Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Definitely Infected...


  • This topic is locked This topic is locked
11 replies to this topic

#1 BWyant

BWyant

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 10 January 2015 - 06:45 PM

Hey,

 

First of all, appreciate the help. Second, a little backstory. Was supposed to be trading pictures with someone online. Yeah, that didn't happen. Got a file called "img 342.exe". I knew that was a problem as soon as I saw the exe file extension. Shortly after receiving the file, a new tab opened in my Firefox broswer and directed me to meatspin.com .... If you haven't been, don't go. Anyway, knowing that I was in trouble, I began asking the hacker questions before they signed off. I was told that I ought to just buy new RAM because the virus was somehow embedded there.

 

Since then, nothing has happened in terms of noticeable maliscious actions. However, I know that I am infected because I am unable to open any of my virus removal tools (Spybot, Malware Bytes, HiJack This). No longer do I have permissions to do so. I've tried the obvious step of running as administrator. No luck. Also tried safe mode. Same results. Tried uninstalling and reinstalling the programs, couldn't uninstall. Tried just installing. Nope. I also tried using Hiren's Boot CD to run the programs from there. Same results. Running RKill causes the computer to blue-screen. The only two things that I seem to be able to run successfully are Show-Hidden and CCleaner.

 

This is the log from "Show-Hidden" ... I apologize because it is quite long. Any response on the issue is obviously greatly appreciated, and I thank you for your time. With two years of work as an EasyTech at Staples, I might have thought this would be a little easier.

 

Scanning the C:\ drive

 * C:\$Recycle.Bin
 * C:\$Recycle.Bin\S-1-5-20
 * C:\$Recycle.Bin\S-1-5-21-648195226-1108682552-4073600396-1000
 * C:\$Recycle.Bin\S-1-5-21-648195226-1108682552-4073600396-500
 * C:\ASUS.DAT
 * C:\ASUS.DAT\Backgrounds
 * C:\ASUS.DAT\Frames
 * C:\ASUS.DAT\Images
 * C:\ASUS.DAT\Sounds
 * C:\Boot
 * C:\Config.Msi
 * C:\MSOCache
 * C:\Program Files\Uninstall Information
 * C:\Program Files (x86)\Common Files\Windows Live\.cache
 * C:\Program Files (x86)\InstallShield Installation Information
 * C:\Program Files (x86)\Temp
 * C:\Program Files (x86)\Uninstall Information
 * C:\ProgramData
 * C:\ProgramData\Microsoft\DRM\Server
 * C:\ProgramData\Microsoft\Windows\DRM
 * C:\ProgramData\Microsoft\Windows\DRM\Cache
 * C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
 * C:\ProgramData\Microsoft\WwanSvc
 * C:\ProgramData\Microsoft\WwanSvc\Profiles
 * C:\Recovery
 * C:\Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa
 * C:\System Volume Information
 * C:\Users\All Users\Microsoft\DRM\Server
 * C:\Users\All Users\Microsoft\Windows\DRM
 * C:\Users\All Users\Microsoft\Windows\DRM\Cache
 * C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Tablet PC
 * C:\Users\All Users\Microsoft\WwanSvc
 * C:\Users\All Users\Microsoft\WwanSvc\Profiles
 * C:\Users\Brock\AppData
 * C:\Users\Brock\AppData\Local\EmieSiteList
 * C:\Users\Brock\AppData\Local\EmieUserList
 * C:\Users\Brock\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
 * C:\Users\Brock\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
 * C:\Users\Brock\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
 * C:\Users\Brock\AppData\Local\Microsoft\Feeds Cache
 * C:\Users\Brock\AppData\Local\Microsoft\Internet Explorer\DOMStore
 * C:\Users\Brock\AppData\Local\Microsoft\Media Player\Art Cache
 * C:\Users\Brock\AppData\Local\Microsoft\Media Player\Sync Downloads
 * C:\Users\Brock\AppData\Local\Microsoft\Windows\AppCache
 * C:\Users\Brock\AppData\Local\Microsoft\Windows\AppCache\641LTEN0
 * C:\Users\Brock\AppData\Local\Microsoft\Windows\AppCache\FTN44AFB
 * C:\Users\Brock\AppData\Local\Microsoft\Windows\Burn\Burn
 * C:\Users\Brock\AppData\Local\Microsoft\Windows\Burn\Burn1
 * C:\Users\Brock\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics
 * C:\Users\Brock\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics\{8669ECE8-D1C3-4345-8310-E60F6D44FDAF}
 * C:\Users\Brock\AppData\Local\Microsoft\Windows\History
 * C:\Users\Brock\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Users\Brock\AppData\Local\Microsoft\Windows\History\Low\History.IE5
 * C:\Users\Brock\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Users\Brock\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
 * C:\Users\Brock\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALCTLRSQ
 * C:\Users\Brock\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP57RVJ1
 * C:\Users\Brock\AppData\Local\Microsoft\Windows\WebCache
 * C:\Users\Brock\AppData\LocalLow\Microsoft\Internet Explorer
 * C:\Users\Brock\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore
 * C:\Users\Brock\AppData\LocalLow\Microsoft\Windows\AppCache
 * C:\Users\Brock\AppData\LocalLow\Microsoft\Windows\AppCache\38GXAVOH
 * C:\Users\Brock\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
 * C:\Users\Brock\AppData\Roaming\Microsoft\Internet Explorer\UserData
 * C:\Users\Brock\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Users\Brock\AppData\Roaming\Microsoft\Windows\Cookies\Low
 * C:\Users\Brock\AppData\Roaming\Microsoft\Windows\DNTException
 * C:\Users\Brock\AppData\Roaming\Microsoft\Windows\DNTException\Low
 * C:\Users\Brock\AppData\Roaming\Microsoft\Windows\IECompatCache
 * C:\Users\Brock\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
 * C:\Users\Brock\AppData\Roaming\Microsoft\Windows\IECompatUACache
 * C:\Users\Brock\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
 * C:\Users\Brock\AppData\Roaming\Microsoft\Windows\IEDownloadHistory
 * C:\Users\Brock\AppData\Roaming\Microsoft\Windows\IETldCache
 * C:\Users\Brock\AppData\Roaming\Microsoft\Windows\IETldCache\Low
 * C:\Users\Brock\AppData\Roaming\Microsoft\Windows\PrivacIE
 * C:\Users\Brock\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
 * C:\Users\Default
 * C:\Users\Default\AppData
 * C:\Users\Default\AppData\Local\Microsoft\Windows\History
 * C:\Users\Default\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
 * C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CVL03GI
 * C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXZO9PS8
 * C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OBONJIUP
 * C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0MW2VRN
 * C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Users\Public\Desktop
 * C:\Users\Public\Favorites
 * C:\Users\Public\Libraries
 * C:\Users\Public\Recorded TV\TempRec
 * C:\Users\Public\Recorded TV\TempRec\TempSBE
 * C:\Windows\Globalization\MCT
 * C:\Windows\Installer
 * C:\Windows\Installer\$PatchCache$
 * C:\Windows\Installer\$PatchCache$\Managed
 * C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400100000000F01FEC
 * C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400100000000F01FEC\12.0.6015
 * C:\Windows\Installer\$PatchCache$\Managed\00004109D60090400100000000F01FEC
 * C:\Windows\Installer\$PatchCache$\Managed\00004109D60090400100000000F01FEC\14.0.4763
 * C:\Windows\Installer\$PatchCache$\Managed\019EAD8727ACE054DA2277C21B0A6087
 * C:\Windows\Installer\$PatchCache$\Managed\019EAD8727ACE054DA2277C21B0A6087\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\01A2F000FDC9FB74C92FA98C57764B33
 * C:\Windows\Installer\$PatchCache$\Managed\01A2F000FDC9FB74C92FA98C57764B33\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\032440EF5AC97F34B985A55C2AA8F133
 * C:\Windows\Installer\$PatchCache$\Managed\032440EF5AC97F34B985A55C2AA8F133\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\0550E26E890C2A345BB430BFE1364438
 * C:\Windows\Installer\$PatchCache$\Managed\0550E26E890C2A345BB430BFE1364438\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\06F372D55250AB845ABF0DAC4A9A25EA
 * C:\Windows\Installer\$PatchCache$\Managed\06F372D55250AB845ABF0DAC4A9A25EA\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\076CFAAAB965F2A4284B2449E5D03EFE
 * C:\Windows\Installer\$PatchCache$\Managed\076CFAAAB965F2A4284B2449E5D03EFE\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\0BF568C2E15022D4CA2624E830A5AE0F
 * C:\Windows\Installer\$PatchCache$\Managed\0BF568C2E15022D4CA2624E830A5AE0F\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\0C0EC885B0688A94FAFCC39664B543F5
 * C:\Windows\Installer\$PatchCache$\Managed\0C0EC885B0688A94FAFCC39664B543F5\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\0C8D398C0AB171541BC18EB9567EF207
 * C:\Windows\Installer\$PatchCache$\Managed\0C8D398C0AB171541BC18EB9567EF207\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\1007C6B46D7C017319E3B52CF3EC196E
 * C:\Windows\Installer\$PatchCache$\Managed\1007C6B46D7C017319E3B52CF3EC196E\9.0.30729
 * C:\Windows\Installer\$PatchCache$\Managed\11B786265B8581A4B93CD94FEC301F49
 * C:\Windows\Installer\$PatchCache$\Managed\11B786265B8581A4B93CD94FEC301F49\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\1E183A529BA0A7E4CAECAB945D91FCE4
 * C:\Windows\Installer\$PatchCache$\Managed\1E183A529BA0A7E4CAECAB945D91FCE4\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\21D01A86F0D02124DB6E8DF7DA238AAF
 * C:\Windows\Installer\$PatchCache$\Managed\21D01A86F0D02124DB6E8DF7DA238AAF\130.0.373
 * C:\Windows\Installer\$PatchCache$\Managed\24199FEE7533C2042B89ED3C301ED229
 * C:\Windows\Installer\$PatchCache$\Managed\24199FEE7533C2042B89ED3C301ED229\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\266A727EF9FAEED4185C4F1A86F6D3CF
 * C:\Windows\Installer\$PatchCache$\Managed\266A727EF9FAEED4185C4F1A86F6D3CF\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\27A0F3573C95EC143AA62FFD029772C5
 * C:\Windows\Installer\$PatchCache$\Managed\27A0F3573C95EC143AA62FFD029772C5\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\2ABDC57C68C3e184DB01DBAD57F8D9FF
 * C:\Windows\Installer\$PatchCache$\Managed\2ABDC57C68C3e184DB01DBAD57F8D9FF\130.0.303
 * C:\Windows\Installer\$PatchCache$\Managed\31BAE7FECF64DD94E8C3AA8F2A685CBB
 * C:\Windows\Installer\$PatchCache$\Managed\31BAE7FECF64DD94E8C3AA8F2A685CBB\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\327CF605C6E87144C9FF53F199314052
 * C:\Windows\Installer\$PatchCache$\Managed\327CF605C6E87144C9FF53F199314052\15.4.3508
 * C:\Windows\Installer\$PatchCache$\Managed\3AC763F0F2B39F344AA4528AEE964ED5
 * C:\Windows\Installer\$PatchCache$\Managed\3AC763F0F2B39F344AA4528AEE964ED5\13.0.0
 * C:\Windows\Installer\$PatchCache$\Managed\3D04254D3B6B9FF42B3445CE3E1E0066
 * C:\Windows\Installer\$PatchCache$\Managed\3D04254D3B6B9FF42B3445CE3E1E0066\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\41FDE30982E43644AAE5A4EE170C62B3
 * C:\Windows\Installer\$PatchCache$\Managed\41FDE30982E43644AAE5A4EE170C62B3\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\42E3739227CAE424F8A2BFF049632FF1
 * C:\Windows\Installer\$PatchCache$\Managed\42E3739227CAE424F8A2BFF049632FF1\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\4314AE291D01A814191EA5403531A183
 * C:\Windows\Installer\$PatchCache$\Managed\4314AE291D01A814191EA5403531A183\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\433AE891F3A82BC4D916C6018B61A8F6
 * C:\Windows\Installer\$PatchCache$\Managed\433AE891F3A82BC4D916C6018B61A8F6\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\4A4869755DDD3AC4E98AB77E9D95D34B
 * C:\Windows\Installer\$PatchCache$\Managed\4A4869755DDD3AC4E98AB77E9D95D34B\15.4.3508
 * C:\Windows\Installer\$PatchCache$\Managed\4A9D4F432C248434EB4F5E358C54947E
 * C:\Windows\Installer\$PatchCache$\Managed\4A9D4F432C248434EB4F5E358C54947E\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\4AA7AEE2302C09b43AF491BFE71F8CC1
 * C:\Windows\Installer\$PatchCache$\Managed\4AA7AEE2302C09b43AF491BFE71F8CC1\130.0.331
 * C:\Windows\Installer\$PatchCache$\Managed\4BF1F1488FDFC1644A69E3C1DF480C5B
 * C:\Windows\Installer\$PatchCache$\Managed\4BF1F1488FDFC1644A69E3C1DF480C5B\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\4E42866C3BBC1584BBF38EFC6D539032
 * C:\Windows\Installer\$PatchCache$\Managed\4E42866C3BBC1584BBF38EFC6D539032\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\52744B0D6663D294EB6F85A741DBB99D
 * C:\Windows\Installer\$PatchCache$\Managed\52744B0D6663D294EB6F85A741DBB99D\15.4.2862
 * C:\Windows\Installer\$PatchCache$\Managed\5DB8CED64757AF740B0894B2BB2EEF3A
 * C:\Windows\Installer\$PatchCache$\Managed\5DB8CED64757AF740B0894B2BB2EEF3A\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\5F62334C531F15542807F7A7AB40261E
 * C:\Windows\Installer\$PatchCache$\Managed\5F62334C531F15542807F7A7AB40261E\130.0.371
 * C:\Windows\Installer\$PatchCache$\Managed\60EA627A3AAA1D34783E075F0113F440
 * C:\Windows\Installer\$PatchCache$\Managed\60EA627A3AAA1D34783E075F0113F440\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8
 * C:\Windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722
 * C:\Windows\Installer\$PatchCache$\Managed\675B0CE09F093C34F8DA4A09D24F8B4F
 * C:\Windows\Installer\$PatchCache$\Managed\675B0CE09F093C34F8DA4A09D24F8B4F\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\70FE07A488F74344BB161DEDA89ED34D
 * C:\Windows\Installer\$PatchCache$\Managed\70FE07A488F74344BB161DEDA89ED34D\130.0.373
 * C:\Windows\Installer\$PatchCache$\Managed\73FBFE5025E0975478C5E7FED0BFF4BC
 * C:\Windows\Installer\$PatchCache$\Managed\73FBFE5025E0975478C5E7FED0BFF4BC\130.0.572
 * C:\Windows\Installer\$PatchCache$\Managed\7430F8847A4C4734197A0318B8DE7A01
 * C:\Windows\Installer\$PatchCache$\Managed\7430F8847A4C4734197A0318B8DE7A01\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B
 * C:\Windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\775F634D5961F2D4B844CA679CE90020
 * C:\Windows\Installer\$PatchCache$\Managed\775F634D5961F2D4B844CA679CE90020\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\7B292C385A83B0447A137070E0186AF4
 * C:\Windows\Installer\$PatchCache$\Managed\7B292C385A83B0447A137070E0186AF4\15.4.3508
 * C:\Windows\Installer\$PatchCache$\Managed\7F80AB91827CC964A853FBDB6333EB80
 * C:\Windows\Installer\$PatchCache$\Managed\7F80AB91827CC964A853FBDB6333EB80\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\80319B0A66669424F86FE111FA7DF51E
 * C:\Windows\Installer\$PatchCache$\Managed\80319B0A66669424F86FE111FA7DF51E\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\88119C0AF88C68E4396EDCC7A9626694
 * C:\Windows\Installer\$PatchCache$\Managed\88119C0AF88C68E4396EDCC7A9626694\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\88C162D0B454EF644BB346E026B1AD11
 * C:\Windows\Installer\$PatchCache$\Managed\88C162D0B454EF644BB346E026B1AD11\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\8DAFD7413C431ED4F9ACCAFEEDE98F01
 * C:\Windows\Installer\$PatchCache$\Managed\8DAFD7413C431ED4F9ACCAFEEDE98F01\1.6.5
 * C:\Windows\Installer\$PatchCache$\Managed\90663BC66A3EC6443A1C7CE113D1B2C9
 * C:\Windows\Installer\$PatchCache$\Managed\90663BC66A3EC6443A1C7CE113D1B2C9\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\98780FBBBC60F2D43903DC16A7DF5E82
 * C:\Windows\Installer\$PatchCache$\Managed\98780FBBBC60F2D43903DC16A7DF5E82\130.0.372
 * C:\Windows\Installer\$PatchCache$\Managed\99F5A0CD66DFF334D9A350CDAB46EB24
 * C:\Windows\Installer\$PatchCache$\Managed\99F5A0CD66DFF334D9A350CDAB46EB24\130.0.376
 * C:\Windows\Installer\$PatchCache$\Managed\9eab5ec6ac3d99b498a1d16c1c815acf
 * C:\Windows\Installer\$PatchCache$\Managed\9eab5ec6ac3d99b498a1d16c1c815acf\8.0.59192
 * C:\Windows\Installer\$PatchCache$\Managed\A57765D93F393A44082948E08362ED03
 * C:\Windows\Installer\$PatchCache$\Managed\A57765D93F393A44082948E08362ED03\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\A6C64DD86500CEF47BA082BB611A1FF1
 * C:\Windows\Installer\$PatchCache$\Managed\A6C64DD86500CEF47BA082BB611A1FF1\15.4.2862
 * C:\Windows\Installer\$PatchCache$\Managed\AB4027DB46DDE994B955A682C2FDF44A
 * C:\Windows\Installer\$PatchCache$\Managed\AB4027DB46DDE994B955A682C2FDF44A\130.0.0
 * C:\Windows\Installer\$PatchCache$\Managed\AD29A9B3473627846B6452F38126D4F5
 * C:\Windows\Installer\$PatchCache$\Managed\AD29A9B3473627846B6452F38126D4F5\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\AEA7747775758D74B83339F9348D2281
 * C:\Windows\Installer\$PatchCache$\Managed\AEA7747775758D74B83339F9348D2281\15.4.3508
 * C:\Windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E
 * C:\Windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\BC67EDCFD98923E47993A672D2B2E07D
 * C:\Windows\Installer\$PatchCache$\Managed\BC67EDCFD98923E47993A672D2B2E07D\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\BE4EBED704B66673BB53C5BB3C58AD73
 * C:\Windows\Installer\$PatchCache$\Managed\BE4EBED704B66673BB53C5BB3C58AD73\4.5.50938
 * C:\Windows\Installer\$PatchCache$\Managed\BF5078EAC31E9A04A8D2866D37F3FB2C
 * C:\Windows\Installer\$PatchCache$\Managed\BF5078EAC31E9A04A8D2866D37F3FB2C\130.0.373
 * C:\Windows\Installer\$PatchCache$\Managed\C2CEB8632A7B26742931D248565D33AC
 * C:\Windows\Installer\$PatchCache$\Managed\C2CEB8632A7B26742931D248565D33AC\15.4.3508
 * C:\Windows\Installer\$PatchCache$\Managed\C7BCDCEDCC85568419FA26F77989EF84
 * C:\Windows\Installer\$PatchCache$\Managed\C7BCDCEDCC85568419FA26F77989EF84\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\CA65D7133BD05F8429A92430D2CAA97D
 * C:\Windows\Installer\$PatchCache$\Managed\CA65D7133BD05F8429A92430D2CAA97D\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\CBEE5117B7ADC4348BC1AEB562AEA949
 * C:\Windows\Installer\$PatchCache$\Managed\CBEE5117B7ADC4348BC1AEB562AEA949\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\CC973E50626FD7E438456483563B30FB
 * C:\Windows\Installer\$PatchCache$\Managed\CC973E50626FD7E438456483563B30FB\15.4.3508
 * C:\Windows\Installer\$PatchCache$\Managed\CF454FAAAC2892F4BA13A60149587EE6
 * C:\Windows\Installer\$PatchCache$\Managed\CF454FAAAC2892F4BA13A60149587EE6\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\CFD2C1F142D260E3CB8B271543DA9F98
 * C:\Windows\Installer\$PatchCache$\Managed\CFD2C1F142D260E3CB8B271543DA9F98\9.0.30729
 * C:\Windows\Installer\$PatchCache$\Managed\CFE4A58E2F28EEC4A8E826DFDA53A366
 * C:\Windows\Installer\$PatchCache$\Managed\CFE4A58E2F28EEC4A8E826DFDA53A366\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057
 * C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057\9.0.30729
 * C:\Windows\Installer\$PatchCache$\Managed\D724708686D803D4FAB5B0838F9F848C
 * C:\Windows\Installer\$PatchCache$\Managed\D724708686D803D4FAB5B0838F9F848C\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100
 * C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0
 * C:\Windows\Installer\$PatchCache$\Managed\D791992DAEDC6A143A365F23ED1441DF
 * C:\Windows\Installer\$PatchCache$\Managed\D791992DAEDC6A143A365F23ED1441DF\15.4.3508
 * C:\Windows\Installer\$PatchCache$\Managed\D8D1423071227F24F9BCA6861D141CD4
 * C:\Windows\Installer\$PatchCache$\Managed\D8D1423071227F24F9BCA6861D141CD4\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\D8E6EAF9686E5F945A47A085FD9D85C0
 * C:\Windows\Installer\$PatchCache$\Managed\D8E6EAF9686E5F945A47A085FD9D85C0\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\DA84FEAD8C9839A41BDD547B4EBF0617
 * C:\Windows\Installer\$PatchCache$\Managed\DA84FEAD8C9839A41BDD547B4EBF0617\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\DBE289B7710D7254FBA1CF84E96C1B00
 * C:\Windows\Installer\$PatchCache$\Managed\DBE289B7710D7254FBA1CF84E96C1B00\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\DDA39468D428E8B4DB27C8D5DC5CA217
 * C:\Windows\Installer\$PatchCache$\Managed\DDA39468D428E8B4DB27C8D5DC5CA217\4.20.9870
 * C:\Windows\Installer\$PatchCache$\Managed\DF99F8ED7CF289C4AA767292DF1E0F04
 * C:\Windows\Installer\$PatchCache$\Managed\DF99F8ED7CF289C4AA767292DF1E0F04\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\E08F45ADC1622A148A5545A941F4F295
 * C:\Windows\Installer\$PatchCache$\Managed\E08F45ADC1622A148A5545A941F4F295\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\E5CD0C84A0282F4498E0926BE8DDC387
 * C:\Windows\Installer\$PatchCache$\Managed\E5CD0C84A0282F4498E0926BE8DDC387\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\E6B09F83D13A0D04883D3D4860BFFB75
 * C:\Windows\Installer\$PatchCache$\Managed\E6B09F83D13A0D04883D3D4860BFFB75\130.0.396
 * C:\Windows\Installer\$PatchCache$\Managed\E807A14A6EB3165458D54420C7C10F8F
 * C:\Windows\Installer\$PatchCache$\Managed\E807A14A6EB3165458D54420C7C10F8F\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\E888F0737A241194E943D74736E271BE
 * C:\Windows\Installer\$PatchCache$\Managed\E888F0737A241194E943D74736E271BE\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\E97A59ECCF4EFFF4A857920FB449F22F
 * C:\Windows\Installer\$PatchCache$\Managed\E97A59ECCF4EFFF4A857920FB449F22F\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\EC9BCB90B469ADB4EA645B0ABAFED1F3
 * C:\Windows\Installer\$PatchCache$\Managed\EC9BCB90B469ADB4EA645B0ABAFED1F3\1.0.0
 * C:\Windows\Installer\$PatchCache$\Managed\EEDB8CDDCACDD4042875E3D8B4874276
 * C:\Windows\Installer\$PatchCache$\Managed\EEDB8CDDCACDD4042875E3D8B4874276\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\EFEE0228DC83E77358593193D847A0EC
 * C:\Windows\Installer\$PatchCache$\Managed\EFEE0228DC83E77358593193D847A0EC\9.0.30729
 * C:\Windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571
 * C:\Windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\F1F913432FC79CC43B75A17E2DFFA35C
 * C:\Windows\Installer\$PatchCache$\Managed\F1F913432FC79CC43B75A17E2DFFA35C\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\F4E3B286A696ED244AC1C470AE61874B
 * C:\Windows\Installer\$PatchCache$\Managed\F4E3B286A696ED244AC1C470AE61874B\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\F9B7C1D7447288341B82C5578BCBCC48
 * C:\Windows\Installer\$PatchCache$\Managed\F9B7C1D7447288341B82C5578BCBCC48\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\FB3C816B2415036418DD9F86469FC7E7
 * C:\Windows\Installer\$PatchCache$\Managed\FB3C816B2415036418DD9F86469FC7E7\15.4.3502
 * C:\Windows\ServiceProfiles\LocalService\AppData
 * C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies
 * C:\Windows\ServiceProfiles\NetworkService\AppData
 * C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache
 * C:\Windows\System32\%APPDATA%
 * C:\Windows\System32\%APPDATA%\Microsoft
 * C:\Windows\System32\%APPDATA%\Microsoft\Windows
 * C:\Windows\System32\%APPDATA%\Microsoft\Windows\IETldCache
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\OQD7LE0C
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\PGXGO094
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\VWRG29WB
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\W7Z1G1Z9
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27GRU6AO
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K77AQ2R6
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NBK63I9H
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVPQE03P
 * C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache
 * C:\Windows\System32\Windows Services
 * C:\Windows\system64\%APPDATA%
 * C:\Windows\system64\%APPDATA%\Microsoft
 * C:\Windows\system64\%APPDATA%\Microsoft\Windows
 * C:\Windows\system64\%APPDATA%\Microsoft\Windows\IETldCache
 * C:\Windows\system64\config\systemprofile\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
 * C:\Windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History
 * C:\Windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
 * C:\Windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7F6PIM0P
 * C:\Windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AP0WMQ42
 * C:\Windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDD5FVQD
 * C:\Windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V8X2UBVF
 * C:\Windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache
 * C:\Windows\SysWOW64\%APPDATA%
 * C:\Windows\SysWOW64\%APPDATA%\Microsoft
 * C:\Windows\SysWOW64\%APPDATA%\Microsoft\Windows
 * C:\Windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\OQD7LE0C
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\PGXGO094
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\VWRG29WB
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\W7Z1G1Z9
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27GRU6AO
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K77AQ2R6
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NBK63I9H
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVPQE03P
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache
 * C:\Windows\SysWOW64\Windows Services
 * C:\Windows\winsxs\Temp\PendingDeletes

Finished scanning the C:\ drive. 345 hidden items found.

Scanning the D:\ drive

 * D:\$RECYCLE.BIN
 * D:\$RECYCLE.BIN\S-1-5-21-648195226-1108682552-4073600396-1000
 * D:\System Volume Information

Finished scanning the D:\ drive. 3 hidden items found.

Scanning the Q:\ drive


Finished scanning the Q:\ drive. 0 hidden items found.


Edited by BWyant, 10 January 2015 - 06:55 PM.


BC AdBot (Login to Remove)

 


#2 BWyant

BWyant
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 10 January 2015 - 06:50 PM

Might help if I said I was on Windows 7 on an Asus laptop....

 

Update - Went into Safe mode again and was able to run SuperAntiSpyware from HBCD. It found about 20 files. I don't have a log from the program. I also messed with one of the general credentials and deleted it. Now that I've restarted the computer and gone back to regular mode, it's returned - virtualapp/didlogical. Not sure what that is, but given the issues that I'm having with permissions, I wondered if that could somehow be involved. I was also able to delete the icon on my desktop using DeleteDoctor. I've still go the issue of being unable to run my regular programs (Spybot, MWB & HiJack This).

 

Here is the log from RKill.....

 

Program started at: 01/10/2015 07:27:36 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\SysWOW64\Windows Services\win32.exe (PID: 2736) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Backup Registry file created at:
 C:\Users\Brock\Desktop\rkill\rkill-01-10-2015-07-27-42.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

  * HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!


Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.

 * HOSTS file entries found:

  127.0.0.1    www.007guard.com
  127.0.0.1    007guard.com
  127.0.0.1    008i.com
  127.0.0.1    www.008k.com
  127.0.0.1    008k.com
  127.0.0.1    www.00hq.com
  127.0.0.1    00hq.com
  127.0.0.1    010402.com
  127.0.0.1    www.032439.com
  127.0.0.1    032439.com
  127.0.0.1    www.0scan.com
  127.0.0.1    0scan.com
  127.0.0.1    1000gratisproben.com
  127.0.0.1    www.1000gratisproben.com
  127.0.0.1    1001namen.com
  127.0.0.1    www.1001namen.com
  127.0.0.1    100888290cs.com
  127.0.0.1    www.100888290cs.com
  127.0.0.1    www.100sexlinks.com
  127.0.0.1    100sexlinks.com

  20 out of 15159 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 01/10/2015 07:27:59 PM
Execution time: 0 hours(s), 0 minute(s), and 22 seconds(s)


Edited by BWyant, 10 January 2015 - 08:35 PM.


#3 BWyant

BWyant
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 10 January 2015 - 09:06 PM

Making some progress... I apologize for multiple posts.

 

Anyway, I was able to download ADWCleaner and run that program. The log is below.

 

I was also able to DL MWB again after manually deleting the icons for it from my PC. After the download finished and I thought it was going to work out OK, I got the following message - Internal Error: Expression Error Runtime Error at 85:109. External Exception E06D7363. Don't know if that helps or not. If not, hopefully this log from ADWCleaner might....

 

***** [ Services ] *****

[#] Service Deleted : Viewpoint Manager Service

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Users\Brock\AppData\Roaming\Mozilla\Firefox\Profiles\6nfz5kgj.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[6nfz5kgj.default\prefs.js] - Line Deleted : user_pref("plugin.blocklisted.npviewpoint", true);

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [4184 octets] - [10/01/2015 19:44:19]
AdwCleaner[S0].txt - [4135 octets] - [10/01/2015 19:55:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4195 octets] ##########



#4 BWyant

BWyant
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 11 January 2015 - 01:03 PM

Booted up the computer this morning and got a pretty long error message.

 

Unsupported 16-bit Application....

The program or feature ??\C:\Windows\SysWow64\WindowsServices\win.32 cannot start or run due to incompatability with 64-bit versions of Windows. Please contact the software vendor to ask if a 64-bit Windows compatable version is available.

 

Here is the log from MiniToolBox.....

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Brock (administrator) on 10-01-2015 at 23:19:33
Running from "C:\Users\Brock\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com

There are 15139 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected)
Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="Local Area Connection" address=192.168.137.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Brock-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : launchmodem.com

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : launchmodem.com
   Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
   Physical Address. . . . . . . . . : E4-D5-3D-28-64-58
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::187a:7c8f:3088:814e%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.96(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, January 10, 2015 10:22:57 PM
   Lease Expires . . . . . . . . . . : Sunday, January 11, 2015 10:23:00 PM
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 316986685
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-73-09-E5-54-04-A6-4F-69-D8
   DNS Servers . . . . . . . . . . . : 192.168.1.254
                                       192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : 54-04-A6-4F-69-D8
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.launchmodem.com:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : launchmodem.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B39C127E-C589-418A-89FA-FDB4AF9E9996}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:1893:2164:3f57:fe9f(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1893:2164:3f57:fe9f%13(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  dslrouter
Address:  192.168.1.254

Name:    google.com
Addresses:  2607:f8b0:4002:c07::8b
      64.233.185.138
      64.233.185.100
      64.233.185.101
      64.233.185.139
      64.233.185.102
      64.233.185.113


Pinging google.com [64.233.185.138] with 32 bytes of data:
Reply from 64.233.185.138: bytes=32 time=93ms TTL=42
Reply from 64.233.185.138: bytes=32 time=74ms TTL=42

Ping statistics for 64.233.185.138:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 74ms, Maximum = 93ms, Average = 83ms
Server:  dslrouter
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  98.138.253.109
      206.190.36.45
      98.139.183.24


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=122ms TTL=47
Reply from 98.138.253.109: bytes=32 time=152ms TTL=47

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 122ms, Maximum = 152ms, Average = 137ms

Pinging 127.0.0.1 with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
===========================================================================
Interface List
 12...e4 d5 3d 28 64 58 ......Atheros AR9285 Wireless Network Adapter
 11...54 04 a6 4f 69 d8 ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.96     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.96    281
     192.168.1.96  255.255.255.255         On-link      192.168.1.96    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.96    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.96    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.96    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:9d38:6abd:1893:2164:3f57:fe9f/128
                                    On-link
 12    281 fe80::/64                On-link
 13    306 fe80::/64                On-link
 12    281 fe80::187a:7c8f:3088:814e/128
                                    On-link
 13    306 fe80::1893:2164:3f57:fe9f/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/10/2015 10:22:25 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.


Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (01/10/2015 09:07:30 PM) (Source: Application Hang) (User: )
Description: The program mbam-setup.tmp version 51.52.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: de4

Start Time: 01d02d4ba1c60a35

Termination Time: 15

Application Path: C:\Users\Brock\AppData\Local\Temp\is-7UQ89.tmp\mbam-setup.tmp

Report Id:

Error: (01/10/2015 08:21:01 PM) (Source: CVHSVC) (User: )
Description: Information only.
Click-2-Run package registration failure.

Error: (01/10/2015 07:48:16 PM) (Source: CVHSVC) (User: )
Description: Information only.
Click-2-Run package registration failure.

Error: (01/10/2015 07:37:25 PM) (Source: MsiInstaller) (User: Brock-PC)
Description: Product: HiJackThis -- Error 1706. An installation package for the product HiJackThis cannot be found. Try the installation again using a valid copy of the installation package 'HiJackThis(2).msi'.

Error: (01/10/2015 07:23:04 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/10/2015 07:23:04 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/10/2015 07:23:04 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/10/2015 07:23:04 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/10/2015 07:23:04 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)


System errors:
=============
Error: (01/10/2015 11:12:52 PM) (Source: ipnathlp) (User: )
Description:

Error: (01/10/2015 11:00:44 PM) (Source: ipnathlp) (User: )
Description:

Error: (01/10/2015 10:35:16 PM) (Source: ipnathlp) (User: )
Description:

Error: (01/10/2015 10:25:14 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%-2147024891

Error: (01/10/2015 10:23:09 PM) (Source: ipnathlp) (User: )
Description:

Error: (01/10/2015 10:22:12 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/10/2015 10:22:12 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/10/2015 10:22:12 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/10/2015 10:19:16 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/10/2015 10:19:16 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (01/10/2015 10:22:25 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (01/10/2015 09:07:30 PM) (Source: Application Hang)(User: )
Description: mbam-setup.tmp51.52.0.0de401d02d4ba1c60a3515C:\Users\Brock\AppData\Local\Temp\is-7UQ89.tmp\mbam-setup.tmp

Error: (01/10/2015 08:21:01 PM) (Source: CVHSVC)(User: )
Description: Click-2-Run package registration failure.

Error: (01/10/2015 07:48:16 PM) (Source: CVHSVC)(User: )
Description: Click-2-Run package registration failure.

Error: (01/10/2015 07:37:25 PM) (Source: MsiInstaller)(User: Brock-PC)
Description: Product: HiJackThis -- Error 1706. An installation package for the product HiJackThis cannot be found. Try the installation again using a valid copy of the installation package 'HiJackThis(2).msi'.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/10/2015 07:23:04 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (01/10/2015 07:23:04 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/10/2015 07:23:04 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/10/2015 07:23:04 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/10/2015 07:23:04 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer



=========================== Installed Programs ============================
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.6.602.171 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
AIM 6 (HKLM-x32\...\AIM_6) (Version:  - )
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.4.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.29 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version:  - )
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.7.142 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0015 - ASUS)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C309n-s (x32 Version: 130.0.396.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2926 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1126 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
ETDWare PS/2-X64 8.0.5.1_WHQL (HKLM\...\Elantech) (Version: 8.0.5.1 - ELAN Microelectronic Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
Fax (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 25.0.1364.152 - Google Inc.)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7520 series Help (HKLM-x32\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 7520 series Product Improvement Study (HKLM\...\{16B872EE-C458-41BD-BEAE-52758A3F3168}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart Prem-Web  C309n-s All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{C84038D7-AB95-478F-85A9-2448CFFF94E4}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.2.0 - ASUS)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Compatibility Toolkit 5.6 (HKLM-x32\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL Inc.) Hidden
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL LLC) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.8 - )
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
PS_AIO_06_C309n-s_SW_Min (x32 Version: 130.0.396.000 - Hewlett-Packard) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6454 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (HKLM-x32\...\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}) (Version: 1.6.5.17120 - Synaptics Inc.)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
WD SmartWare (HKLM\...\{9BAC619B-B811-4318-8C27-B11DDF3F1719}) (Version: 1.1.0.2 - Western Digital)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ???? (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ??? (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ??? (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ??? (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
WinRAR 4.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
WinRAR 4.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS)

========================= Devices: ================================

Name: Photosmart Prem-Web C309n-s
Description: Photosmart Prem-Web C309n-s
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart Prem-Web C309n-s
Description: Photosmart Prem-Web C309n-s
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 6048.13 MB
Available physical RAM: 4238.69 MB
Total Pagefile: 12046.3 MB
Available Pagefile: 9996.54 MB
Total Virtual: 4095.88 MB
Available Virtual: 3975.55 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:65.04 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:153.85 GB) (Free:153.76 GB) NTFS

========================= Users: ========================================

User accounts for \\BROCK-PC

Administrator            Brock                    Extra Admin              
Guest                    

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

12-12-2014 09:00:14 Windows Update
14-12-2014 09:00:12 Windows Update
18-12-2014 09:00:17 Windows Update
28-12-2014 20:52:25 Scheduled Checkpoint
29-12-2014 01:15:48 Windows Update
02-01-2015 07:35:26 Windows Update
06-01-2015 10:40:32 Windows Update
09-01-2015 10:52:48 Windows Update

**** End of log ****



#5 BWyant

BWyant
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 11 January 2015 - 01:04 PM

And here is the log from Farbar....

 

Farbar Service Scanner Version: 21-07-2014
Ran by Brock (administrator) on 10-01-2015 at 23:16:30
Running from "C:\Users\Brock\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Destination is unreachable
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****



#6 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:09:34 PM

Posted 28 January 2015 - 09:19 AM

I would post a thread following this guide as we (people in this section) aren't really able to provide help past running the tools you have blocked.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#7 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:34 AM

Posted 28 January 2015 - 02:36 PM

Hello,
 
We will be helping you with your problems. Please be patient while we assist you.
 
Some points for you to keep in mind while we are helping you to make things go easier and faster for both of us:
 

  • Please do NOT run, install or uninstall any programs,  unless instructed to do so.
    We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

 
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.
 
NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
- Do NOT backup any unknown files ending in .exe, .com, .scr, .pif, and .bat since files of these types are more likely to be infected.
 
NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to  
 
For Win 7 and Vista: "Windows Orb"> Programs > Accessories > Notepad
For Win XP: Start Menu > All Programs > Accessories > Notepad.
 
Please remember to copy the entire post so you do not miss any instructions.
 
----------------------------------------------
 
Please do the following:
 
:step1:
 
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.  
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Under Objects to scan, check the boxes next to Verify file digital signatures, Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the full contents of that file in your next reply. - If the log is too long, then split it into multiple posts.

 


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#8 BWyant

BWyant
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 01 February 2015 - 12:25 AM

#1 - I apologize for the delay in getting back to this.

 

#2 - Only one detection.... \Device\Harddisk0\Dr0 .... Marked as "suspiscious." There was no "cure" button.

 

#3 - Here is the log file. I wish you luck and applaud your intelligence in being able to comprehend that mess.

 

23:03:46.0588 0xafb0  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
23:03:48.0888 0xafb0  ============================================================
23:03:48.0888 0xafb0  Current date / time: 2015/01/31 23:03:48.0888
23:03:48.0888 0xafb0  SystemInfo:
23:03:48.0888 0xafb0  
23:03:48.0888 0xafb0  OS Version: 6.1.7601 ServicePack: 1.0
23:03:48.0888 0xafb0  Product type: Workstation
23:03:48.0888 0xafb0  ComputerName: BROCK-PC
23:03:48.0888 0xafb0  UserName: Brock
23:03:48.0888 0xafb0  Windows directory: C:\Windows
23:03:48.0888 0xafb0  System windows directory: C:\Windows
23:03:48.0888 0xafb0  Running under WOW64
23:03:48.0888 0xafb0  Processor architecture: Intel x64
23:03:48.0888 0xafb0  Number of processors: 4
23:03:48.0888 0xafb0  Page size: 0x1000
23:03:48.0888 0xafb0  Boot type: Normal boot
23:03:48.0888 0xafb0  ============================================================
23:03:49.0138 0xafb0  KLMD registered as C:\Windows\system32\drivers\99549162.sys
23:03:49.0478 0xafb0  System UUID: {FF24B48E-FE1A-DCC5-3CBF-F15A0C5E1B44}
23:03:50.0308 0xafb0  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:03:50.0318 0xafb0  ============================================================
23:03:50.0318 0xafb0  \Device\Harddisk0\DR0:
23:03:50.0318 0xafb0  MBR partitions:
23:03:50.0318 0xafb0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0xEE79000
23:03:50.0318 0xafb0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12079800, BlocksNum 0x133B4800
23:03:50.0318 0xafb0  ============================================================
23:03:50.0378 0xafb0  C: <-> \Device\Harddisk0\DR0\Partition1
23:03:50.0428 0xafb0  D: <-> \Device\Harddisk0\DR0\Partition2
23:03:50.0428 0xafb0  ============================================================
23:03:50.0428 0xafb0  Initialize success
23:03:50.0428 0xafb0  ============================================================
23:08:26.0206 0xbd58  ============================================================
23:08:26.0206 0xbd58  Scan started
23:08:26.0206 0xbd58  Mode: Manual; SigCheck; TDLFS;
23:08:26.0206 0xbd58  ============================================================
23:08:26.0206 0xbd58  KSN ping started
23:08:29.0306 0xbd58  KSN ping finished: true
23:08:30.0286 0xbd58  ================ Scan system memory ========================
23:08:30.0286 0xbd58  System memory - ok
23:08:30.0286 0xbd58  ================ Scan services =============================
23:08:30.0376 0xbd58  [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
23:08:30.0476 0xbd58  !SASCORE - ok
23:08:30.0706 0xbd58  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:08:30.0826 0xbd58  1394ohci - ok
23:08:30.0876 0xbd58  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:08:30.0946 0xbd58  ACPI - ok
23:08:30.0976 0xbd58  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:08:31.0086 0xbd58  AcpiPmi - ok
23:08:31.0256 0xbd58  [ A2A9C100FE1BE20A76C0B80D4CA44103, C34B4A31C8563E29EC6A3D318C40075F43C891C23D156F53EE2102C959B7887F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:08:31.0296 0xbd58  AdobeFlashPlayerUpdateSvc - ok
23:08:31.0376 0xbd58  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
23:08:31.0446 0xbd58  adp94xx - ok
23:08:31.0516 0xbd58  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
23:08:31.0576 0xbd58  adpahci - ok
23:08:31.0606 0xbd58  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
23:08:31.0646 0xbd58  adpu320 - ok
23:08:31.0696 0xbd58  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:08:31.0956 0xbd58  AeLookupSvc - ok
23:08:32.0026 0xbd58  [ 69FD46FAC0D9C4A8ECD522AC6A7481F5, 048FA3F77423D43346A35F142DBD0ACEC190F5E68F79960856C325B3CA7DD6C9 ] AFBAgent        C:\Windows\system32\FBAgent.exe
23:08:32.0116 0xbd58  AFBAgent - ok
23:08:32.0196 0xbd58  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
23:08:32.0306 0xbd58  AFD - ok
23:08:32.0336 0xbd58  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
23:08:32.0366 0xbd58  agp440 - ok
23:08:32.0406 0xbd58  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
23:08:32.0496 0xbd58  ALG - ok
23:08:32.0546 0xbd58  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:08:32.0576 0xbd58  aliide - ok
23:08:32.0606 0xbd58  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
23:08:32.0626 0xbd58  amdide - ok
23:08:32.0666 0xbd58  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
23:08:32.0746 0xbd58  AmdK8 - ok
23:08:32.0806 0xbd58  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
23:08:32.0856 0xbd58  AmdPPM - ok
23:08:32.0886 0xbd58  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:08:32.0916 0xbd58  amdsata - ok
23:08:32.0956 0xbd58  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
23:08:32.0996 0xbd58  amdsbs - ok
23:08:33.0026 0xbd58  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:08:33.0046 0xbd58  amdxata - ok
23:08:33.0196 0xbd58  [ 85180CF88C5EBAD73B452A43A004CA51, 24D25495DC21293FC1F37EE7E7C2A4725E66D3D25BE05D7EDF4BB4F444C65526 ] AOL ACS         C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
23:08:33.0236 0xbd58  AOL ACS - ok
23:08:33.0286 0xbd58  [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID           C:\Windows\system32\drivers\appid.sys
23:08:33.0346 0xbd58  AppID - ok
23:08:33.0366 0xbd58  [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:08:33.0406 0xbd58  AppIDSvc - ok
23:08:33.0446 0xbd58  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
23:08:33.0516 0xbd58  Appinfo - ok
23:08:33.0566 0xbd58  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
23:08:33.0596 0xbd58  arc - ok
23:08:33.0626 0xbd58  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:08:33.0656 0xbd58  arcsas - ok
23:08:33.0756 0xbd58  [ A3626C6D3F2DC95497F3F61842D7FD89, BB95BAFD3BE22136595D889DADAD67C68ACE6A6EAB02B026C254D97C9E9F2E62 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
23:08:33.0786 0xbd58  ASLDRService - ok
23:08:33.0806 0xbd58  [ 4C016FD76ED5C05E84CA8CAB77993961, 025E7BE9FCEFD6A83F4471BBA0C11F1C11BD5047047D26626DA24EE9A419CDC4 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
23:08:33.0816 0xbd58  ASMMAP64 - ok
23:08:33.0866 0xbd58  [ 8569AF4C73747671194EA9EBB2F2D6CF, 121E7FC8C7E22CC7D27DCBD3988608C806D36ADE3753A36AA2DA48B07AD1BBFA ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
23:08:33.0936 0xbd58  asmthub3 - ok
23:08:33.0986 0xbd58  [ 073716FBFFAC7057CD5FF00A1B558331, B9EDB17A98CA4C5B217F56D012133F0B292AB484217B8F231E07367574110EB8 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
23:08:34.0096 0xbd58  asmtxhci - ok
23:08:34.0206 0xbd58  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:08:34.0246 0xbd58  aspnet_state - ok
23:08:34.0346 0xbd58  [ 52436245AAEF3B65DF7859949AB6A14E, F132E47ABB34A2D9FB7C9331DE6397F2F36BD23F6695B351AF4ED10B91F7244D ] ASUS InstantOn  C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
23:08:34.0396 0xbd58  ASUS InstantOn - ok
23:08:34.0436 0xbd58  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:08:34.0546 0xbd58  AsyncMac - ok
23:08:34.0586 0xbd58  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
23:08:34.0616 0xbd58  atapi - ok
23:08:34.0836 0xbd58  [ B4174564AD5834A1680610572477878C, EA8687C90FE871AA427B4139BEE425E6DC4CFBC4CF3DCE29695EB9B967D9872F ] athr            C:\Windows\system32\DRIVERS\athrx.sys
23:08:35.0146 0xbd58  athr - ok
23:08:35.0196 0xbd58  [ DBC598E47E7A382E60E2A4745D41FEF9, A810AC197CA456B0285E2CAE6986D38B31F4ADA32BEB47EC7A48A2B2196BA639 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
23:08:35.0216 0xbd58  ATKGFNEXSrv - ok
23:08:35.0256 0xbd58  [ 41CEAFFCF3550785E59E3EC9BEE8D97A, 89FE604088B65B82AA794E1DA8429033CD2F05FFB2D7EFAAC7B967C7A83D1B1E ] ATKWMIACPIIO_   C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
23:08:35.0276 0xbd58  ATKWMIACPIIO_ - ok
23:08:35.0356 0xbd58  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:08:35.0476 0xbd58  AudioEndpointBuilder - ok
23:08:35.0526 0xbd58  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:08:35.0596 0xbd58  AudioSrv - ok
23:08:35.0666 0xbd58  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:08:35.0796 0xbd58  AxInstSV - ok
23:08:35.0856 0xbd58  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
23:08:35.0956 0xbd58  b06bdrv - ok
23:08:35.0997 0xbd58  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:08:36.0075 0xbd58  b57nd60a - ok
23:08:36.0138 0xbd58  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:08:36.0216 0xbd58  BDESVC - ok
23:08:36.0231 0xbd58  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:08:36.0325 0xbd58  Beep - ok
23:08:36.0418 0xbd58  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
23:08:36.0559 0xbd58  BFE - ok
23:08:36.0637 0xbd58  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
23:08:36.0840 0xbd58  BITS - ok
23:08:36.0886 0xbd58  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:08:36.0949 0xbd58  blbdrive - ok
23:08:36.0996 0xbd58  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:08:37.0027 0xbd58  bowser - ok
23:08:37.0058 0xbd58  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
23:08:37.0136 0xbd58  BrFiltLo - ok
23:08:37.0152 0xbd58  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
23:08:37.0198 0xbd58  BrFiltUp - ok
23:08:37.0245 0xbd58  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
23:08:37.0323 0xbd58  Browser - ok
23:08:37.0370 0xbd58  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:08:37.0464 0xbd58  Brserid - ok
23:08:37.0479 0xbd58  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:08:37.0526 0xbd58  BrSerWdm - ok
23:08:37.0573 0xbd58  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:08:37.0620 0xbd58  BrUsbMdm - ok
23:08:37.0651 0xbd58  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:08:37.0682 0xbd58  BrUsbSer - ok
23:08:37.0744 0xbd58  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
23:08:37.0807 0xbd58  BthEnum - ok
23:08:37.0869 0xbd58  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
23:08:37.0916 0xbd58  BTHMODEM - ok
23:08:37.0947 0xbd58  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
23:08:38.0010 0xbd58  BthPan - ok
23:08:38.0088 0xbd58  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
23:08:38.0181 0xbd58  BTHPORT - ok
23:08:38.0244 0xbd58  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
23:08:38.0353 0xbd58  bthserv - ok
23:08:38.0384 0xbd58  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
23:08:38.0431 0xbd58  BTHUSB - ok
23:08:38.0478 0xbd58  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:08:38.0587 0xbd58  cdfs - ok
23:08:38.0665 0xbd58  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:08:38.0696 0xbd58  cdrom - ok
23:08:38.0790 0xbd58  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
23:08:38.0899 0xbd58  CertPropSvc - ok
23:08:38.0946 0xbd58  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
23:08:38.0992 0xbd58  circlass - ok
23:08:39.0039 0xbd58  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
23:08:39.0102 0xbd58  CLFS - ok
23:08:39.0351 0xbd58  [ 7E526C5B4DD233EBCF1EA3EC211E2913, 9DC99F18454001AF5462C773C174E2D6E503316550C7E9D7824E9CBC503FCA3B ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
23:08:39.0601 0xbd58  ClickToRunSvc - ok
23:08:39.0679 0xbd58  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:08:39.0710 0xbd58  clr_optimization_v2.0.50727_32 - ok
23:08:39.0757 0xbd58  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:08:39.0788 0xbd58  clr_optimization_v2.0.50727_64 - ok
23:08:39.0882 0xbd58  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:08:39.0913 0xbd58  clr_optimization_v4.0.30319_32 - ok
23:08:39.0960 0xbd58  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:08:39.0991 0xbd58  clr_optimization_v4.0.30319_64 - ok
23:08:40.0022 0xbd58  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:08:40.0069 0xbd58  CmBatt - ok
23:08:40.0100 0xbd58  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:08:40.0131 0xbd58  cmdide - ok
23:08:40.0209 0xbd58  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
23:08:40.0303 0xbd58  CNG - ok
23:08:40.0350 0xbd58  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
23:08:40.0381 0xbd58  Compbatt - ok
23:08:40.0396 0xbd58  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
23:08:40.0459 0xbd58  CompositeBus - ok
23:08:40.0474 0xbd58  COMSysApp - ok
23:08:40.0506 0xbd58  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
23:08:40.0521 0xbd58  crcdisk - ok
23:08:40.0599 0xbd58  [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:08:40.0677 0xbd58  CryptSvc - ok
23:08:40.0802 0xbd58  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:08:40.0896 0xbd58  cvhsvc - ok
23:08:40.0989 0xbd58  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:08:41.0629 0xbd58  DcomLaunch - ok
23:08:41.0691 0xbd58  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
23:08:41.0800 0xbd58  defragsvc - ok
23:08:41.0847 0xbd58  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:08:41.0941 0xbd58  DfsC - ok
23:08:42.0003 0xbd58  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:08:42.0081 0xbd58  Dhcp - ok
23:08:42.0112 0xbd58  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
23:08:42.0206 0xbd58  discache - ok
23:08:42.0253 0xbd58  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
23:08:42.0268 0xbd58  Disk - ok
23:08:42.0331 0xbd58  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:08:42.0409 0xbd58  Dnscache - ok
23:08:42.0440 0xbd58  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:08:42.0580 0xbd58  dot3svc - ok
23:08:42.0612 0xbd58  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
23:08:42.0721 0xbd58  DPS - ok
23:08:42.0783 0xbd58  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:08:42.0846 0xbd58  drmkaud - ok
23:08:42.0939 0xbd58  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:08:43.0033 0xbd58  DXGKrnl - ok
23:08:43.0080 0xbd58  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
23:08:43.0189 0xbd58  EapHost - ok
23:08:43.0485 0xbd58  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
23:08:43.0766 0xbd58  ebdrv - ok
23:08:43.0813 0xbd58  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
23:08:43.0875 0xbd58  EFS - ok
23:08:43.0984 0xbd58  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:08:44.0094 0xbd58  ehRecvr - ok
23:08:44.0125 0xbd58  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
23:08:44.0172 0xbd58  ehSched - ok
23:08:44.0281 0xbd58  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
23:08:44.0359 0xbd58  elxstor - ok
23:08:44.0390 0xbd58  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:08:44.0437 0xbd58  ErrDev - ok
23:08:44.0499 0xbd58  [ 4C120D2B2EA269EAE7A5744794EB6DB1, 11CD724908CB6327E4E8CFBC908B090AFC33B929FF0DBDC08D8368771E4AA0C9 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
23:08:44.0530 0xbd58  ETD - ok
23:08:44.0593 0xbd58  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
23:08:44.0749 0xbd58  EventSystem - ok
23:08:44.0796 0xbd58  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
23:08:44.0889 0xbd58  exfat - ok
23:08:44.0936 0xbd58  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:08:45.0061 0xbd58  fastfat - ok
23:08:45.0139 0xbd58  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
23:08:45.0264 0xbd58  Fax - ok
23:08:45.0279 0xbd58  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
23:08:45.0310 0xbd58  fdc - ok
23:08:45.0357 0xbd58  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
23:08:45.0466 0xbd58  fdPHost - ok
23:08:45.0482 0xbd58  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:08:45.0591 0xbd58  FDResPub - ok
23:08:45.0638 0xbd58  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:08:45.0669 0xbd58  FileInfo - ok
23:08:45.0685 0xbd58  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:08:45.0794 0xbd58  Filetrace - ok
23:08:45.0810 0xbd58  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
23:08:45.0856 0xbd58  flpydisk - ok
23:08:45.0903 0xbd58  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:08:45.0981 0xbd58  FltMgr - ok
23:08:46.0137 0xbd58  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
23:08:46.0324 0xbd58  FontCache - ok
23:08:46.0371 0xbd58  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:08:46.0402 0xbd58  FontCache3.0.0.0 - ok
23:08:46.0434 0xbd58  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:08:46.0465 0xbd58  FsDepends - ok
23:08:46.0527 0xbd58  [ DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC, 7022722FA38E81F6F4D0EF9F0FBEDD27C09A238B5246A3C36AEAAC11FF76FE07 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
23:08:46.0543 0xbd58  fssfltr - ok
23:08:46.0714 0xbd58  [ 40CDFAD174B3D5E80F95DDA003C0B97F, 2DA149CE42B87681ECDCC8905D0957443F430A9C7002FF78F22A95F9112A7C4C ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
23:08:46.0870 0xbd58  fsssvc - ok
23:08:46.0917 0xbd58  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:08:46.0933 0xbd58  Fs_Rec - ok
23:08:46.0995 0xbd58  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:08:47.0058 0xbd58  fvevol - ok
23:08:47.0104 0xbd58  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:08:47.0136 0xbd58  gagp30kx - ok
23:08:47.0229 0xbd58  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:08:47.0432 0xbd58  gpsvc - ok
23:08:47.0463 0xbd58  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:08:47.0526 0xbd58  hcw85cir - ok
23:08:47.0588 0xbd58  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:08:47.0682 0xbd58  HdAudAddService - ok
23:08:47.0728 0xbd58  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:08:47.0822 0xbd58  HDAudBus - ok
23:08:47.0853 0xbd58  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
23:08:47.0884 0xbd58  HidBatt - ok
23:08:47.0916 0xbd58  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:08:47.0978 0xbd58  HidBth - ok
23:08:48.0009 0xbd58  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
23:08:48.0056 0xbd58  HidIr - ok
23:08:48.0087 0xbd58  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
23:08:48.0181 0xbd58  hidserv - ok
23:08:48.0228 0xbd58  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
23:08:48.0274 0xbd58  HidUsb - ok
23:08:48.0306 0xbd58  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:08:48.0415 0xbd58  hkmsvc - ok
23:08:48.0462 0xbd58  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:08:48.0555 0xbd58  HomeGroupListener - ok
23:08:48.0602 0xbd58  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:08:48.0664 0xbd58  HomeGroupProvider - ok
23:08:48.0820 0xbd58  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05, 7B3F117C1D606DDA7623BEC0BFBC362C33A12213E899F049AC56A55826984134 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
23:08:48.0898 0xbd58  hpqcxs08 - detected UnsignedFile.Multi.Generic ( 1 )
23:08:51.0878 0xbd58  Detect skipped due to KSN trusted
23:08:51.0878 0xbd58  hpqcxs08 - ok
23:08:51.0925 0xbd58  [ F3F72A2A86C22610BCA5439FA789DD52, DA5A8F09DCC512AA1558863AD4FAC12F72DD83CA8FB4D8D9831E4AFBB6B3C616 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
23:08:51.0956 0xbd58  hpqddsvc - detected UnsignedFile.Multi.Generic ( 1 )
23:08:54.0748 0xbd58  Detect skipped due to KSN trusted
23:08:54.0748 0xbd58  hpqddsvc - ok
23:08:54.0811 0xbd58  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:08:54.0842 0xbd58  HpSAMD - ok
23:08:54.0982 0xbd58  [ F37882F128EFACEFE353E0BAE2766909, 2F9D21613500F092DFC0DB879180B549EE615D9B07408A5CC1A7F84663B2F47A ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
23:08:55.0107 0xbd58  HPSLPSVC - detected UnsignedFile.Multi.Generic ( 1 )
23:08:58.0321 0xbd58  Detect skipped due to KSN trusted
23:08:58.0321 0xbd58  HPSLPSVC - ok
23:08:58.0430 0xbd58  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:08:58.0586 0xbd58  HTTP - ok
23:08:58.0633 0xbd58  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:08:58.0648 0xbd58  hwpolicy - ok
23:08:58.0680 0xbd58  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:08:58.0711 0xbd58  i8042prt - ok
23:08:58.0789 0xbd58  [ 26CF4275034214ECEDD8EC17B0A18A99, 95A08C63971C28F1BC97040C0ADA247E3B43DE7D937B14E33A394B955D0AC8B7 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
23:08:58.0851 0xbd58  iaStor - ok
23:08:58.0914 0xbd58  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:08:58.0976 0xbd58  iaStorV - ok
23:08:59.0085 0xbd58  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:08:59.0194 0xbd58  idsvc - ok
23:08:59.0241 0xbd58  IEEtwCollectorService - ok
23:09:00.0130 0xbd58  [ 0089B53F1BEFD34B7D8CA4AB021335FA, AE2B32E05E166DBAFA602C38D9FF670A1A9E561D8E37E5C088E1519779AE8475 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
23:09:01.0191 0xbd58  igfx - ok
23:09:01.0269 0xbd58  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
23:09:01.0285 0xbd58  iirsp - ok
23:09:01.0378 0xbd58  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
23:09:01.0472 0xbd58  IKEEXT - ok
23:09:01.0753 0xbd58  [ 651972B4061F940DC154C6F7B948B76A, CF171B7A9AD3B906754E87E3A1EFB8B5ACD7E58E284797F0C90A9AB2ACFEA9CE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:09:01.0971 0xbd58  IntcAzAudAddService - ok
23:09:02.0065 0xbd58  [ AE594CC17C33AC146739494615E14851, 0E4FA415C1B4065083D761A458450FAE9C6A6EE6E49B3A598B43871D6F01B3EC ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
23:09:02.0143 0xbd58  IntcDAud - ok
23:09:02.0174 0xbd58  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:09:02.0190 0xbd58  intelide - ok
23:09:02.0221 0xbd58  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:09:02.0268 0xbd58  intelppm - ok
23:09:02.0314 0xbd58  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:09:02.0439 0xbd58  IPBusEnum - ok
23:09:02.0486 0xbd58  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:09:02.0595 0xbd58  IpFilterDriver - ok
23:09:02.0658 0xbd58  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:09:02.0782 0xbd58  iphlpsvc - ok
23:09:02.0798 0xbd58  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:09:02.0860 0xbd58  IPMIDRV - ok
23:09:02.0892 0xbd58  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:09:03.0001 0xbd58  IPNAT - ok
23:09:03.0048 0xbd58  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:09:03.0157 0xbd58  IRENUM - ok
23:09:03.0172 0xbd58  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:09:03.0204 0xbd58  isapnp - ok
23:09:03.0250 0xbd58  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:09:03.0328 0xbd58  iScsiPrt - ok
23:09:03.0360 0xbd58  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:09:03.0375 0xbd58  kbdclass - ok
23:09:03.0406 0xbd58  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
23:09:03.0469 0xbd58  kbdhid - ok
23:09:03.0516 0xbd58  [ E63EF8C3271D014F14E2469CE75FECB4, 3A8DFA4B446AFDC35F01FD5218D0BEBC510A1E3DE9976210F00D19767D0F9069 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
23:09:03.0547 0xbd58  kbfiltr - ok
23:09:03.0562 0xbd58  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
23:09:03.0594 0xbd58  KeyIso - ok
23:09:03.0640 0xbd58  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:09:03.0672 0xbd58  KSecDD - ok
23:09:03.0718 0xbd58  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:09:03.0750 0xbd58  KSecPkg - ok
23:09:03.0796 0xbd58  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:09:03.0906 0xbd58  ksthunk - ok
23:09:03.0984 0xbd58  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:09:04.0108 0xbd58  KtmRm - ok
23:09:04.0155 0xbd58  [ A4A9CA24E54E81C6C3E469EAEB4B3F42, FB6B72BF973EC2EE2D81AAAF47B030C0A5E7E7B079DAB257C52FEFC3F222CDC8 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
23:09:04.0186 0xbd58  L1C - ok
23:09:04.0233 0xbd58  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:09:04.0374 0xbd58  LanmanServer - ok
23:09:04.0420 0xbd58  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:09:04.0530 0xbd58  LanmanWorkstation - ok
23:09:04.0592 0xbd58  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:09:04.0701 0xbd58  lltdio - ok
23:09:04.0764 0xbd58  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:09:04.0920 0xbd58  lltdsvc - ok
23:09:04.0951 0xbd58  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:09:05.0060 0xbd58  lmhosts - ok
23:09:05.0154 0xbd58  [ 7F32D4C47A50E7223491E8FB9359907D, 6D3F59A8D006BED3234697933D09C8EE8F7A9F4A4196CFA878F8E8A929B24CE5 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
23:09:05.0232 0xbd58  LMS - ok
23:09:05.0278 0xbd58  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:09:05.0310 0xbd58  LSI_FC - ok
23:09:05.0341 0xbd58  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
23:09:05.0372 0xbd58  LSI_SAS - ok
23:09:05.0403 0xbd58  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
23:09:05.0434 0xbd58  LSI_SAS2 - ok
23:09:05.0450 0xbd58  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:09:05.0481 0xbd58  LSI_SCSI - ok
23:09:05.0512 0xbd58  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
23:09:05.0622 0xbd58  luafv - ok
23:09:05.0715 0xbd58  [ 3540DDFAC8A076B983F86EB2A79D8FBD, 3BFAEB3A4C3AA8D4E7A085D1686E6392AECC4F53CBCF33D6FF7235473C7CF96C ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
23:09:05.0746 0xbd58  mbamchameleon - ok
23:09:05.0778 0xbd58  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:09:05.0809 0xbd58  Mcx2Svc - ok
23:09:05.0840 0xbd58  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
23:09:05.0856 0xbd58  megasas - ok
23:09:05.0887 0xbd58  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
23:09:05.0965 0xbd58  MegaSR - ok
23:09:06.0012 0xbd58  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
23:09:06.0043 0xbd58  MEIx64 - ok
23:09:06.0074 0xbd58  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
23:09:06.0183 0xbd58  MMCSS - ok
23:09:06.0199 0xbd58  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
23:09:06.0308 0xbd58  Modem - ok
23:09:06.0339 0xbd58  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:09:06.0386 0xbd58  monitor - ok
23:09:06.0433 0xbd58  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:09:06.0448 0xbd58  mouclass - ok
23:09:06.0480 0xbd58  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
23:09:06.0511 0xbd58  mouhid - ok
23:09:06.0542 0xbd58  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:09:06.0573 0xbd58  mountmgr - ok
23:09:06.0667 0xbd58  [ B4E9C7383A705628AD491CF0F87D901F, 5C0CD7133D4F5B1E0466CDB2A2210ECA57206A8BC41F37BC6324120AE5501C70 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:09:06.0698 0xbd58  MozillaMaintenance - ok
23:09:06.0729 0xbd58  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:09:06.0760 0xbd58  mpio - ok
23:09:06.0807 0xbd58  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:09:06.0901 0xbd58  mpsdrv - ok
23:09:06.0979 0xbd58  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:09:07.0166 0xbd58  MpsSvc - ok
23:09:07.0213 0xbd58  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:09:07.0275 0xbd58  MRxDAV - ok
23:09:07.0306 0xbd58  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:09:07.0369 0xbd58  mrxsmb - ok
23:09:07.0416 0xbd58  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:09:07.0494 0xbd58  mrxsmb10 - ok
23:09:07.0540 0xbd58  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:09:07.0587 0xbd58  mrxsmb20 - ok
23:09:07.0618 0xbd58  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:09:07.0650 0xbd58  msahci - ok
23:09:07.0681 0xbd58  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:09:07.0712 0xbd58  msdsm - ok
23:09:07.0759 0xbd58  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
23:09:07.0806 0xbd58  MSDTC - ok
23:09:07.0852 0xbd58  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:09:07.0946 0xbd58  Msfs - ok
23:09:07.0977 0xbd58  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:09:08.0086 0xbd58  mshidkmdf - ok
23:09:08.0118 0xbd58  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:09:08.0133 0xbd58  msisadrv - ok
23:09:08.0180 0xbd58  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:09:08.0289 0xbd58  MSiSCSI - ok
23:09:08.0289 0xbd58  msiserver - ok
23:09:08.0320 0xbd58  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:09:08.0414 0xbd58  MSKSSRV - ok
23:09:08.0445 0xbd58  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:09:08.0554 0xbd58  MSPCLOCK - ok
23:09:08.0586 0xbd58  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:09:08.0679 0xbd58  MSPQM - ok
23:09:08.0742 0xbd58  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:09:08.0820 0xbd58  MsRPC - ok
23:09:08.0835 0xbd58  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:09:08.0866 0xbd58  mssmbios - ok
23:09:08.0882 0xbd58  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:09:08.0991 0xbd58  MSTEE - ok
23:09:09.0022 0xbd58  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
23:09:09.0069 0xbd58  MTConfig - ok
23:09:09.0100 0xbd58  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
23:09:09.0132 0xbd58  Mup - ok
23:09:09.0194 0xbd58  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
23:09:09.0350 0xbd58  napagent - ok
23:09:09.0428 0xbd58  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:09:09.0522 0xbd58  NativeWifiP - ok
23:09:09.0631 0xbd58  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:09:09.0756 0xbd58  NDIS - ok
23:09:09.0802 0xbd58  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:09:09.0912 0xbd58  NdisCap - ok
23:09:09.0958 0xbd58  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:09:10.0052 0xbd58  NdisTapi - ok
23:09:10.0083 0xbd58  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:09:10.0177 0xbd58  Ndisuio - ok
23:09:10.0208 0xbd58  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:09:10.0317 0xbd58  NdisWan - ok
23:09:10.0348 0xbd58  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:09:10.0442 0xbd58  NDProxy - ok
23:09:10.0489 0xbd58  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
23:09:10.0536 0xbd58  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
23:09:13.0640 0xbd58  Detect skipped due to KSN trusted
23:09:13.0640 0xbd58  Net Driver HPZ12 - ok
23:09:13.0702 0xbd58  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:09:13.0796 0xbd58  NetBIOS - ok
23:09:13.0843 0xbd58  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:09:13.0968 0xbd58  NetBT - ok
23:09:13.0999 0xbd58  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
23:09:14.0014 0xbd58  Netlogon - ok
23:09:14.0077 0xbd58  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
23:09:14.0217 0xbd58  Netman - ok
23:09:14.0264 0xbd58  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:09:14.0295 0xbd58  NetMsmqActivator - ok
23:09:14.0326 0xbd58  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:09:14.0358 0xbd58  NetPipeActivator - ok
23:09:14.0420 0xbd58  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
23:09:14.0560 0xbd58  netprofm - ok
23:09:14.0576 0xbd58  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:09:14.0623 0xbd58  NetTcpActivator - ok
23:09:14.0638 0xbd58  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:09:14.0670 0xbd58  NetTcpPortSharing - ok
23:09:14.0701 0xbd58  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
23:09:14.0732 0xbd58  nfrd960 - ok
23:09:14.0779 0xbd58  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:09:14.0888 0xbd58  NlaSvc - ok
23:09:14.0919 0xbd58  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:09:15.0013 0xbd58  Npfs - ok
23:09:15.0044 0xbd58  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
23:09:15.0153 0xbd58  nsi - ok
23:09:15.0169 0xbd58  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:09:15.0262 0xbd58  nsiproxy - ok
23:09:15.0418 0xbd58  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:09:15.0590 0xbd58  Ntfs - ok
23:09:15.0621 0xbd58  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
23:09:15.0730 0xbd58  Null - ok
23:09:15.0762 0xbd58  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:09:15.0808 0xbd58  nvraid - ok
23:09:15.0840 0xbd58  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:09:15.0871 0xbd58  nvstor - ok
23:09:15.0918 0xbd58  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:09:15.0949 0xbd58  nv_agp - ok
23:09:15.0964 0xbd58  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:09:15.0996 0xbd58  ohci1394 - ok
23:09:16.0058 0xbd58  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:09:16.0089 0xbd58  ose - ok
23:09:16.0542 0xbd58  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:09:17.0025 0xbd58  osppsvc - ok
23:09:17.0119 0xbd58  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:09:17.0228 0xbd58  p2pimsvc - ok
23:09:17.0275 0xbd58  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
23:09:17.0353 0xbd58  p2psvc - ok
23:09:17.0400 0xbd58  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
23:09:17.0446 0xbd58  Parport - ok
23:09:17.0493 0xbd58  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:09:17.0524 0xbd58  partmgr - ok
23:09:17.0571 0xbd58  [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:09:17.0649 0xbd58  PcaSvc - ok
23:09:17.0680 0xbd58  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
23:09:17.0712 0xbd58  pci - ok
23:09:17.0758 0xbd58  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
23:09:17.0790 0xbd58  pciide - ok
23:09:17.0821 0xbd58  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:09:17.0868 0xbd58  pcmcia - ok
23:09:17.0899 0xbd58  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:09:17.0914 0xbd58  pcw - ok
23:09:17.0992 0xbd58  [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:09:18.0086 0xbd58  PEAUTH - ok
23:09:18.0211 0xbd58  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:09:18.0273 0xbd58  PerfHost - ok
23:09:18.0414 0xbd58  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
23:09:18.0632 0xbd58  pla - ok
23:09:18.0710 0xbd58  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:09:18.0804 0xbd58  PlugPlay - ok
23:09:18.0850 0xbd58  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
23:09:18.0866 0xbd58  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
23:09:25.0839 0xbd58  Detect skipped due to KSN trusted
23:09:25.0839 0xbd58  Pml Driver HPZ12 - ok
23:09:25.0980 0xbd58  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:09:26.0026 0xbd58  PNRPAutoReg - ok
23:09:26.0073 0xbd58  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:09:26.0136 0xbd58  PNRPsvc - ok
23:09:26.0214 0xbd58  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:09:26.0354 0xbd58  PolicyAgent - ok
23:09:26.0385 0xbd58  PortTalk - ok
23:09:26.0432 0xbd58  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
23:09:26.0557 0xbd58  Power - ok
23:09:26.0604 0xbd58  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:09:26.0713 0xbd58  PptpMiniport - ok
23:09:26.0760 0xbd58  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
23:09:26.0791 0xbd58  Processor - ok
23:09:26.0838 0xbd58  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:09:26.0900 0xbd58  ProfSvc - ok
23:09:26.0916 0xbd58  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:09:26.0947 0xbd58  ProtectedStorage - ok
23:09:26.0978 0xbd58  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:09:27.0087 0xbd58  Psched - ok
23:09:27.0228 0xbd58  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:09:27.0399 0xbd58  ql2300 - ok
23:09:27.0446 0xbd58  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:09:27.0477 0xbd58  ql40xx - ok
23:09:27.0524 0xbd58  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
23:09:27.0602 0xbd58  QWAVE - ok
23:09:27.0618 0xbd58  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:09:27.0680 0xbd58  QWAVEdrv - ok
23:09:27.0696 0xbd58  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:09:27.0789 0xbd58  RasAcd - ok
23:09:27.0836 0xbd58  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:09:27.0945 0xbd58  RasAgileVpn - ok
23:09:27.0992 0xbd58  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
23:09:28.0101 0xbd58  RasAuto - ok
23:09:28.0132 0xbd58  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:09:28.0242 0xbd58  Rasl2tp - ok
23:09:28.0320 0xbd58  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
23:09:28.0444 0xbd58  RasMan - ok
23:09:28.0476 0xbd58  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:09:28.0585 0xbd58  RasPppoe - ok
23:09:28.0632 0xbd58  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:09:28.0772 0xbd58  RasSstp - ok
23:09:28.0819 0xbd58  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:09:28.0959 0xbd58  rdbss - ok
23:09:29.0006 0xbd58  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
23:09:29.0053 0xbd58  rdpbus - ok
23:09:29.0068 0xbd58  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:09:29.0162 0xbd58  RDPCDD - ok
23:09:29.0193 0xbd58  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:09:29.0287 0xbd58  RDPENCDD - ok
23:09:29.0302 0xbd58  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:09:29.0396 0xbd58  RDPREFMP - ok
23:09:29.0458 0xbd58  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:09:29.0505 0xbd58  RDPWD - ok
23:09:29.0568 0xbd58  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:09:29.0614 0xbd58  rdyboost - ok
23:09:29.0661 0xbd58  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:09:29.0755 0xbd58  RemoteAccess - ok
23:09:29.0786 0xbd58  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:09:29.0895 0xbd58  RemoteRegistry - ok
23:09:29.0942 0xbd58  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
23:09:30.0004 0xbd58  RFCOMM - ok
23:09:30.0020 0xbd58  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:09:30.0114 0xbd58  RpcEptMapper - ok
23:09:30.0145 0xbd58  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
23:09:30.0192 0xbd58  RpcLocator - ok
23:09:30.0254 0xbd58  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
23:09:30.0379 0xbd58  RpcSs - ok
23:09:30.0394 0xbd58  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:09:30.0504 0xbd58  rspndr - ok
23:09:30.0519 0xbd58  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
23:09:30.0550 0xbd58  SamSs - ok
23:09:30.0644 0xbd58  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
23:09:30.0660 0xbd58  SASDIFSV - ok
23:09:30.0706 0xbd58  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
23:09:30.0722 0xbd58  SASKUTIL - ok
23:09:30.0769 0xbd58  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:09:30.0800 0xbd58  sbp2port - ok
23:09:30.0831 0xbd58  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:09:30.0956 0xbd58  SCardSvr - ok
23:09:30.0956 0xbd58  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:09:31.0065 0xbd58  scfilter - ok
23:09:31.0174 0xbd58  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
23:09:31.0377 0xbd58  Schedule - ok
23:09:31.0424 0xbd58  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:09:31.0502 0xbd58  SCPolicySvc - ok
23:09:31.0689 0xbd58  [ B60E9769655DDEE8368E3ABB6668E076, EECA05B36C6F837FA6DB2EDD78E17E9EA5F0D793B869CB99A08C61AB485A1E67 ] ScrybeUpdater   C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
23:09:31.0814 0xbd58  ScrybeUpdater - ok
23:09:31.0861 0xbd58  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:09:31.0939 0xbd58  SDRSVC - ok
23:09:31.0970 0xbd58  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:09:32.0079 0xbd58  secdrv - ok
23:09:32.0110 0xbd58  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
23:09:32.0204 0xbd58  seclogon - ok
23:09:32.0235 0xbd58  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
23:09:32.0329 0xbd58  SENS - ok
23:09:32.0360 0xbd58  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:09:32.0422 0xbd58  SensrSvc - ok
23:09:32.0438 0xbd58  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
23:09:32.0469 0xbd58  Serenum - ok
23:09:32.0532 0xbd58  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
23:09:32.0578 0xbd58  Serial - ok
23:09:32.0625 0xbd58  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
23:09:32.0672 0xbd58  sermouse - ok
23:09:32.0719 0xbd58  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
23:09:32.0844 0xbd58  SessionEnv - ok
23:09:32.0859 0xbd58  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:09:32.0906 0xbd58  sffdisk - ok
23:09:32.0937 0xbd58  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:09:32.0968 0xbd58  sffp_mmc - ok
23:09:32.0984 0xbd58  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:09:33.0031 0xbd58  sffp_sd - ok
23:09:33.0062 0xbd58  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
23:09:33.0093 0xbd58  sfloppy - ok
23:09:33.0187 0xbd58  [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
23:09:33.0265 0xbd58  Sftfs - ok
23:09:33.0358 0xbd58  [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:09:33.0436 0xbd58  sftlist - ok
23:09:33.0468 0xbd58  [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:09:33.0514 0xbd58  Sftplay - ok
23:09:33.0530 0xbd58  [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:09:33.0546 0xbd58  Sftredir - ok
23:09:33.0577 0xbd58  [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
23:09:33.0592 0xbd58  Sftvol - ok
23:09:33.0624 0xbd58  [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:09:33.0670 0xbd58  sftvsa - ok
23:09:33.0733 0xbd58  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:09:33.0873 0xbd58  SharedAccess - ok
23:09:33.0920 0xbd58  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:09:34.0076 0xbd58  ShellHWDetection - ok
23:09:34.0138 0xbd58  [ 1BC348CF6BAA90EC8E533EF6E6A69933, 2B26F6EB701F48E092DED6A7B888F24736F2899EE81D54DD4B1E9DF7CFD36E7A ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
23:09:34.0185 0xbd58  SiSGbeLH - ok
23:09:34.0232 0xbd58  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
23:09:34.0263 0xbd58  SiSRaid2 - ok
23:09:34.0294 0xbd58  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:09:34.0326 0xbd58  SiSRaid4 - ok
23:09:34.0404 0xbd58  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
23:09:34.0450 0xbd58  SkypeUpdate - ok
23:09:34.0482 0xbd58  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:09:34.0560 0xbd58  Smb - ok
23:09:34.0622 0xbd58  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:09:34.0669 0xbd58  SNMPTRAP - ok
23:09:34.0684 0xbd58  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:09:34.0716 0xbd58  spldr - ok
23:09:34.0778 0xbd58  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
23:09:34.0872 0xbd58  Spooler - ok
23:09:35.0137 0xbd58  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
23:09:35.0527 0xbd58  sppsvc - ok
23:09:35.0589 0xbd58  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:09:35.0714 0xbd58  sppuinotify - ok
23:09:35.0761 0xbd58  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:09:35.0870 0xbd58  srv - ok
23:09:35.0932 0xbd58  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:09:36.0010 0xbd58  srv2 - ok
23:09:36.0042 0xbd58  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:09:36.0104 0xbd58  srvnet - ok
23:09:36.0166 0xbd58  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:09:36.0291 0xbd58  SSDPSRV - ok
23:09:36.0322 0xbd58  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:09:36.0432 0xbd58  SstpSvc - ok
23:09:36.0463 0xbd58  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
23:09:36.0478 0xbd58  stexstor - ok
23:09:36.0510 0xbd58  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\drivers\serscan.sys
23:09:36.0572 0xbd58  StillCam - ok
23:09:36.0666 0xbd58  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
23:09:36.0775 0xbd58  stisvc - ok
23:09:36.0806 0xbd58  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:09:36.0822 0xbd58  swenum - ok
23:09:36.0884 0xbd58  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
23:09:37.0040 0xbd58  swprv - ok
23:09:37.0196 0xbd58  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
23:09:37.0414 0xbd58  SysMain - ok
23:09:37.0446 0xbd58  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:09:37.0508 0xbd58  TabletInputService - ok
23:09:37.0570 0xbd58  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:09:37.0695 0xbd58  TapiSrv - ok
23:09:37.0711 0xbd58  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
23:09:37.0836 0xbd58  TBS - ok
23:09:38.0007 0xbd58  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:09:38.0194 0xbd58  Tcpip - ok
23:09:38.0335 0xbd58  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:09:38.0506 0xbd58  TCPIP6 - ok
23:09:38.0569 0xbd58  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:09:38.0600 0xbd58  tcpipreg - ok
23:09:38.0647 0xbd58  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:09:38.0709 0xbd58  TDPIPE - ok
23:09:38.0740 0xbd58  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:09:38.0787 0xbd58  TDTCP - ok
23:09:38.0850 0xbd58  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:09:38.0912 0xbd58  tdx - ok
23:09:38.0943 0xbd58  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:09:38.0974 0xbd58  TermDD - ok
23:09:39.0068 0xbd58  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
23:09:39.0193 0xbd58  TermService - ok
23:09:39.0240 0xbd58  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
23:09:39.0302 0xbd58  Themes - ok
23:09:39.0333 0xbd58  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
23:09:39.0427 0xbd58  THREADORDER - ok
23:09:39.0458 0xbd58  [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM             C:\Windows\system32\drivers\tpm.sys
23:09:39.0505 0xbd58  TPM - ok
23:09:39.0536 0xbd58  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
23:09:39.0661 0xbd58  TrkWks - ok
23:09:39.0723 0xbd58  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:09:39.0832 0xbd58  TrustedInstaller - ok
23:09:39.0864 0xbd58  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:09:39.0895 0xbd58  tssecsrv - ok
23:09:39.0926 0xbd58  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:09:40.0004 0xbd58  TsUsbFlt - ok
23:09:40.0035 0xbd58  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
23:09:40.0051 0xbd58  TsUsbGD - ok
23:09:40.0113 0xbd58  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:09:40.0238 0xbd58  tunnel - ok
23:09:40.0238 0xbd58  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:09:40.0269 0xbd58  uagp35 - ok
23:09:40.0316 0xbd58  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:09:40.0441 0xbd58  udfs - ok
23:09:40.0488 0xbd58  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:09:40.0534 0xbd58  UI0Detect - ok
23:09:40.0566 0xbd58  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:09:40.0597 0xbd58  uliagpkx - ok
23:09:40.0612 0xbd58  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:09:40.0659 0xbd58  umbus - ok
23:09:40.0690 0xbd58  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
23:09:40.0706 0xbd58  UmPass - ok
23:09:40.0956 0xbd58  [ 2C16648A12999AE69A9EBF41974B0BA2, 06008F61B6EC36CD34CB8C4BA983371DB7A9F4BEE15E5329F5E90FEEE300D258 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
23:09:41.0205 0xbd58  UNS - ok
23:09:41.0314 0xbd58  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
23:09:41.0455 0xbd58  upnphost - ok
23:09:41.0502 0xbd58  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:09:41.0564 0xbd58  usbccgp - ok
23:09:41.0611 0xbd58  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:09:41.0673 0xbd58  usbcir - ok
23:09:41.0704 0xbd58  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
23:09:41.0751 0xbd58  usbehci - ok
23:09:41.0798 0xbd58  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:09:41.0892 0xbd58  usbhub - ok
23:09:41.0923 0xbd58  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:09:41.0938 0xbd58  usbohci - ok
23:09:41.0970 0xbd58  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
23:09:42.0016 0xbd58  usbprint - ok
23:09:42.0048 0xbd58  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:09:42.0079 0xbd58  USBSTOR - ok
23:09:42.0110 0xbd58  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
23:09:42.0141 0xbd58  usbuhci - ok
23:09:42.0204 0xbd58  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
23:09:42.0250 0xbd58  usbvideo - ok
23:09:42.0282 0xbd58  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
23:09:42.0391 0xbd58  UxSms - ok
23:09:42.0422 0xbd58  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
23:09:42.0453 0xbd58  VaultSvc - ok
23:09:42.0484 0xbd58  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:09:42.0500 0xbd58  vdrvroot - ok
23:09:42.0562 0xbd58  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
23:09:42.0719 0xbd58  vds - ok
23:09:42.0734 0xbd58  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:09:42.0797 0xbd58  vga - ok
23:09:42.0812 0xbd58  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:09:42.0921 0xbd58  VgaSave - ok
23:09:42.0968 0xbd58  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:09:43.0031 0xbd58  vhdmp - ok
23:09:43.0062 0xbd58  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:09:43.0077 0xbd58  viaide - ok
23:09:43.0109 0xbd58  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:09:43.0140 0xbd58  volmgr - ok
23:09:43.0187 0xbd58  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:09:43.0249 0xbd58  volmgrx - ok
23:09:43.0296 0xbd58  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:09:43.0343 0xbd58  volsnap - ok
23:09:43.0389 0xbd58  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
23:09:43.0483 0xbd58  vsmraid - ok
23:09:43.0701 0xbd58  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
23:09:43.0920 0xbd58  VSS - ok
23:09:43.0951 0xbd58  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
23:09:44.0013 0xbd58  vwifibus - ok
23:09:44.0045 0xbd58  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:09:44.0107 0xbd58  vwififlt - ok
23:09:44.0185 0xbd58  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
23:09:44.0341 0xbd58  W32Time - ok
23:09:44.0388 0xbd58  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
23:09:44.0435 0xbd58  WacomPen - ok
23:09:44.0481 0xbd58  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:09:44.0591 0xbd58  WANARP - ok
23:09:44.0606 0xbd58  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:09:44.0684 0xbd58  Wanarpv6 - ok
23:09:44.0715 0xbd58  [ ECEB715BECE47E101DDEC06B11126066, 6BD577D6EABD48B1BA31955DB3DEEE68528EA54375CA64D233B723D161B45CBA ] wanatw          C:\Windows\system32\DRIVERS\wanatw64.sys
23:09:44.0778 0xbd58  wanatw - ok
23:09:44.0887 0xbd58  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
23:09:45.0012 0xbd58  WatAdminSvc - ok
23:09:45.0168 0xbd58  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
23:09:45.0371 0xbd58  wbengine - ok
23:09:45.0402 0xbd58  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:09:45.0480 0xbd58  WbioSrvc - ok
23:09:45.0527 0xbd58  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:09:45.0620 0xbd58  wcncsvc - ok
23:09:45.0651 0xbd58  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:09:45.0714 0xbd58  WcsPlugInService - ok
23:09:45.0729 0xbd58  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
23:09:45.0761 0xbd58  Wd - ok
23:09:45.0807 0xbd58  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
23:09:45.0839 0xbd58  WDC_SAM - ok
23:09:45.0917 0xbd58  [ EAB3C68E3C38646AC5D5225F9D943D12, 493146BB553AC94E36E7A96806B7E05BFB1E8696E08625399172E1B62CEB501F ] WDDMService.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
23:09:45.0948 0xbd58  WDDMService.exe - detected UnsignedFile.Multi.Generic ( 1 )
23:09:49.0146 0xbd58  Detect skipped due to KSN trusted
23:09:49.0146 0xbd58  WDDMService.exe - ok
23:09:49.0286 0xbd58  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:09:49.0364 0xbd58  Wdf01000 - ok
23:09:49.0411 0xbd58  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:09:49.0567 0xbd58  WdiServiceHost - ok
23:09:49.0583 0xbd58  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:09:49.0629 0xbd58  WdiSystemHost - ok
23:09:49.0692 0xbd58  [ 138AB06ADBBF300AA804D7974A5AEC82, 61A99CB8176C291E858F9D964A9B2EC36970F3BFFF3D5F933A16E9B28BF922DD ] WDSmartWareBackgroundService C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
23:09:49.0707 0xbd58  WDSmartWareBackgroundService - detected UnsignedFile.Multi.Generic ( 1 )
23:09:54.0075 0xbd58  Detect skipped due to KSN trusted
23:09:54.0075 0xbd58  WDSmartWareBackgroundService - ok
23:09:54.0668 0xbd58  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
23:09:54.0793 0xbd58  WebClient - ok
23:09:54.0887 0xbd58  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:09:54.0996 0xbd58  Wecsvc - ok
23:09:55.0027 0xbd58  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:09:55.0167 0xbd58  wercplsupport - ok
23:09:55.0214 0xbd58  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:09:55.0370 0xbd58  WerSvc - ok
23:09:55.0401 0xbd58  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:09:55.0479 0xbd58  WfpLwf - ok
23:09:55.0526 0xbd58  [ 52DED146E4797E6CCF94799E8E22BB2A, 57A29260D81AA3AD3F8C29E9CFA7CE3970D7A8BF673ADD9B256EE76C7DEC080E ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
23:09:55.0557 0xbd58  WimFltr - ok
23:09:55.0573 0xbd58  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:09:55.0604 0xbd58  WIMMount - ok
23:09:55.0604 0xbd58  WinDefend - ok
23:09:55.0635 0xbd58  WinHttpAutoProxySvc - ok
23:09:55.0713 0xbd58  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:09:55.0838 0xbd58  Winmgmt - ok
23:09:56.0010 0xbd58  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
23:09:56.0259 0xbd58  WinRM - ok
23:09:56.0353 0xbd58  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:09:56.0493 0xbd58  Wlansvc - ok
23:09:56.0556 0xbd58  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:09:56.0587 0xbd58  wlcrasvc - ok
23:09:56.0837 0xbd58  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:09:57.0055 0xbd58  wlidsvc - ok
23:09:57.0117 0xbd58  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
23:09:57.0149 0xbd58  WmiAcpi - ok
23:09:57.0195 0xbd58  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:09:57.0258 0xbd58  wmiApSrv - ok
23:09:57.0305 0xbd58  WMPNetworkSvc - ok
23:09:57.0351 0xbd58  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:09:57.0383 0xbd58  WPCSvc - ok
23:09:57.0414 0xbd58  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:09:57.0445 0xbd58  WPDBusEnum - ok
23:09:57.0492 0xbd58  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:09:57.0601 0xbd58  ws2ifsl - ok
23:09:57.0648 0xbd58  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
23:09:57.0695 0xbd58  wscsvc - ok
23:09:57.0710 0xbd58  WSearch - ok
23:09:57.0929 0xbd58  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:09:58.0163 0xbd58  wuauserv - ok
23:09:58.0194 0xbd58  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:09:58.0256 0xbd58  WudfPf - ok
23:09:58.0303 0xbd58  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:09:58.0350 0xbd58  WUDFRd - ok
23:09:58.0412 0xbd58  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:09:58.0449 0xbd58  wudfsvc - ok
23:09:58.0500 0xbd58  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:09:58.0594 0xbd58  WwanSvc - ok
23:09:58.0625 0xbd58  ================ Scan global ===============================
23:09:58.0656 0xbd58  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
23:09:58.0703 0xbd58  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
23:09:58.0750 0xbd58  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
23:09:58.0797 0xbd58  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
23:09:58.0843 0xbd58  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
23:09:58.0890 0xbd58  [ Global ] - ok
23:09:58.0890 0xbd58  ================ Scan MBR ==================================
23:09:58.0906 0xbd58  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:09:59.0421 0xbd58  \Device\Harddisk0\DR0 - detected TDSS File System ( 1 )
23:09:59.0421 0xbd58  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
23:10:02.0431 0xbd58  ================ Scan VBR ==================================
23:10:02.0431 0xbd58  [ E14A76216885B5F2297461FD64106EBF ] \Device\Harddisk0\DR0\Partition1
23:10:02.0431 0xbd58  \Device\Harddisk0\DR0\Partition1 - ok
23:10:02.0447 0xbd58  [ D199E68ED519E02D918C5CA26D00F60A ] \Device\Harddisk0\DR0\Partition2
23:10:02.0447 0xbd58  \Device\Harddisk0\DR0\Partition2 - ok
23:10:02.0447 0xbd58  ================ Scan generic autorun ======================
23:10:02.0447 0xbd58  ETDCtrl - ok
23:10:02.0556 0xbd58  [ 4490896F4491FD5F1BE601BA9C8245BD, 53709493AFDDE795A08F5E54FCF210479304B998522A06054AA9FAF514C8F1C6 ] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
23:10:02.0619 0xbd58  AmIcoSinglun64 - detected UnsignedFile.Multi.Generic ( 1 )
23:10:06.0035 0xbd58  Detect skipped due to KSN trusted
23:10:06.0035 0xbd58  AmIcoSinglun64 - ok
23:10:06.0207 0xbd58  [ E897F9B62E611D59FDFAB82FC829B93A, E11E1A488D461105104E7FFD9F8219BDD231807FE33600233BEF11A432E138FD ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
23:10:06.0425 0xbd58  RtHDVBg - ok
23:10:06.0472 0xbd58  [ 41A39C0171981E6FC2106200F6400E08, C24445A8F488D4337F08A6F815C5A456603A80A43DA0435702A7DC69987DEA4F ] C:\Windows\system32\igfxtray.exe
23:10:06.0503 0xbd58  IgfxTray - ok
23:10:06.0550 0xbd58  [ A7B5B4D80D495503D44D5602B24CC8E2, 9D27D86756F273ACAAC759942FBC071F487AFD7F879C7093DAC2152515DEA4EA ] C:\Windows\system32\hkcmd.exe
23:10:06.0612 0xbd58  HotKeysCmds - ok
23:10:06.0659 0xbd58  [ FF9AAEA8282A7F15E2746F804CED7723, 03400AA082CBEA3D72E153007F895623C01768E04EFC2E2D31669F9CAFF27571 ] C:\Windows\system32\igfxpers.exe
23:10:06.0721 0xbd58  Persistence - ok
23:10:07.0252 0xbd58  [ 69CFED513B87D6FE10DBE421708501B3, DE7F8F22EB5C88DF11C51E5FD69A18EDAFDA6873AAFFBC5BD134DC67E2E75813 ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
23:10:07.0782 0xbd58  SUPERAntiSpyware - ok
23:10:07.0845 0xbd58  [ 9DDF21A0182D1E9EEEAC6AA18EA4FD78, 90207EEC2131FC94450F1AD3C937F5ED0B2239469D94778C65A9CE913B0D8B5E ] C:\Program Files (x86)\AIM6\aim6.exe
23:10:07.0860 0xbd58  Aim6 - ok
23:10:07.0954 0xbd58  FlashPlayerUpdate - ok
23:10:07.0954 0xbd58  Waiting for KSN requests completion. In queue: 6
23:10:08.0968 0xbd58  Waiting for KSN requests completion. In queue: 6
23:10:09.0982 0xbd58  Waiting for KSN requests completion. In queue: 6
23:10:10.0996 0xbd58  Waiting for KSN requests completion. In queue: 6
23:10:12.0088 0xbd58  Win FW state via NFP2: enabled
23:10:14.0849 0xbd58  ============================================================
23:10:14.0849 0xbd58  Scan finished
23:10:14.0849 0xbd58  ============================================================
23:10:14.0865 0x3b70  Detected object count: 1
23:10:14.0865 0x3b70  Actual detected object count: 1
23:10:30.0293 0x3b70  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
23:10:30.0293 0x3b70  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
 



#9 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:34 AM

Posted 01 February 2015 - 06:10 PM

Hi

 

IMPORTANT NOTE: One or more of the identified infections is a backdoor Trojan.  
 
Backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes.  
They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms.  
This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker.  
Read Danger: Remote Access Trojans.
 
You should disconnect the computer from the Internet and from any networked computers until it is cleaned. If your computer was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, paypal and any other online activities.  
You should consider them to be compromised and change passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information.  
Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity.  
If using a router, you need to reset it with a strong logon/password before connecting again.
 
Although the infection has been identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed.  
In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them.  
Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:


 

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
  • Reimaging the system
  • Restoring the entire system using a full system backup from before the backdoor infection
  • Reformatting and reinstalling the system


Backdoors and What They Mean to You
 
This is what Jesper M. Johansson, Security Program Manager at Microsoft TechNet has to say:  

The only way to clean a compromised system is to flatten and rebuild. That's right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).

Help: I Got Hacked. Now What Do I Do?.
 
We will do our best to clean the computer of any infections seen on the log. However, because of the nature of this Trojan, I cannot offer a total
guarantee that there are no remnants left in the system, or that the computer will be trustworthy.
 
Many security experts believe that once infected with this type of Trojan, the best course of action is to reformat and reinstall the Operating System.
Making this decision is based on what the computer is used for, and what information can be accessed from it.
 
Knowing the above, do you wish to proceed with cleaning the malware from the computer?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#10 BWyant

BWyant
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 01 February 2015 - 07:08 PM

May as well proceed with cleaning it up.

 

Unfortunately, I have no restore points on this PC. If I were to do a back-up, there's no way of ensuring infected files aren't transfered, correct? This infection occurred almost a month ago and I've seen no ill-effect so far. No credit card charges or anything crazy like that. I don't do much of anything sensitive on my PC anyway. And of course, I understand that you can't guaruntee a clean PC. The work you do is free of charge. I wouldn't expect a guaruntee. I also understand that virus removal tools search for digital signatures, and obviously do not detect all of them. So, aside from my shotgun pattern scanning, what's the next step?



#11 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:34 AM

Posted 02 February 2015 - 08:04 PM

Ok

 

Unfortunately, I have no restore points on this PC. If I were to do a back-up, there's no way of ensuring infected files aren't transfered, correct?

Yes that's right, it's unlikely but possible.

 

Please follow the instructions in ==>This Guide<== starting at Step 6.  If you cannot complete a step, skip it and continue.
 
Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==  Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.
 
If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.
 
It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.
 
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:34 PM

Posted 05 February 2015 - 12:22 PM

New topic
 
http://www.bleepingcomputer.com/forums/t/565618/backdoor-trojan-infection/#entry3617067
 
Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 3 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users