ================ Scan global ===============================
23:51:36.0037 0x9b960  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
23:51:36.0131 0x9b960  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
23:51:36.0162 0x9b960  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
23:51:36.0209 0x9b960  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
23:51:36.0224 0x9b960  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
23:51:36.0224 0x9b960  [ Global ] - ok
23:51:36.0224 0x9b960  ================ Scan MBR ==================================
23:51:36.0240 0x9b960  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:51:36.0443 0x9b960  \Device\Harddisk0\DR0 - ok
23:51:36.0443 0x9b960  ================ Scan VBR ==================================
23:51:36.0443 0x9b960  [ C0A3E4D0C11C1A39312A16839139E9F7 ] \Device\Harddisk0\DR0\Partition1
23:51:36.0443 0x9b960  \Device\Harddisk0\DR0\Partition1 - ok
23:51:36.0443 0x9b960  [ 037C48FF0F3C30C69041D3ABDB044F8F ] \Device\Harddisk0\DR0\Partition2
23:51:36.0474 0x9b960  \Device\Harddisk0\DR0\Partition2 - ok
23:51:36.0474 0x9b960  ================ Scan generic autorun ======================
23:51:36.0583 0x9b960  [ A6AAD37CDCAE75CB62D039E3A4D8F5E3, 4FF763B0D129175BA1B1E794BA313E6C63F7A89D377C786BF5E730AF2A1D95D1 ] C:\Program Files\Microsoft Security Client\msseces.exe
23:51:36.0614 0x9b960  MSC - ok
23:51:36.0646 0x9b960  [ 87A4570E9D15A2821015B7FB6B821654, BDF5266905DC3F9ED0DBE41798D9907FC9E8D030DD5C28975BBF9BFD8BD9DA71 ] C:\Windows\system32\igfxtray.exe
23:51:36.0646 0x9b960  IgfxTray - ok
23:51:36.0677 0x9b960  [ 842683D8F1A58A76E5A03DA35B4962EE, 7D1B1918D69566694D7D0E82A8A1C7537A5C3A1533DC80F60FE212DD2DBC6099 ] C:\Windows\system32\hkcmd.exe
23:51:36.0677 0x9b960  HotKeysCmds - ok
23:51:36.0708 0x9b960  [ 99F8C1060BFB20D2039716BBF741D6C2, 8C578E288D88697E88AB9BEAE79D33AF23AD6176D830D5916BD2DD42EC6FADC5 ] C:\Windows\system32\igfxpers.exe
23:51:36.0724 0x9b960  Persistence - ok
23:51:36.0786 0x9b960  [ 94A4D6915D4F572309DF6137E1846528, E46BDF83CAA6683AA655DBA3D2C8DC7AC06251E952466A20CFDA3A16B1840455 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
23:51:36.0802 0x9b960  APSDaemon - ok
23:51:36.0895 0x9b960  [ 6E3245DF783E58375B3465F03274743E, E253CE5B347470CC7D2623F2B16D19C3EAC22637BAAF9B18AD50F0FA7BBBA4A1 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
23:51:36.0895 0x9b960  SunJavaUpdateSched - ok
23:51:36.0989 0x9b960  [ 07A37CB5C5A01E73FB69F138FAE2DB0E, 9E8B5D78D7EAB8FA35133763EDA91AFE5CDEE275D604F02CDB56FB00A0D5AA0F ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
23:51:37.0410 0x9b960  Adobe ARM - ok
23:51:37.0488 0x9b960  [ 9ACCBC5891BA51B5B29C1A88F80D4CE3, 4EA3D9CB239874232AE0D7F824AF8CC7AD9BB4657CB9978B41067B4447FBE71B ] C:\Program Files (x86)\QuickTime\QTTask.exe
23:51:37.0504 0x9b960  QuickTime Task - ok
23:51:37.0566 0x9b960  [ B4E6C1B28AF8806008CB654C716ABAFA, A42929D47D6D77D0A4B2BDAB61F11B2D5CAB0DE1AECEF29AE37BBF47E076BDB5 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
23:51:37.0582 0x9b960  iTunesHelper - ok
23:51:37.0644 0x9b960  [ 48C3EBD6D5E52AFCB1A0FA9B7F9802FA, 4F2E27AA8305FFC94F65C65C5FDB8462C92ED02A7B37627404382C3CAB65AC59 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
23:51:37.0644 0x9b960  iCloudServices - ok
23:51:37.0660 0x9b960  [ 799BCC829F48F19C5689478179060435, 495C6E363982F7BE1785A46C12ED4AC99E0AF98F340F1CE3C55D39EBE6FE33AA ] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
23:51:37.0675 0x9b960  ApplePhotoStreams - ok
23:51:37.0753 0x9b960  [ EF781AFBC36024FDB024D67ED8EFB44A, FC91AB3C391695456B5849987E73DCF1CFBD1B31675B25E5B01D3865270A8CFB ] C:\Program Files (x86)\Backblaze\bzbui.exe
23:51:38.0674 0x9b960  Backblaze - ok
23:51:38.0861 0x9b960  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] C:\Users\melanie\AppData\Local\Google\Update\GoogleUpdate.exe
23:51:38.0861 0x9b960  Google Update - ok
23:51:39.0001 0x9b960  [ 48F1D2E3ED4ECCD3A960473E4AAEA56B, AF77D3CBB8B2F39A2864F361B5CF9937216D298F881E1286D05FF3735834349C ] C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
23:51:39.0719 0x9b960  Medialink Utilty - ok
23:51:39.0812 0x9b960  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
23:51:39.0812 0x9b960  swg - ok
23:51:39.0812 0x9b960  otvsnsuk - ok
23:51:39.0859 0x9b960  Dyqyiwziakekdo - ok
23:51:40.0156 0x9b960  [ 5F3587E344F2990B59C941FB405CAA0F, FECEC63F515EF66FAD84FF589E95B931574CA1F6BDFC9D6E016B0604AFF18498 ] C:\Users\melanie\AppData\Local\Google\Chrome\Application\chrome.exe
23:51:40.0171 0x9b960  GoogleChromeAutoLaunch_47D311E3667CDC710B0EB1DFB03F44B5 - ok
23:51:40.0187 0x9b960  Iciltiwyecwuofy - ok
23:51:40.0187 0x9b960  GoogleUpdate - ok
23:51:40.0202 0x9b960  Adobe Speed Launcher - ok
23:51:40.0343 0x9b960  [ 7999235AE6A9F0FE1C007203F03A4618, D552A169E7E5EC43B675120F11E6A1790902C4068FAAFC2DE81DDB5FA50F18E8 ] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_246_ActiveX.exe
23:51:40.0374 0x9b960  FlashPlayerUpdate - ok
23:51:40.0374 0x9b960  Waiting for KSN requests completion. In queue: 61
23:51:41.0388 0x9b960  Waiting for KSN requests completion. In queue: 61
23:51:42.0402 0x9b960  Waiting for KSN requests completion. In queue: 61
23:51:44.0430 0x9b960  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated )
23:51:44.0555 0x9b960  Win FW state via NFP2: enabled
23:51:47.0285 0x9b960  ============================================================
23:51:47.0285 0x9b960  Scan finished
23:51:47.0285 0x9b960  ============================================================
23:51:47.0301 0x9211c  Detected object count: 0
23:51:47.0301 0x9211c  Actual detected object count: 0


#4 Mtex

Mtex
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 05 January 2015 - 09:16 PM

Hi There,
I'm sorry if it isn't proper protocol to reply again but is there something else I should be doing? I have tried the above scan several times with the same result although my original problem still persists.
Thank you again,
Melanie

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:18 AM

Posted 05 January 2015 - 09:27 PM

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points

Click Go and post the result.

p22002970.gif Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.



If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


How to get logs:
(Export log to save as txt)


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.



(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.


p22002970.gifDownload 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"


NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 Mtex

Mtex
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 07 January 2015 - 11:17 PM

Results of screen317's Security Check version 0.99.93 

 Windows 7 Service Pack 1 x64 (UAC is enabled) 

 Internet Explorer 11 

``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled! 

Microsoft Security Essentials  

 Antivirus up to date! 

`````````Anti-malware/Other Utilities Check:`````````

 Java™ 6 Update 29 

 Java version 32-bit out of Date!

 Adobe Reader XI 

 Google Chrome (39.0.2171.71)

 Google Chrome (39.0.2171.95)

 Google Chrome (plugins...)

````````Process Check: objlist.exe by Laurent```````` 

 Microsoft Security Essentials MSMpEng.exe

 Microsoft Security Essentials msseces.exe

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

 

 

Farbar Service Scanner Version: 21-07-2014

Ran by melanie (administrator) on 06-01-2015 at 19:08:55

Running from "C:\Users\melanie\Desktop"

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Attempt to access Google IP returned error. Google IP is unreachable

Attempt to access Google.com returned error: Other errors

Attempt to access Yahoo.com returned error: Other errors

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

 

 

System Restore:

============

 

System Restore Disabled Policy:

========================

 

 

Action Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy:

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

 

 

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

 

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => File is digitally signed

C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

C:\Windows\System32\dhcpcore.dll => File is digitally signed

C:\Windows\System32\drivers\afd.sys => File is digitally signed

C:\Windows\System32\drivers\tdx.sys => File is digitally signed

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

C:\Windows\System32\mpssvc.dll => File is digitally signed

C:\Windows\System32\bfe.dll => File is digitally signed

C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed

C:\Windows\System32\SDRSVC.dll => File is digitally signed

C:\Windows\System32\vssvc.exe => File is digitally signed

C:\Windows\System32\wscsvc.dll => File is digitally signed

C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\System32\wuaueng.dll => File is digitally signed

C:\Windows\System32\qmgr.dll => File is digitally signed

C:\Windows\System32\es.dll => File is digitally signed

C:\Windows\System32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Windows\System32\ipnathlp.dll => File is digitally signed

C:\Windows\System32\iphlpsvc.dll => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

 

 

**** End of log ****

MiniToolBox by Farbar  Version: 30-11-2014

Ran by melanie (administrator) on 06-01-2015 at 19:12:33

Running from "C:\Users\melanie\Downloads"

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

Boot Mode: Normal

***************************************************************************

 

========================= IE Proxy Settings: ==============================

 

Proxy is not enabled.

No Proxy Server is set.

========================= Hosts content: =================================

 

127.0.0.1       localhost

 

========================= IP Configuration: ================================

 

802.11n Wireless LAN Card = Wireless Network Connection (Connected)

NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter = Wireless Network Connection 3 (Connected)

Atheros AR8151 PCI-E Gigabit Ethernet Controller = Local Area Connection (Media disconnected)

 

 

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

 

reset

set global icmpredirects=enabled

 

 

popd

# End of IPv4 configuration

 

 

 

Windows IP Configuration

 

   Host Name . . . . . . . . . . . . : melanie-PC

   Primary Dns Suffix  . . . . . . . :

   Node Type . . . . . . . . . . . . : Broadcast

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

   DNS Suffix Search List. . . . . . : att.net

 

Wireless LAN adapter Wireless Network Connection 3:

 

   Connection-specific DNS Suffix  . : att.net

   Description . . . . . . . . . . . : NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter

   Physical Address. . . . . . . . . : 08-BD-43-92-FD-BC

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Temporary IPv6 Address. . . . . . : 2602:306:ccff:4b0:4d7d:f9af:2792:8517(Deprecated)

   IPv6 Address. . . . . . . . . . . : 2602:306:ccff:4b0:a4d8:bb57:6e9c:a4d(Deprecated)

   Link-local IPv6 Address . . . . . : fe80::a4d8:bb57:6e9c:a4d%14(Preferred)

   IPv4 Address. . . . . . . . . . . : 192.168.1.230(Preferred)

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : Monday, January 05, 2015 8:18:26 PM

   Lease Expires . . . . . . . . . . : Wednesday, January 07, 2015 10:05:32 AM

   Default Gateway . . . . . . . . . : 192.168.1.254

   DHCP Server . . . . . . . . . . . : 192.168.1.254

   DHCPv6 IAID . . . . . . . . . . . : 285785411

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-63-14-BC-1C-6F-65-7D-3D-75

   DNS Servers . . . . . . . . . . . : 192.168.1.254

   NetBIOS over Tcpip. . . . . . . . : Enabled

 

Wireless LAN adapter Wireless Network Connection:

 

   Connection-specific DNS Suffix  . : att.net

   Description . . . . . . . . . . . : 802.11n Wireless LAN Card

   Physical Address. . . . . . . . . : 00-25-D3-14-50-48

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   IPv6 Address. . . . . . . . . . . : 2602:306:ccff:4b0:258f:b0a5:6023:9771(Preferred)

   Temporary IPv6 Address. . . . . . : 2602:306:ccff:4b0:c35:5fe7:a45e:3785(Preferred)

   Link-local IPv6 Address . . . . . : fe80::258f:b0a5:6023:9771%13(Preferred)

   IPv4 Address. . . . . . . . . . . : 192.168.1.239(Preferred)

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : Tuesday, January 06, 2015 6:37:44 PM

   Lease Expires . . . . . . . . . . : Wednesday, January 07, 2015 6:37:43 PM

   Default Gateway . . . . . . . . . : fe80::3a6b:bbff:fe26:c370%13

                                       192.168.1.254

   DHCP Server . . . . . . . . . . . : 192.168.1.254

   DHCPv6 IAID . . . . . . . . . . . : 369108435

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-63-14-BC-1C-6F-65-7D-3D-75

   DNS Servers . . . . . . . . . . . : 192.168.1.254

   NetBIOS over Tcpip. . . . . . . . : Enabled

 

Ethernet adapter Local Area Connection:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : gateway.2wire.net

   Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller

   Physical Address. . . . . . . . . : 1C-6F-65-7D-3D-75

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter isatap.att.net:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : att.net

   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Teredo Tunneling Pseudo-Interface:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter isatap.gateway.2wire.net:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

DNS request timed out.

    timeout was 2 seconds.

Server:  UnKnown

Address:  192.168.1.254

 

DNS request timed out.

    timeout was 2 seconds.

DNS request timed out.

    timeout was 2 seconds.

DNS request timed out.

    timeout was 2 seconds.

DNS request timed out.

    timeout was 2 seconds.

Ping request could not find host google.com. Please check the name and try again.

DNS request timed out.

    timeout was 2 seconds.

Server:  UnKnown

Address:  192.168.1.254

 

DNS request timed out.

    timeout was 2 seconds.

DNS request timed out.

    timeout was 2 seconds.

DNS request timed out.

    timeout was 2 seconds.

DNS request timed out.

    timeout was 2 seconds.

Ping request could not find host yahoo.com. Please check the name and try again.

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

 14...08 bd 43 92 fd bc ......NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter

 13...00 25 d3 14 50 48 ......802.11n Wireless LAN Card

 11...1c 6f 65 7d 3d 75 ......Atheros AR8151 PCI-E Gigabit Ethernet Controller

  1...........................Software Loopback Interface 1

 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2

 19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3

===========================================================================

 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.230     25

          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.239     40

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306

      192.168.1.0    255.255.255.0         On-link     192.168.1.230    281

      192.168.1.0    255.255.255.0         On-link     192.168.1.239    296

    192.168.1.230  255.255.255.255         On-link     192.168.1.230    281

    192.168.1.239  255.255.255.255         On-link     192.168.1.239    296

    192.168.1.255  255.255.255.255         On-link     192.168.1.230    281

    192.168.1.255  255.255.255.255         On-link     192.168.1.239    296

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306

        224.0.0.0        240.0.0.0         On-link     192.168.1.239    296

        224.0.0.0        240.0.0.0         On-link     192.168.1.230    281

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306

  255.255.255.255  255.255.255.255         On-link     192.168.1.239    296

  255.255.255.255  255.255.255.255         On-link     192.168.1.230    281

===========================================================================

Persistent Routes:

  None

 

IPv6 Route Table

===========================================================================

Active Routes:

 If Metric Network Destination      Gateway

 13    296 ::/0                     fe80::3a6b:bbff:fe26:c370

  1    306 ::1/128                  On-link

 14     33 2602:306:ccff:4b0::/64   On-link

 13     48 2602:306:ccff:4b0::/64   On-link

 13    296 2602:306:ccff:4b0:c35:5fe7:a45e:3785/128

                                    On-link

 13    296 2602:306:ccff:4b0:258f:b0a5:6023:9771/128

                                    On-link

 14    281 2602:306:ccff:4b0:4d7d:f9af:2792:8517/128

                                    On-link

 14    281 2602:306:ccff:4b0:a4d8:bb57:6e9c:a4d/128

                                    On-link

 13    296 fe80::/64                On-link

 14    281 fe80::/64                On-link

 13    296 fe80::258f:b0a5:6023:9771/128

                                    On-link

 14    281 fe80::a4d8:bb57:6e9c:a4d/128

                                    On-link

  1    306 ff00::/8                 On-link

 13    296 ff00::/8                 On-link

 14    281 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

========================= Winsock entries =====================================

 

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)

Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)

Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)

Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)

Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)

x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)

x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)

x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (01/05/2015 04:35:00 PM) (Source: Application Error) (User: )

Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1

Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c92c

Exception code: 0xc0000005

Fault offset: 0x0000000000171ff2

Faulting process id: 0x97998

Faulting application start time: 0xsvchost.exe0

Faulting application path: svchost.exe1

Faulting module path: svchost.exe2

Report Id: svchost.exe3

 

Error: (01/05/2015 00:21:50 PM) (Source: Application Error) (User: )

Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x0000000000010f00

Faulting process id: 0x806a0

Faulting application start time: 0xsvchost.exe0

Faulting application path: svchost.exe1

Faulting module path: svchost.exe2

Report Id: svchost.exe3

 

Error: (01/04/2015 09:37:28 PM) (Source: Application Error) (User: )

Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1

Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c92c

Exception code: 0xc0000005

Fault offset: 0x0000000000171ff2

Faulting process id: 0x84c2c

Faulting application start time: 0xsvchost.exe0

Faulting application path: svchost.exe1

Faulting module path: svchost.exe2

Report Id: svchost.exe3

 

Error: (01/03/2015 02:05:41 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

 

Details:

AddLegacyDriverFiles: Unable to back up image of binary MpKsla1ca6fc2.

 

System Error:

The system cannot find the file specified.

.

 

Error: (01/03/2015 06:53:46 AM) (Source: Microsoft-Windows-Defrag) (User: )

Description: The volume My Passport (F:) was not defragmented because an error was encountered: The system cannot find the file specified. (0x80070002)

 

Error: (01/03/2015 05:26:54 AM) (Source: Application Error) (User: )

Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1

Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f

Exception code: 0xc0000005

Fault offset: 0x0000000000001281

Faulting process id: 0x177d0

Faulting application start time: 0xsvchost.exe0

Faulting application path: svchost.exe1

Faulting module path: svchost.exe2

Report Id: svchost.exe3

 

Error: (01/03/2015 02:20:15 AM) (Source: Application Error) (User: )

Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1

Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c92c

Exception code: 0xc0000005

Fault offset: 0x000000000000dd5e

Faulting process id: 0x2c4c8

Faulting application start time: 0xsvchost.exe0

Faulting application path: svchost.exe1

Faulting module path: svchost.exe2

Report Id: svchost.exe3

 

Error: (01/03/2015 00:06:26 AM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

 

Details:

AddLegacyDriverFiles: Unable to back up image of binary MpKsla1ca6fc2.

 

System Error:

The system cannot find the file specified.

.

 

Error: (01/02/2015 00:41:24 AM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

 

Details:

AddLegacyDriverFiles: Unable to back up image of binary MpKsla1ca6fc2.

 

System Error:

The system cannot find the file specified.

.

 

Error: (01/01/2015 00:00:35 AM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

 

Details:

AddLegacyDriverFiles: Unable to back up image of binary MpKsla1ca6fc2.

 

System Error:

The system cannot find the file specified.

.

 

 

System errors:

=============

Error: (01/06/2015 02:20:12 PM) (Source: Microsoft Antimalware) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

            New Signature Version:

 

            Previous Signature Version: 1.191.1591.0

 

            Update Source: %NT AUTHORITY59

 

            Update Stage: 4.6.0305.00

 

            Source Path: 4.6.0305.01

 

            Signature Type: %NT AUTHORITY602

 

            Update Type: %NT AUTHORITY604

 

            User: NT AUTHORITY\SYSTEM

 

            Current Engine Version: %NT AUTHORITY605

 

            Previous Engine Version: %NT AUTHORITY606

 

            Error code: %NT AUTHORITY607

 

            Error description: %NT AUTHORITY608

 

Error: (01/05/2015 02:15:48 PM) (Source: Microsoft Antimalware) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

            New Signature Version:

 

            Previous Signature Version: 1.191.1492.0

 

            Update Source: %NT AUTHORITY59

 

            Update Stage: 4.6.0305.00

 

            Source Path: 4.6.0305.01

 

            Signature Type: %NT AUTHORITY602

 

            Update Type: %NT AUTHORITY604

 

            User: NT AUTHORITY\SYSTEM

 

            Current Engine Version: %NT AUTHORITY605

 

            Previous Engine Version: %NT AUTHORITY606

 

            Error code: %NT AUTHORITY607

 

            Error description: %NT AUTHORITY608

 

Error: (01/05/2015 03:01:20 AM) (Source: Microsoft Antimalware) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

            New Signature Version:

 

            Previous Signature Version: 1.191.1492.0

 

            Update Source: %NT AUTHORITY59

 

            Update Stage: 4.6.0305.00

 

            Source Path: 4.6.0305.01

 

            Signature Type: %NT AUTHORITY602

 

            Update Type: %NT AUTHORITY604

 

            User: NT AUTHORITY\SYSTEM

 

            Current Engine Version: %NT AUTHORITY605

 

            Previous Engine Version: %NT AUTHORITY606

 

            Error code: %NT AUTHORITY607

 

            Error description: %NT AUTHORITY608

 

Error: (01/04/2015 04:26:07 AM) (Source: Schannel) (User: NT AUTHORITY)

Description: The following fatal alert was received: 20.

 

Error: (01/04/2015 04:26:06 AM) (Source: Schannel) (User: NT AUTHORITY)

Description: The following fatal alert was received: 20.

 

Error: (01/03/2015 03:04:34 PM) (Source: volsnap) (User: )

Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

 

Error: (01/03/2015 03:01:28 AM) (Source: Microsoft Antimalware) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

            New Signature Version:

 

            Previous Signature Version: 1.191.1326.0

 

            Update Source: %NT AUTHORITY59

 

            Update Stage: 4.6.0305.00

 

            Source Path: 4.6.0305.01

 

            Signature Type: %NT AUTHORITY602

 

            Update Type: %NT AUTHORITY604

 

            User: NT AUTHORITY\SYSTEM

 

            Current Engine Version: %NT AUTHORITY605

 

            Previous Engine Version: %NT AUTHORITY606

 

            Error code: %NT AUTHORITY607

 

            Error description: %NT AUTHORITY608

 

Error: (01/03/2015 00:41:14 AM) (Source: volsnap) (User: )

Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

 

Error: (01/02/2015 02:06:55 PM) (Source: Microsoft Antimalware) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

            New Signature Version:

 

            Previous Signature Version: 1.191.1326.0

 

            Update Source: %NT AUTHORITY59

 

            Update Stage: 4.6.0305.00

 

            Source Path: 4.6.0305.01

 

            Signature Type: %NT AUTHORITY602

 

            Update Type: %NT AUTHORITY604

 

            User: NT AUTHORITY\SYSTEM

 

            Current Engine Version: %NT AUTHORITY605

 

            Previous Engine Version: %NT AUTHORITY606

 

            Error code: %NT AUTHORITY607

 

            Error description: %NT AUTHORITY608

 

Error: (01/02/2015 02:58:40 AM) (Source: Microsoft Antimalware) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

            New Signature Version:

 

            Previous Signature Version: 1.191.1326.0

 

            Update Source: %NT AUTHORITY59

 

            Update Stage: 4.6.0305.00

 

            Source Path: 4.6.0305.01

 

            Signature Type: %NT AUTHORITY602

 

            Update Type: %NT AUTHORITY604

 

            User: NT AUTHORITY\SYSTEM

 

            Current Engine Version: %NT AUTHORITY605

 

            Previous Engine Version: %NT AUTHORITY606

 

            Error code: %NT AUTHORITY607

 

            Error description: %NT AUTHORITY608

 

 

Microsoft Office Sessions:

=========================

Error: (01/05/2015 04:35:00 PM) (Source: Application Error)(User: )

Description: svchost.exe6.1.7600.163854a5bc3c1ole32.dll6.1.7601.175144ce7c92cc00000050000000000171ff29799801d02914f024e568C:\Windows\system32\svchost.exeC:\Windows\system32\ole32.dll11a8b163-952b-11e4-81af-1c6f657d3d75

 

Error: (01/05/2015 00:21:50 PM) (Source: Application Error)(User: )

Description: svchost.exe6.1.7600.163854a5bc3c1unknown0.0.0.000000000c00000050000000000010f00806a001d02899051408d0C:\Windows\system32\svchost.exeunknownb6ee8fde-9507-11e4-81af-1c6f657d3d75

 

Error: (01/04/2015 09:37:28 PM) (Source: Application Error)(User: )

Description: svchost.exe6.1.7600.163854a5bc3c1ole32.dll6.1.7601.175144ce7c92cc00000050000000000171ff284c2c01d02749588dbc1fC:\Windows\system32\svchost.exeC:\Windows\system32\ole32.dll2b74b456-948c-11e4-81af-1c6f657d3d75

 

Error: (01/03/2015 02:05:41 PM) (Source: Microsoft-Windows-CAPI2)(User: )

Description:

Details:

AddLegacyDriverFiles: Unable to back up image of binary MpKsla1ca6fc2.

 

System Error:

The system cannot find the file specified.

 

Error: (01/03/2015 06:53:46 AM) (Source: Microsoft-Windows-Defrag)(User: )

Description: My Passport (F:)The system cannot find the file specified. (0x80070002)

 

Error: (01/03/2015 05:26:54 AM) (Source: Application Error)(User: )

Description: svchost.exe6.1.7600.163854a5bc3c1msvcrt.dll7.0.7601.177444eeb033fc00000050000000000001281177d001d0272ec87e0b71C:\Windows\system32\svchost.exeC:\Windows\system32\msvcrt.dll6aacb770-933b-11e4-81af-1c6f657d3d75

 

Error: (01/03/2015 02:20:15 AM) (Source: Application Error)(User: )

Description: svchost.exe6.1.7600.163854a5bc3c1ole32.dll6.1.7601.175144ce7c92cc0000005000000000000dd5e2c4c801d026a04b0627c1C:\Windows\system32\svchost.exeC:\Windows\system32\ole32.dll57f5ad20-9321-11e4-81af-1c6f657d3d75

 

Error: (01/03/2015 00:06:26 AM) (Source: Microsoft-Windows-CAPI2)(User: )

Description:

Details:

AddLegacyDriverFiles: Unable to back up image of binary MpKsla1ca6fc2.

 

System Error:

The system cannot find the file specified.

 

Error: (01/02/2015 00:41:24 AM) (Source: Microsoft-Windows-CAPI2)(User: )

Description:

Details:

AddLegacyDriverFiles: Unable to back up image of binary MpKsla1ca6fc2.

 

System Error:

The system cannot find the file specified.

 

Error: (01/01/2015 00:00:35 AM) (Source: Microsoft-Windows-CAPI2)(User: )

Description:

Details:

AddLegacyDriverFiles: Unable to back up image of binary MpKsla1ca6fc2.

 

System Error:

The system cannot find the file specified.

 

 

CodeIntegrity Errors:

===================================

  Date: 2012-07-17 21:45:34.719

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\myapp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2012-07-17 21:45:34.688

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\myapp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

 

=========================== Installed Programs ============================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 2.7.0.19530 - Adobe Systems Incorporated) Hidden

Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden

Adobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) Hidden

Adobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Camera Raw 4.0 (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden

Adobe CMaps (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Color - Photoshop Specific (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Color Common Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Color EU Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Color JA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Color NA Recommended Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Default Language CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Device Central CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )

Adobe ExtendScript Toolkit 2 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Fonts All (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) Hidden

Adobe Linguistics CS3 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden

Adobe PDF Library Files (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden

Adobe Photoshop CS3 (HKLM-x32\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)

Adobe Photoshop CS3 (x32 Version: 10 - Adobe Systems Incorporated) Hidden

Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Adobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)

Adobe Stock Photos CS3 (x32 Version: 1.5 - Adobe Systems Incorporated) Hidden

Adobe Type Support (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) Hidden

Adobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) Hidden

Adobe WinSoft Linguistics Plugin (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe XMP Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)

Amazon MP3 Downloader 1.0.15 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC)

Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)

Audacity 1.3.14 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)

Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)

Backblaze (HKLM-x32\...\Backblaze) (Version:  - Backblaze, Inc)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

BookSmart® 3.0.4 3.0.4 (HKLM-x32\...\BookSmart® 3.0.4 3.0.4) (Version:  - Blurb, Inc)

calibre (HKLM-x32\...\{C727544A-23E0-41A8-9901-2353CE3FE62A}) (Version: 2.14.0 - Kovid Goyal)

CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)

Click to Call with Skype (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.5.8013 - Skype Technologies S.A.)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Coupon Companion (HKLM-x32\...\Coupon Companion) (Version: 1.24.151.151 - 215 Apps)

Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.3) (Version: 5.0.0.3 - Coupons.com Incorporated)

Cricut Design Space (HKLM-x32\...\Cricut Design Space 1.000) (Version: 1.000 - Provo Craft & Novelty, Inc.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dave's Uploader (32-bit) 2.3.11.176 (HKLM-x32\...\0802-4480-7100-7624) (Version: 2.3.11.176 - Let Dave Do It!)

DVD Photo Slideshow Professional 8.07 (HKLM-x32\...\DVD Photo Slideshow Professional_is1) (Version:  - dvd-photo-slideshow.com)

FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )

FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version:  - )

Google Chrome (HKCU\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

HandBrake 0.9.5 (HKLM-x32\...\HandBrake) (Version: 0.9.5 - )

HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{A3E89C5B-BB3A-433A-A878-D1310BB13EAD}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)

iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)

Imagenomic Noiseware 4.2 Professional Plug-in (build 4205) (HKLM\...\ImagenomicNoisewareProPlugin) (Version:  - )

Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)

iPhone Folders (HKLM-x32\...\{53DA6CFE-7CDE-4F72-9E23-39AAC686DE17}) (Version: 1.0.32 - Redart)

iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)

Java Auto Updater (x32 Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden

Java™ 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.290 - Oracle)

LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )

LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.6.0.0 - LG Electronics)

Medialink MWN-USB150N (HKLM-x32\...\{34E93A7F-599F-4BBB-B2A1-4FCE77971AB9}) (Version: 1.00.0000 - Medialink)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91E30409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)

NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)

OverDrive Media Console (HKLM-x32\...\{7326DA0C-C09B-491C-81FF-6DA12B2256BB}) (Version: 3.3.0 - OverDrive, Inc.)

PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

ProDPI ROES (HKCU\...\ProDPI ROES) (Version:  - Digital Precision Imaging)

QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.0.0.4 - Shutterfly, Inc.)

Shutterfly Express Uploader (x32 Version: 1.0.0 - Shutterfly, Inc.) Hidden

Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

Spotify (HKLM-x32\...\Spotify) (Version: 0.5.2 - )

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

WinZip 12.1 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}) (Version: 12.1.8519 - WinZip Computing, S.L. )

 

========================= Devices: ================================

 

 

========================= Memory info: ===================================

 

Percentage of memory in use: 76%

Total physical RAM: 4060.49 MB

Available physical RAM: 958.31 MB

Total Pagefile: 8119.16 MB

Available Pagefile: 5000.48 MB

Total Virtual: 4095.88 MB

Available Virtual: 3980.32 MB

 

========================= Partitions: =====================================

 

1 Drive c: (WIN7) (Fixed) (Total:238.48 GB) (Free:0.3 GB) NTFS

2 Drive d: (DATA) (Fixed) (Total:347.69 GB) (Free:15.65 GB) NTFS

4 Drive f: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1339.58 GB) NTFS

 

========================= Users: ========================================

 

User accounts for \\MELANIE-PC

 

Administrator            Guest                    melanie                 

 

========================= Restore Points ==================================

 

 

**** End of log ****



#7 Mtex

Mtex
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 07 January 2015 - 11:18 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/6/2015
Scan Time: 7:39:17 PM
Logfile: mbam scan log.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.07.01
Rootkit Database: v2015.01.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: melanie
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 384632
Time Elapsed: 39 min, 36 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 40
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Quarantined, [d9b402f221680432109c2bf00300b947], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Quarantined, [d9b402f221680432109c2bf00300b947], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, Quarantined, [7815678da8e194a2f4916bb135ce4ab6], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, Quarantined, [7815678da8e194a2f4916bb135ce4ab6], 
PUP.Optional.Babylon.A, HKU\S-1-5-21-553195164-191815573-1438906789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [8ffe62924b3ec076cf7141a13ac89c64], 
PUP.Optional.CouponCompanion.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110011441193}, Quarantined, [a3ea12e295f470c6a440534330d1f20e], 
PUP.Optional.CouponCompanion.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440044444493}, Quarantined, [a3ea12e295f470c6a440534330d1f20e], 
PUP.Optional.CouponCompanion.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055445593}, Quarantined, [a3ea12e295f470c6a440534330d1f20e], 
PUP.Optional.CouponCompanion.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660066446693}, Quarantined, [a3ea12e295f470c6a440534330d1f20e], 
PUP.Optional.CouponCompanion.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055445593}, Quarantined, [a3ea12e295f470c6a440534330d1f20e], 
PUP.Optional.CouponCompanion.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660066446693}, Quarantined, [a3ea12e295f470c6a440534330d1f20e], 
PUP.Optional.CouponCompanion.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440044444493}, Quarantined, [a3ea12e295f470c6a440534330d1f20e], 
PUP.Optional.CouponCompanion.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0004493.BHO.1, Quarantined, [a3ea12e295f470c6a440534330d1f20e], 
PUP.Optional.CouponCompanion.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110011441193}, Quarantined, [a3ea12e295f470c6a440534330d1f20e], 
PUP.Optional.CouponCompanion.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0004493.BHO, Quarantined, [a3ea12e295f470c6a440534330d1f20e], 
PUP.Optional.CouponCompanion.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0004493.BHO, Quarantined, [a3ea12e295f470c6a440534330d1f20e], 
PUP.Optional.CouponCompanion.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0004493.BHO.1, Quarantined, [a3ea12e295f470c6a440534330d1f20e], 
PUP.Optional.CouponCompanion.A, HKU\S-1-5-21-553195164-191815573-1438906789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110011441193}, Quarantined, [a3ea12e295f470c6a440534330d1f20e], 
PUP.Optional.CouponCompanion.A, HKU\S-1-5-21-553195164-191815573-1438906789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110011441193}, Quarantined, [a3ea12e295f470c6a440534330d1f20e], 
PUP.Optional.CouponCompanion.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{11111111-1111-1111-1111-110011441193}, Quarantined, [a3ea12e295f470c6a440534330d1f20e], 
PUP.Optional.CouponCompanion.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011441193}, Quarantined, [a3ea12e295f470c6a440534330d1f20e], 
PUP.Optional.CouponCompanion.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220022442293}, Quarantined, [a3ea12e295f470c6a440534330d1f20e], 
PUP.Optional.CouponCompanion.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0004493.Sandbox.1, Quarantined, [a3ea12e295f470c6a440534330d1f20e], 
PUP.Optional.CouponCompanion.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0004493.Sandbox, Quarantined, [a3ea12e295f470c6a440534330d1f20e], 
PUP.Optional.CouponCompanion.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0004493.Sandbox, Quarantined, [a3ea12e295f470c6a440534330d1f20e], 
PUP.Optional.CouponCompanion.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0004493.Sandbox.1, Quarantined, [a3ea12e295f470c6a440534330d1f20e], 
PUP.Optional.CouponCompanion.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Coupon Companion, Quarantined, [b4d97f752762b97d7e663462b64bf50b], 
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, Quarantined, [5b32a74da4e560d603e97a135ba82fd1], 
PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\klibnahbojhkanfgaglnlalfkgpcppfi, Quarantined, [a7e6e0144346e3533e740374659e0df3], 
PUP.Optional.CouponCompanion.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pbkdpahkifcigckmhiafindmaflfifgm, Quarantined, [b0ddca2a5930e2547361375f08fbb749], 
PUP.Optional.DataMngr.A, HKU\S-1-5-21-553195164-191815573-1438906789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, Quarantined, [7f0e738186036fc74101e8d8857f0af6], 
PUP.Optional.DataMngr.A, HKU\S-1-5-21-553195164-191815573-1438906789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, Quarantined, [f697e60e0584162080c1764a57ad59a7], 
PUP.Optional.Conduit.A, HKU\S-1-5-21-553195164-191815573-1438906789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Quarantined, [b9d45b99ec9d6acc22bb105c43c03fc1], 
PUP.Optional.CouponCompanion.A, HKU\S-1-5-21-553195164-191815573-1438906789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Coupon Companion, Quarantined, [424b2ec69fea2f072ccb9af77c87d22e], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-553195164-191815573-1438906789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [0a830de74f3a73c3048f458ffe069c64], 
PUP.Optional.PriceGong.A, HKU\S-1-5-21-553195164-191815573-1438906789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [a9e4bb396c1dc2741069f07d72918b75], 
PUP.Optional.Babylon.A, HKU\S-1-5-21-553195164-191815573-1438906789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Redir, Quarantined, [8805da1aeb9e33033014675af90b6799], 
PUP.Optional.Babylon.A, HKU\S-1-5-21-553195164-191815573-1438906789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, Quarantined, [6c2116ded8b1979f0c393e837b8913ed], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-553195164-191815573-1438906789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CR_INSTALLER\4493, Quarantined, [8c019d572f5abb7be6759d0907fc21df], 
PUP.Optional.Conduit.A, HKU\S-1-5-21-553195164-191815573-1438906789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\klibnahbojhkanfgaglnlalfkgpcppfi, Quarantined, [325bda1a87026dc953605e195fa4f40c], 
 
Registry Values: 1
Trojan.Agent.IGen, HKU\S-1-5-21-553195164-191815573-1438906789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GoogleUpdate, C:\Users\melanie\AppData\Roaming\GoogleUpdate.exe, Quarantined, [2f5e21d395f4e650670a2c2764a033cd]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 5
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong\Data, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.CouponCompanion.A, C:\Users\melanie\AppData\Local\Coupon Companion, Quarantined, [ade02fc5cdbca1957b427dc1d033dc24], 
PUP.Optional.CouponCompanion.A, C:\Users\melanie\AppData\Local\Coupon Companion\Chrome, Quarantined, [ade02fc5cdbca1957b427dc1d033dc24], 
PUP.Optional.CouponCompanion.A, C:\Program Files (x86)\Coupon Companion, Quarantined, [098411e3b2d794a2ba04c17d4db6827e], 
 
Files: 69
PUP.Optional.CouponCompanion.A, C:\Program Files (x86)\Coupon Companion\Coupon Companion-bg.exe, Quarantined, [682512e2682143f329bb9ff7db26c739], 
PUP.Optional.CouponCompanion.A, C:\Program Files (x86)\Coupon Companion\Coupon Companion.dll, Quarantined, [a3ea12e295f470c6a440534330d1f20e], 
PUP.Optional.CouponCompanion.A, C:\Program Files (x86)\Coupon Companion\Coupon Companion.exe, Quarantined, [5d30579d06836ec89054bed8a25f39c7], 
PUP.Optional.CouponCompanion.A, C:\Program Files (x86)\Coupon Companion\Uninstall.exe, Quarantined, [b4d97f752762b97d7e663462b64bf50b], 
Trojan.MSIL.Injector.NEP, C:\Windows\System32\trfnowp.dll, Quarantined, [2a631cd8f495340211bf3fa7f50c718f], 
Trojan.FakeGoog, C:\Users\melanie\AppData\Local\Temp\52FA.tmp, Quarantined, [4746ef05fb8e9d99a89d482b5ea7619f], 
Trojan.FakeGoog, C:\Users\melanie\AppData\Local\Temp\5DD8.tmp, Quarantined, [8508e212b7d2f34390b5116229dcb54b], 
PUP.Optional.Conduit.A, C:\Users\melanie\AppData\Local\Temp\dlLogic.exe, Quarantined, [3657c82cf099c6704d8bae7923debe42], 
PUP.Optional.InstallCore.A, C:\Users\melanie\AppData\Local\Temp\ICReinstall_CamStudio_Setup.exe, Quarantined, [cdc0f5ff2e5bb97da94457db13ee6799], 
PUP.Optional.Conduit.A, C:\Users\melanie\AppData\Local\Temp\ToolbarHelper.exe, Quarantined, [48457282840572c4a0029b838e72bc44], 
PUP.Optional.Amonetize.A, C:\Users\melanie\AppData\Local\Temp\UpdUninstall.exe, Quarantined, [a4e9bc38385156e0cd1ea89132cfe21e], 
PUP.Optional.Babylon.A, C:\Users\melanie\AppData\Local\Temp\691E3EB9-BAB0-7891-881A-4B011CCEC6AF\Latest\BExternal.dll, Quarantined, [d4b900f492f73105044d60c3669a18e8], 
PUP.Optional.BabSolution.A, C:\Users\melanie\AppData\Local\Temp\691E3EB9-BAB0-7891-881A-4B011CCEC6AF\Latest\BUSolution.dll, Quarantined, [afde569e8702ef475fc8cd603ec3ff01], 
PUP.Optional.Babylon.A, C:\Users\melanie\AppData\Local\Temp\691E3EB9-BAB0-7891-881A-4B011CCEC6AF\Latest\CrxInstaller.dll, Quarantined, [3b52fafa9ced2f07c5169a9f24ddd42c], 
PUP.Optional.Delta.A, C:\Users\melanie\AppData\Local\Temp\691E3EB9-BAB0-7891-881A-4B011CCEC6AF\Latest\enhancedNT.dll, Quarantined, [157800f45336092d72d1e15250b1b54b], 
PUP.Optional.Babylon.A, C:\Users\melanie\AppData\Local\Temp\691E3EB9-BAB0-7891-881A-4B011CCEC6AF\Latest\MntrDLLInstall.dll, Quarantined, [236a52a2bdcc74c29943ca6fde236e92], 
PUP.Optional.Delta.A, C:\Users\melanie\AppData\Local\Temp\691E3EB9-BAB0-7891-881A-4B011CCEC6AF\Latest\MyDeltaTB.exe, Quarantined, [0f7ec331becbbf77f128a8e9c839b848], 
PUP.Optional.Babylon.A, C:\Users\melanie\AppData\Local\Temp\691E3EB9-BAB0-7891-881A-4B011CCEC6AF\Latest\Setup.exe, Quarantined, [93fa29cba8e14fe7f3046fb250b0c838], 
PUP.Optional.Conduit.A, C:\Users\melanie\AppData\Local\Temp\ct3289847\chlogic.exe, Quarantined, [404d14e0fb8e61d5084847f606fb3bc5], 
PUP.Optional.Conduit.A, C:\Users\melanie\AppData\Local\Temp\ct3289847\ctbe.exe, Quarantined, [305d658f018885b16a8eae7044bc12ee], 
PUP.Optional.Conduit.A, C:\Users\melanie\AppData\Local\Temp\ct3289847\ielogic.exe, Quarantined, [1e6fec082d5c82b4430d55e822df7987], 
PUP.Optional.Conduit.A, C:\Users\melanie\AppData\Local\Temp\ct3289847\statisticsStub.exe, Quarantined, [d8b530c44346ef475a7c3dea8081916f], 
PUP.Optional.Conduit.A, C:\Users\melanie\AppData\Local\Temp\ct3289847\plugins\TBVerifier.dll, Quarantined, [c0cd0be910795dd9f41ad66db0507090], 
PUP.Optional.Babylon.A, C:\Users\melanie\AppData\Local\Temp\is1615585457\DeltaTB.exe, Quarantined, [dcb1db19d0b95dd9654ea383d42df010], 
PUP.Optional.WebConnect.A, C:\Users\melanie\AppData\Local\Temp\is1615585457\WebConnect.exe, Quarantined, [3a536292b8d153e37ce95fd3c44151af], 
PUP.Optional.PCOptimizerPro, C:\Windows\temp\Optimizer_Pro.exe, Quarantined, [c6c780747910f541268e1417dc25e31d], 
PUP.Optional.InstallIQ, C:\Users\melanie\Downloads\audacity_app_d153998.exe, Quarantined, [167736bebacfd85e70d150ebf40d5fa1], 
PUP.Optional.InstallCore.A, C:\Users\melanie\Downloads\CamStudio_Setup.exe, Quarantined, [54398b699beefd39effea38f4cb50cf4], 
PUP.Optional.MultiPlug.A, C:\Users\melanie\Downloads\Download.exe, Quarantined, [cfbe10e4a1e832041580d431ae547a86], 
PUP.Optional.4Shared, C:\Users\melanie\Downloads\lightsaber vday printout3.exe, Quarantined, [177622d2f099a096fad6e737956b956b], 
PUP.Optional.Conduit, C:\Users\melanie\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx, Quarantined, [e0ad8e663c4d9e988153a5db55aedb25], 
PUP.Optional.Conduit.A, C:\Users\melanie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage, Quarantined, [37569b59bbce082e215521723ec522de], 
PUP.Optional.Conduit.A, C:\Users\melanie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal, Quarantined, [f8957282563342f4f5817f14de25d927], 
PUP.Optional.Wajam.A, C:\Users\melanie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wajam.com_0.localstorage, Quarantined, [c9c4af45cebb7cba78d3afe5a45f37c9], 
PUP.Optional.Wajam.A, C:\Users\melanie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wajam.com_0.localstorage-journal, Quarantined, [5a33d91b4a3fe551f259088c06fdab55], 
PUP.Optional.BrowserDefender.A, C:\Users\melanie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage, Quarantined, [56372cc828616fc7ace1edd615efe61a], 
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong\Data\1.txt, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong\Data\a.txt, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong\Data\b.txt, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong\Data\c.txt, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong\Data\d.txt, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong\Data\e.txt, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong\Data\f.txt, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong\Data\g.txt, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong\Data\h.txt, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong\Data\i.txt, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong\Data\j.txt, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong\Data\k.txt, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong\Data\l.txt, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong\Data\m.txt, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong\Data\n.txt, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong\Data\o.txt, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong\Data\p.txt, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong\Data\q.txt, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong\Data\r.txt, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong\Data\s.txt, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong\Data\t.txt, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong\Data\u.txt, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong\Data\v.txt, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong\Data\w.txt, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong\Data\wlu.txt, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong\Data\x.txt, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong\Data\y.txt, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.PriceGong.A, C:\Users\melanie\AppData\LocalLow\PriceGong\Data\z.txt, Quarantined, [c9c4f9fba2e7ff372ad5a78b778cbd43], 
PUP.Optional.CouponCompanion.A, C:\Users\melanie\AppData\Local\Coupon Companion\Chrome\Coupon Companion.crx, Quarantined, [ade02fc5cdbca1957b427dc1d033dc24], 
PUP.Optional.CouponCompanion.A, C:\Program Files (x86)\Coupon Companion\ButtonUtil.dll, Quarantined, [098411e3b2d794a2ba04c17d4db6827e], 
PUP.Optional.CouponCompanion.A, C:\Program Files (x86)\Coupon Companion\Coupon Companion.ico, Quarantined, [098411e3b2d794a2ba04c17d4db6827e], 
PUP.Optional.CouponCompanion.A, C:\Program Files (x86)\Coupon Companion\Coupon Companion.ini, Quarantined, [098411e3b2d794a2ba04c17d4db6827e], 
PUP.Optional.CouponCompanion.A, C:\Program Files (x86)\Coupon Companion\Coupon CompanionInstaller.log, Quarantined, [098411e3b2d794a2ba04c17d4db6827e], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#8 Mtex

Mtex
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 07 January 2015 - 11:20 PM

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org
 
Database version: v2015.01.07.21
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
melanie :: MELANIE-PC [administrator]
 
1/7/2015 7:53:56 PM
mbar-log-2015-01-07 (19-53-56).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 383229
Time elapsed: 31 minute(s), 32 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 2
HKU\S-1-5-21-553195164-191815573-1438906789-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} (Trojan.Poweliks.B) -> Delete on reboot. [5948e80c7a0fe155d09e4eb460a0718f]
HKU\S-1-5-21-553195164-191815573-1438906789-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot. [772a27cd93f640f66ab036cb926e14ec]
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 1
HKU\S-1-5-21-553195164-191815573-1438906789-1000_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Hijack.SHELL32) -> Bad: (\\?\globalroot\Device\HarddiskVolume2\Users\melanie\AppData\Local\Temp\smiteqf\sqctyri\wow.dll) Good: (SHELL32.dll) -> Replace on reboot. [ffa29460c7c21323adc3bfcd8f76659b]
 
Folders Detected: 3
C:\$RECYCLE.BIN\S-1-5-21-553195164-191815573-1438906789-1000\$e034b03c526420dc1ab52cd7d7257cca\U (Trojan.Siredef.C) -> Delete on reboot. [119011e3ec9d74c28d807d8436ca7d83]
C:\$RECYCLE.BIN\S-1-5-21-553195164-191815573-1438906789-1000\$e034b03c526420dc1ab52cd7d7257cca\L (Trojan.Siredef.C) -> Delete on reboot. [3a673fb57415b581ab64a958ab55be42]
C:\$RECYCLE.BIN\S-1-5-21-553195164-191815573-1438906789-1000\$e034b03c526420dc1ab52cd7d7257cca (Trojan.Siredef.C) -> Delete on reboot. [7130a3512366db5b5eb2de23fc0432ce]
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17501
 
Java version: 1.6.0_29
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.599000 GHz
Memory total: 4257734656, free: 1937080320
 
Downloaded database version: v2015.01.07.21
Downloaded database version: v2015.01.07.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
     01/07/2015 19:53:42
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\xmbu.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\scmndisp.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\l1c51x64.sys
\SystemRoot\system32\drivers\usbuhci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\drivers\usbscan.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\bcmwlhigh664.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\nsi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\msctf.dll
\Windows\System32\setupapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\sechost.dll
\Windows\System32\normaliz.dll
\Windows\System32\lpk.dll
\Windows\System32\difxapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\ole32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\imm32.dll
\Windows\System32\iertutil.dll
\Windows\System32\wininet.dll
\Windows\System32\shell32.dll
\Windows\System32\psapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\msvcrt.dll
\Windows\System32\ws2_32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\usp10.dll
\Windows\System32\advapi32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\comdlg32.dll
\Windows\System32\user32.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80048fa130
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80044d4060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80048fa130, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80048fbb20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80048fa130, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80044da520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80044d4060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
The directory C:\WINDOWS\SYSTEM32\drivers seems inaccessible or encrypted.
Drivers scan is aborted.
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 26C81D72
 
Partition information:
 
    Partition 0 type is Other (0x1b)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 20980827
 
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 20980890  Numsec = 500119515
    Partition file system is NTFS
    Partition is bootable
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 521100405  Numsec = 729158220
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 640135028736 bytes
Sector size: 512 bytes
 
Done!
Infected file C:\Users\melanie\AppData\Local\Temp\is1615585457\wajam_validate.exe could not be remediated because backup file is not available
Infected: HKU\S-1-5-21-553195164-191815573-1438906789-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} --> [Trojan.Poweliks.B]
Infected: HKU\S-1-5-21-553195164-191815573-1438906789-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Hijack.Trojan.Siredef.C]
Infected: C:\$RECYCLE.BIN\S-1-5-21-553195164-191815573-1438906789-1000\$e034b03c526420dc1ab52cd7d7257cca\U --> [Trojan.Siredef.C]
Infected: C:\$RECYCLE.BIN\S-1-5-21-553195164-191815573-1438906789-1000\$e034b03c526420dc1ab52cd7d7257cca\L --> [Trojan.Siredef.C]
Infected: C:\$RECYCLE.BIN\S-1-5-21-553195164-191815573-1438906789-1000\$e034b03c526420dc1ab52cd7d7257cca --> [Trojan.Siredef.C]
Infected: HKU\S-1-5-21-553195164-191815573-1438906789-1000_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| --> [Hijack.SHELL32]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
 

Rkill 2.6.9 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 01/07/2015 08:41:54 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 01/07/2015 08:58:23 PM
Execution time: 0 hours(s), 16 minute(s), and 28 seconds(s)


#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:18 AM

Posted 08 January 2015 - 12:09 AM

You're infected with ZeroAccess rootkit on a top of Poweliks.

It'll require elevated help.

 

Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users