Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor Trojan Infection


  • This topic is locked This topic is locked
19 replies to this topic

#1 BWyant

BWyant

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 04 February 2015 - 12:11 AM

Got myself a backdoor Trojan somehow back near the beginning of January. Cleaned most of it up using various tools such as Spybot, MWB, HiJack This and so on. However, I've still got something nasty lingering around. Unfortunately, I do not have any restore points on this particular PC. I've also chosen not to do back-up, wipe and reset because it cannot be guarunteed that infected files won't be transferred. I can provide the TDSS Killer log if necessary, but I was instructed to start this new thread with the results of a Farbar Recovery Tool Scan. The Addition file is also attached. And there is also a link to the previous thread. So, here we go. Thank you for taking the time to help out.

 

http://www.bleepingcomputer.com/forums/t/562794/definitely-infected/#entry3615762

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Brock (administrator) on BROCK-PC on 03-02-2015 22:46:20
Running from C:\Users\Brock\Downloads
Loaded Profiles: Brock (Available profiles: Brock & Extra Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(AOL LLC) C:\Program Files (x86)\AIM6\aim6.exe
(AOL LLC) C:\Program Files (x86)\AIM6\aolsoftware.exe
() C:\Program Files (x86)\Mozilla Firefox\updated\firefox.exe
() C:\Program Files (x86)\Mozilla Firefox\updated\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-648195226-1108682552-4073600396-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-15] (SUPERAntiSpyware)
HKU\S-1-5-21-648195226-1108682552-4073600396-1000\...\Run: [Aim6] => C:\Program Files (x86)\AIM6\aim6.exe [49968 2009-07-09] (AOL LLC)
HKU\S-1-5-21-648195226-1108682552-4073600396-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_235_Plugin.exe -update plugin
HKU\S-1-5-21-648195226-1108682552-4073600396-1000\...\MountPoints2: {23629cdf-449e-11e1-a5ca-5404a64f69d8} - "F:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-648195226-1108682552-4073600396-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=EIE9HP&PC=UP50
HKU\S-1-5-21-648195226-1108682552-4073600396-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Brock\AppData\Roaming\Mozilla\Firefox\Profiles\6nfz5kgj.default
FF Homepage: google.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKU\S-1-5-21-648195226-1108682552-4073600396-1000: @fancyguo.com/FancyGame,version=1.0.0.1 -> C:\Users\Brock\AppData\Local\Fancy\npfancygame.dll (Beijing FancyGuo Tech Ltd)
FF Plugin HKU\S-1-5-21-648195226-1108682552-4073600396-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Brock\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-648195226-1108682552-4073600396-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Brock\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll ()
FF Extension: Cookies Manager+ - C:\Users\Brock\AppData\Roaming\Mozilla\Firefox\Profiles\6nfz5kgj.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2013-07-26]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-27]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-27]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-13]
FF HKU\S-1-5-21-648195226-1108682552-4073600396-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Brock\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Brock\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Brock\AppData\Local\Google\Chrome\Application\25.0.1364.152\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (fancy3d) - C:\Users\Brock\AppData\Local\Fancy\npfancygame.dll (Beijing FancyGuo Tech Ltd)
CHR Plugin: (Google Update) - C:\Users\Brock\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Brock\AppData\Local\Google\Chrome\User Data\Default
StartMenuInternet: Google Chrome - C:\Users\Brock\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUS)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.)
S2 WDDMService.exe; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [116224 2009-08-17] (WDC) [File not signed]
S2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [96472 2015-01-10] (Malwarebytes Corporation)
S3 PortTalk; C:\Windows\SysWOW64\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic http://www.beyondlogic.org) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 22:46 - 2015-02-03 22:46 - 00016382 _____ () C:\Users\Brock\Downloads\FRST.txt
2015-02-03 22:46 - 2015-02-03 22:46 - 00000000 ____D () C:\FRST
2015-02-03 22:44 - 2015-02-03 22:46 - 02131456 _____ (Farbar) C:\Users\Brock\Downloads\FRST64.exe
2015-02-01 18:19 - 2015-02-01 18:41 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Brock\Downloads\mbar-1.08.3.1004.exe
2015-02-01 18:18 - 2015-02-01 20:32 - 00000000 ____D () C:\Users\Brock\Desktop\mbar
2015-01-31 23:01 - 2015-01-31 23:02 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Brock\Desktop\tdsskiller.exe
2015-01-30 12:09 - 2015-01-30 12:10 - 01055936 _____ (Adobe) C:\Users\Brock\Downloads\install_flashplayer16x32_mssd_aaa_aih.exe
2015-01-27 14:51 - 2015-01-27 14:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-24 12:19 - 2015-01-24 12:19 - 00639912 _____ (Oracle Corporation) C:\Users\Brock\Downloads\jxpiinstall.exe
2015-01-23 14:12 - 2015-01-23 14:12 - 00000000 __SHD () C:\Users\Brock\AppData\Local\EmieBrowserModeList
2015-01-13 17:54 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 17:54 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 17:54 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 17:54 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 17:54 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 17:54 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 17:54 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 15:23 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 15:23 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 15:23 - 2014-12-11 11:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 15:23 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 15:23 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 15:23 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 00:11 - 2015-01-12 00:11 - 00003234 _____ () C:\Users\Brock\Desktop\JRT.txt
2015-01-12 00:06 - 2015-01-12 00:06 - 00000000 ____D () C:\Windows\ERUNT
2015-01-11 23:06 - 2015-01-11 23:06 - 00001404 _____ () C:\FixitRegBackup.reg
2015-01-11 23:04 - 2015-01-11 23:04 - 00899584 _____ () C:\Users\Brock\Downloads\MicrosoftFixit50535.msi
2015-01-11 14:31 - 2015-01-11 14:31 - 00000000 ____D () C:\Users\Brock\AppData\Roaming\Malwarebytes
2015-01-11 13:59 - 2015-02-03 18:22 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-11 13:59 - 2015-01-11 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-11 13:50 - 2015-01-11 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2015-01-11 13:50 - 2015-01-11 13:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-01-11 13:48 - 2015-01-11 13:52 - 20994064 _____ (SUPERAntiSpyware) C:\Users\Brock\Downloads\SUPERAntiSpyware.exe
2015-01-11 13:47 - 2015-01-11 13:47 - 00000000 ____D () C:\Users\Brock\AppData\Roaming\SUPERAntiSpyware.com
2015-01-11 13:47 - 2015-01-11 13:47 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-01-11 12:09 - 2015-01-11 22:58 - 00000000 ____D () C:\Users\Brock\Desktop\Articles
2015-01-10 23:25 - 2015-02-01 20:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-10 22:09 - 2015-01-10 22:09 - 00000000 ____D () C:\Users\Extra Admin\AppData\Roaming\Macromedia
2015-01-10 22:09 - 2015-01-10 22:09 - 00000000 ____D () C:\Users\Extra Admin\AppData\Local\Macromedia
2015-01-10 22:08 - 2015-01-11 14:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-10 22:08 - 2015-01-10 23:23 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-10 22:08 - 2015-01-10 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-10 22:08 - 2014-11-21 06:23 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-10 22:08 - 2011-12-10 15:24 - 00023152 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-10 22:05 - 2015-01-10 22:07 - 20447176 _____ (Malwarebytes Corporation ) C:\Users\Extra Admin\Downloads\mbam-setup.exe
2015-01-10 22:04 - 2015-01-10 22:04 - 00000000 ____D () C:\Users\Extra Admin\AppData\Roaming\Mozilla
2015-01-10 22:04 - 2015-01-10 22:04 - 00000000 ____D () C:\Users\Extra Admin\AppData\Local\Mozilla
2015-01-10 22:03 - 2015-01-10 22:03 - 00001415 _____ () C:\Users\Extra Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-10 22:03 - 2015-01-10 22:03 - 00000020 ___SH () C:\Users\Extra Admin\ntuser.ini
2015-01-10 22:03 - 2015-01-10 22:03 - 00000000 ____D () C:\Users\Extra Admin\AppData\Roaming\Adobe
2015-01-10 22:03 - 2015-01-10 22:03 - 00000000 ____D () C:\Users\Extra Admin\AppData\Local\VirtualStore
2015-01-10 22:03 - 2015-01-10 22:03 - 00000000 ____D () C:\Users\Extra Admin\AppData\Local\ASUS
2015-01-10 22:03 - 2015-01-10 22:03 - 00000000 ____D () C:\Users\Extra Admin
2015-01-10 22:03 - 2013-09-12 23:55 - 00002102 _____ () C:\Users\Extra Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2015-01-10 22:03 - 2009-07-13 22:54 - 00000000 ___RD () C:\Users\Extra Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-10 22:03 - 2009-07-13 22:49 - 00000000 ___RD () C:\Users\Extra Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-10 21:45 - 2015-01-11 13:47 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-01-10 21:16 - 2015-01-10 21:16 - 00007605 _____ () C:\Users\Brock\AppData\Local\Resmon.ResmonCfg
2015-01-10 21:03 - 2015-01-10 21:03 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Brock\Downloads\mbam-clean-2.1.1.1001.exe
2015-01-10 19:56 - 2015-01-10 22:14 - 00012212 _____ () C:\Windows\PFRO.log
2015-01-10 19:44 - 2015-01-11 14:15 - 00000000 ____D () C:\AdwCleaner
2015-01-10 19:40 - 2015-01-10 19:53 - 20447176 _____ (Malwarebytes Corporation ) C:\Users\Brock\Downloads\mbam-setup.exe
2015-01-10 19:25 - 2015-02-03 21:30 - 01826429 _____ () C:\Windows\WindowsUpdate.log
2015-01-10 19:23 - 2015-01-10 19:23 - 00000000 __SHD () C:\ProgramData\Windows Services
2015-01-10 19:22 - 2015-01-14 11:48 - 00000616 _____ () C:\Windows\setupact.log
2015-01-10 19:22 - 2015-01-10 19:22 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-10 19:11 - 2015-01-10 19:12 - 04166770 _____ () C:\Users\Brock\Desktop\tdsskiller(1).zip
2015-01-10 16:33 - 2015-01-11 14:28 - 00000000 __SHD () C:\Windows\SysWOW64\Windows Services
2015-01-10 14:52 - 2015-01-10 14:52 - 00000000 __RSH () C:\MSDOS.SYS
2015-01-10 14:52 - 2015-01-10 14:52 - 00000000 __RSH () C:\IO.SYS

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 21:39 - 2012-01-28 22:05 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-30 12:15 - 2014-12-17 21:52 - 00000000 ____D () C:\Users\Brock\AppData\Local\Adobe
2015-01-30 12:12 - 2012-07-12 23:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 12:12 - 2012-06-05 17:54 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-30 12:12 - 2012-01-25 02:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 22:42 - 2014-11-30 15:57 - 00014902 _____ () C:\Users\Brock\Desktop\FIFA14.odt
2015-01-24 12:52 - 2013-09-26 15:53 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-24 12:51 - 2012-01-25 02:04 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-24 12:43 - 2013-10-17 14:01 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-24 12:43 - 2013-10-17 14:00 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-24 12:43 - 2012-01-25 02:05 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-24 12:43 - 2012-01-25 02:05 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-19 19:18 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-19 19:18 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 11:55 - 2009-07-13 23:13 - 00820100 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 03:08 - 2013-07-14 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 03:00 - 2012-07-12 23:07 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-11 23:16 - 2014-03-01 19:53 - 00000000 ____D () C:\Users\Brock\Desktop\Virus Tools
2015-01-11 13:46 - 2012-01-24 22:02 - 00000361 _____ () C:\rkill.log
2015-01-10 21:30 - 2012-01-15 19:22 - 00000000 ____D () C:\Users\Brock
2015-01-10 20:11 - 2012-01-21 22:03 - 00000000 ____D () C:\Users\Brock\Documents\Jesus Stuff
2015-01-10 19:15 - 2013-11-18 16:53 - 00000000 ____D () C:\Windows\Minidump
2015-01-06 04:36 - 2012-01-21 20:32 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2012-01-27 11:29 - 2012-01-27 11:31 - 0009205 _____ () C:\Users\Brock\AppData\Roaming\d2d645ea
2013-12-05 23:06 - 2013-12-05 23:06 - 0000036 _____ () C:\Users\Brock\AppData\Roaming\mbam.context.scan
2012-01-27 11:29 - 2012-01-27 11:31 - 0009295 _____ () C:\Users\Brock\AppData\Local\d72e7ca0
2015-01-10 21:16 - 2015-01-10 21:16 - 0007605 _____ () C:\Users\Brock\AppData\Local\Resmon.ResmonCfg
2012-01-27 05:24 - 2012-01-27 11:30 - 0007702 _____ () C:\ProgramData\22cd857d
2013-10-04 15:10 - 2013-10-04 15:10 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-04-13 11:43 - 2014-10-16 16:00 - 0001849 _____ () C:\ProgramData\hpzinstall.log
2011-12-08 18:17 - 2011-12-08 18:17 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-12-08 18:16 - 2011-12-08 18:17 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-12-08 18:16 - 2011-12-08 18:16 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64


LastRegBack: 2015-01-04 00:11

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:57 AM

Posted 06 February 2015 - 09:44 AM

hi Bwyant,

 

We will get some downloads to use. I know you already ran TDSSkiller but we can run it again. Start it so it checks for updates, accept the EULA's;

 

    Click on change parameters.
    Check: Detect TDLFS file system and click ok.  Click Start Scan
    If an infected file is detected, the default action will be Cure, click on Continue.
    If a suspicious file is detected, the default action will be Skip, click on Continue.
    It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

    If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form       of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

2)  Please download RogueKiller and save to the desktop.

    http://www.bleepingcomputer.com/download/roguekiller/

    Close all windows and browsers, disconnect any USB or external drives before running the tool.
    Right-click the program and select 'Run as Administrator'
    Wait for the prescan to complete and then press the Scan button.
    When the scan is done press the Report button. Dont fix anything yet.
    Please copy/paste the results in your next reply.
    File>Exit to close Roguekiller

The log can also be found on your desktop labeled (RKreport[X]_S_xxdatexx_xtimex)
 

3) Download Malwarebytes Anti-Rootkit to your desktop.  BETA

     http://www.malwarebytes.org/antirootkit/

    Double-click the icon to start the tool.
    The archive will extract a folder named "mbar" to your desktop by default-unless changed
    Click in the introduction screen "next" to continue.
    Click in the following screen "Update" to obtain the latest malware definitions.
    Once the update is complete select "Next" and click "Scan".
    When the scan is finished and no malware has been found select "Exit".
    If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    Open the MBAR folder and copy/paste the contents of the following two text files in your next reply:

   1)  "mbar-log-{date} (xx-xx-xx).txt"
   2)  "system-log


How Can I Reduce My Risk to Malware?


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:57 AM

Posted 06 February 2015 - 09:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll ()
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Google Update) - C:\Users\Brock\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
DeleteJunctionsIndirectory: C:\Windows\system64

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

How is the computer running now?

#4 BWyant

BWyant
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 06 February 2015 - 01:43 PM

Here is our TDSS log. Ran it prior to anything else, as instructed. There was no option to cure the infection, so it was skipped.

 

12:37:58.0310 0x1168  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
12:38:02.0320 0x1168  ============================================================
12:38:02.0335 0x1168  Current date / time: 2015/02/06 12:38:02.0320
12:38:02.0335 0x1168  SystemInfo:
12:38:02.0335 0x1168  
12:38:02.0335 0x1168  OS Version: 6.1.7601 ServicePack: 1.0
12:38:02.0335 0x1168  Product type: Workstation
12:38:02.0335 0x1168  ComputerName: BROCK-PC
12:38:02.0335 0x1168  UserName: Brock
12:38:02.0335 0x1168  Windows directory: C:\Windows
12:38:02.0335 0x1168  System windows directory: C:\Windows
12:38:02.0335 0x1168  Running under WOW64
12:38:02.0335 0x1168  Processor architecture: Intel x64
12:38:02.0335 0x1168  Number of processors: 4
12:38:02.0335 0x1168  Page size: 0x1000
12:38:02.0335 0x1168  Boot type: Normal boot
12:38:02.0335 0x1168  ============================================================
12:38:02.0710 0x1168  KLMD registered as C:\Windows\system32\drivers\19021520.sys
12:38:03.0084 0x1168  System UUID: {FF24B48E-FE1A-DCC5-3CBF-F15A0C5E1B44}
12:38:03.0942 0x1168  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:38:03.0942 0x1168  ============================================================
12:38:03.0942 0x1168  \Device\Harddisk0\DR0:
12:38:03.0942 0x1168  MBR partitions:
12:38:03.0942 0x1168  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0xEE79000
12:38:03.0942 0x1168  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12079800, BlocksNum 0x133B4800
12:38:03.0942 0x1168  ============================================================
12:38:04.0004 0x1168  C: <-> \Device\Harddisk0\DR0\Partition1
12:38:04.0051 0x1168  D: <-> \Device\Harddisk0\DR0\Partition2
12:38:04.0051 0x1168  ============================================================
12:38:04.0051 0x1168  Initialize success
12:38:04.0051 0x1168  ============================================================
12:38:31.0617 0x6788  ============================================================
12:38:31.0617 0x6788  Scan started
12:38:31.0617 0x6788  Mode: Manual; TDLFS;
12:38:31.0617 0x6788  ============================================================
12:38:31.0617 0x6788  KSN ping started
12:38:34.0237 0x6788  KSN ping finished: true
12:38:35.0470 0x6788  ================ Scan system memory ========================
12:38:35.0470 0x6788  System memory - ok
12:38:35.0470 0x6788  ================ Scan services =============================
12:38:35.0563 0x6788  [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
12:38:35.0563 0x6788  !SASCORE - ok
12:38:35.0829 0x6788  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:38:35.0844 0x6788  1394ohci - ok
12:38:35.0907 0x6788  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:38:35.0953 0x6788  ACPI - ok
12:38:35.0969 0x6788  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:38:35.0985 0x6788  AcpiPmi - ok
12:38:36.0141 0x6788  [ A2A9C100FE1BE20A76C0B80D4CA44103, C34B4A31C8563E29EC6A3D318C40075F43C891C23D156F53EE2102C959B7887F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:38:36.0156 0x6788  AdobeFlashPlayerUpdateSvc - ok
12:38:36.0219 0x6788  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:38:36.0250 0x6788  adp94xx - ok
12:38:36.0312 0x6788  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:38:36.0328 0x6788  adpahci - ok
12:38:36.0359 0x6788  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:38:36.0375 0x6788  adpu320 - ok
12:38:36.0406 0x6788  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:38:36.0421 0x6788  AeLookupSvc - ok
12:38:36.0484 0x6788  [ 69FD46FAC0D9C4A8ECD522AC6A7481F5, 048FA3F77423D43346A35F142DBD0ACEC190F5E68F79960856C325B3CA7DD6C9 ] AFBAgent        C:\Windows\system32\FBAgent.exe
12:38:36.0515 0x6788  AFBAgent - ok
12:38:36.0593 0x6788  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
12:38:36.0624 0x6788  AFD - ok
12:38:36.0671 0x6788  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
12:38:36.0671 0x6788  agp440 - ok
12:38:36.0702 0x6788  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
12:38:36.0702 0x6788  ALG - ok
12:38:36.0749 0x6788  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:38:36.0749 0x6788  aliide - ok
12:38:36.0780 0x6788  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:38:36.0780 0x6788  amdide - ok
12:38:36.0811 0x6788  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
12:38:36.0811 0x6788  AmdK8 - ok
12:38:36.0827 0x6788  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
12:38:36.0827 0x6788  AmdPPM - ok
12:38:36.0874 0x6788  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:38:36.0874 0x6788  amdsata - ok
12:38:36.0921 0x6788  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:38:36.0936 0x6788  amdsbs - ok
12:38:36.0952 0x6788  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:38:36.0952 0x6788  amdxata - ok
12:38:37.0108 0x6788  [ 85180CF88C5EBAD73B452A43A004CA51, 24D25495DC21293FC1F37EE7E7C2A4725E66D3D25BE05D7EDF4BB4F444C65526 ] AOL ACS         C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
12:38:37.0108 0x6788  AOL ACS - ok
12:38:37.0170 0x6788  [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID           C:\Windows\system32\drivers\appid.sys
12:38:37.0170 0x6788  AppID - ok
12:38:37.0186 0x6788  [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:38:37.0201 0x6788  AppIDSvc - ok
12:38:37.0217 0x6788  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
12:38:37.0233 0x6788  Appinfo - ok
12:38:37.0279 0x6788  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
12:38:37.0279 0x6788  arc - ok
12:38:37.0295 0x6788  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:38:37.0311 0x6788  arcsas - ok
12:38:37.0404 0x6788  [ A3626C6D3F2DC95497F3F61842D7FD89, BB95BAFD3BE22136595D889DADAD67C68ACE6A6EAB02B026C254D97C9E9F2E62 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
12:38:37.0404 0x6788  ASLDRService - ok
12:38:37.0420 0x6788  [ 4C016FD76ED5C05E84CA8CAB77993961, 025E7BE9FCEFD6A83F4471BBA0C11F1C11BD5047047D26626DA24EE9A419CDC4 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
12:38:37.0420 0x6788  ASMMAP64 - ok
12:38:37.0467 0x6788  [ 8569AF4C73747671194EA9EBB2F2D6CF, 121E7FC8C7E22CC7D27DCBD3988608C806D36ADE3753A36AA2DA48B07AD1BBFA ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
12:38:37.0482 0x6788  asmthub3 - ok
12:38:37.0529 0x6788  [ 073716FBFFAC7057CD5FF00A1B558331, B9EDB17A98CA4C5B217F56D012133F0B292AB484217B8F231E07367574110EB8 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
12:38:37.0545 0x6788  asmtxhci - ok
12:38:37.0669 0x6788  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:38:37.0669 0x6788  aspnet_state - ok
12:38:37.0779 0x6788  [ 52436245AAEF3B65DF7859949AB6A14E, F132E47ABB34A2D9FB7C9331DE6397F2F36BD23F6695B351AF4ED10B91F7244D ] ASUS InstantOn  C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
12:38:37.0794 0x6788  ASUS InstantOn - ok
12:38:37.0825 0x6788  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:38:37.0841 0x6788  AsyncMac - ok
12:38:37.0872 0x6788  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:38:37.0872 0x6788  atapi - ok
12:38:38.0106 0x6788  [ B4174564AD5834A1680610572477878C, EA8687C90FE871AA427B4139BEE425E6DC4CFBC4CF3DCE29695EB9B967D9872F ] athr            C:\Windows\system32\DRIVERS\athrx.sys
12:38:38.0262 0x6788  athr - ok
12:38:38.0371 0x6788  [ DBC598E47E7A382E60E2A4745D41FEF9, A810AC197CA456B0285E2CAE6986D38B31F4ADA32BEB47EC7A48A2B2196BA639 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
12:38:38.0371 0x6788  ATKGFNEXSrv - ok
12:38:38.0418 0x6788  [ 41CEAFFCF3550785E59E3EC9BEE8D97A, 89FE604088B65B82AA794E1DA8429033CD2F05FFB2D7EFAAC7B967C7A83D1B1E ] ATKWMIACPIIO_   C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
12:38:38.0418 0x6788  ATKWMIACPIIO_ - ok
12:38:38.0496 0x6788  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:38:38.0543 0x6788  AudioEndpointBuilder - ok
12:38:38.0605 0x6788  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:38:38.0652 0x6788  AudioSrv - ok
12:38:38.0699 0x6788  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:38:38.0715 0x6788  AxInstSV - ok
12:38:38.0777 0x6788  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
12:38:38.0793 0x6788  b06bdrv - ok
12:38:38.0855 0x6788  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:38:38.0871 0x6788  b57nd60a - ok
12:38:38.0902 0x6788  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:38:38.0902 0x6788  BDESVC - ok
12:38:38.0933 0x6788  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:38:38.0933 0x6788  Beep - ok
12:38:39.0027 0x6788  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
12:38:39.0073 0x6788  BFE - ok
12:38:39.0151 0x6788  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
12:38:39.0198 0x6788  BITS - ok
12:38:39.0261 0x6788  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:38:39.0261 0x6788  blbdrive - ok
12:38:39.0292 0x6788  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:38:39.0292 0x6788  bowser - ok
12:38:39.0323 0x6788  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
12:38:39.0323 0x6788  BrFiltLo - ok
12:38:39.0339 0x6788  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
12:38:39.0339 0x6788  BrFiltUp - ok
12:38:39.0385 0x6788  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
12:38:39.0385 0x6788  Browser - ok
12:38:39.0432 0x6788  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:38:39.0448 0x6788  Brserid - ok
12:38:39.0463 0x6788  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:38:39.0479 0x6788  BrSerWdm - ok
12:38:39.0495 0x6788  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:38:39.0495 0x6788  BrUsbMdm - ok
12:38:39.0510 0x6788  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:38:39.0510 0x6788  BrUsbSer - ok
12:38:39.0557 0x6788  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
12:38:39.0557 0x6788  BthEnum - ok
12:38:39.0588 0x6788  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
12:38:39.0588 0x6788  BTHMODEM - ok
12:38:39.0619 0x6788  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
12:38:39.0619 0x6788  BthPan - ok
12:38:39.0682 0x6788  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
12:38:39.0729 0x6788  BTHPORT - ok
12:38:39.0760 0x6788  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
12:38:39.0760 0x6788  bthserv - ok
12:38:39.0807 0x6788  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
12:38:39.0807 0x6788  BTHUSB - ok
12:38:39.0838 0x6788  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:38:39.0838 0x6788  cdfs - ok
12:38:39.0900 0x6788  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:38:39.0900 0x6788  cdrom - ok
12:38:39.0947 0x6788  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:38:39.0947 0x6788  CertPropSvc - ok
12:38:39.0978 0x6788  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
12:38:39.0978 0x6788  circlass - ok
12:38:40.0025 0x6788  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
12:38:40.0041 0x6788  CLFS - ok
12:38:40.0306 0x6788  [ 7E526C5B4DD233EBCF1EA3EC211E2913, 9DC99F18454001AF5462C773C174E2D6E503316550C7E9D7824E9CBC503FCA3B ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
12:38:40.0431 0x6788  ClickToRunSvc - ok
12:38:40.0524 0x6788  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:38:40.0524 0x6788  clr_optimization_v2.0.50727_32 - ok
12:38:40.0571 0x6788  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:38:40.0571 0x6788  clr_optimization_v2.0.50727_64 - ok
12:38:40.0665 0x6788  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:38:40.0680 0x6788  clr_optimization_v4.0.30319_32 - ok
12:38:40.0696 0x6788  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:38:40.0711 0x6788  clr_optimization_v4.0.30319_64 - ok
12:38:40.0743 0x6788  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:38:40.0743 0x6788  CmBatt - ok
12:38:40.0774 0x6788  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:38:40.0774 0x6788  cmdide - ok
12:38:40.0852 0x6788  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
12:38:40.0883 0x6788  CNG - ok
12:38:40.0914 0x6788  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
12:38:40.0914 0x6788  Compbatt - ok
12:38:40.0945 0x6788  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
12:38:40.0945 0x6788  CompositeBus - ok
12:38:40.0961 0x6788  COMSysApp - ok
12:38:40.0992 0x6788  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:38:40.0992 0x6788  crcdisk - ok
12:38:41.0039 0x6788  [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:38:41.0055 0x6788  CryptSvc - ok
12:38:41.0195 0x6788  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
12:38:41.0242 0x6788  cvhsvc - ok
12:38:41.0304 0x6788  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:38:41.0335 0x6788  DcomLaunch - ok
12:38:41.0382 0x6788  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
12:38:41.0413 0x6788  defragsvc - ok
12:38:41.0429 0x6788  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:38:41.0445 0x6788  DfsC - ok
12:38:41.0491 0x6788  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:38:41.0507 0x6788  Dhcp - ok
12:38:41.0554 0x6788  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
12:38:41.0569 0x6788  discache - ok
12:38:41.0601 0x6788  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
12:38:41.0601 0x6788  Disk - ok
12:38:41.0647 0x6788  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:38:41.0663 0x6788  Dnscache - ok
12:38:41.0694 0x6788  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:38:41.0710 0x6788  dot3svc - ok
12:38:41.0741 0x6788  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
12:38:41.0741 0x6788  DPS - ok
12:38:41.0772 0x6788  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:38:41.0772 0x6788  drmkaud - ok
12:38:41.0881 0x6788  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:38:41.0928 0x6788  DXGKrnl - ok
12:38:41.0975 0x6788  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
12:38:41.0991 0x6788  EapHost - ok
12:38:42.0256 0x6788  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
12:38:42.0443 0x6788  ebdrv - ok
12:38:42.0505 0x6788  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
12:38:42.0505 0x6788  EFS - ok
12:38:42.0552 0x0b9c  Object required for P2P: [ 9A262EDD17F8473B91B333D6B031A901 ] aspnet_state
12:38:42.0630 0x6788  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:38:42.0677 0x6788  ehRecvr - ok
12:38:42.0693 0x6788  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
12:38:42.0708 0x6788  ehSched - ok
12:38:42.0802 0x6788  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:38:42.0864 0x6788  elxstor - ok
12:38:42.0895 0x6788  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:38:42.0895 0x6788  ErrDev - ok
12:38:42.0927 0x6788  [ 4C120D2B2EA269EAE7A5744794EB6DB1, 11CD724908CB6327E4E8CFBC908B090AFC33B929FF0DBDC08D8368771E4AA0C9 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
12:38:42.0942 0x6788  ETD - ok
12:38:43.0036 0x6788  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
12:38:43.0051 0x6788  EventSystem - ok
12:38:43.0083 0x6788  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
12:38:43.0098 0x6788  exfat - ok
12:38:43.0129 0x6788  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:38:43.0145 0x6788  fastfat - ok
12:38:43.0223 0x6788  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
12:38:43.0270 0x6788  Fax - ok
12:38:43.0285 0x6788  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
12:38:43.0285 0x6788  fdc - ok
12:38:43.0317 0x6788  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
12:38:43.0317 0x6788  fdPHost - ok
12:38:43.0348 0x6788  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:38:43.0348 0x6788  FDResPub - ok
12:38:43.0363 0x6788  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:38:43.0379 0x6788  FileInfo - ok
12:38:43.0395 0x6788  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:38:43.0395 0x6788  Filetrace - ok
12:38:43.0410 0x6788  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
12:38:43.0410 0x6788  flpydisk - ok
12:38:43.0457 0x6788  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:38:43.0473 0x6788  FltMgr - ok
12:38:43.0597 0x6788  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
12:38:43.0660 0x6788  FontCache - ok
12:38:43.0722 0x6788  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:38:43.0722 0x6788  FontCache3.0.0.0 - ok
12:38:43.0753 0x6788  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:38:43.0753 0x6788  FsDepends - ok
12:38:43.0816 0x6788  [ DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC, 7022722FA38E81F6F4D0EF9F0FBEDD27C09A238B5246A3C36AEAAC11FF76FE07 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
12:38:43.0816 0x6788  fssfltr - ok
12:38:44.0003 0x6788  [ 40CDFAD174B3D5E80F95DDA003C0B97F, 2DA149CE42B87681ECDCC8905D0957443F430A9C7002FF78F22A95F9112A7C4C ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
12:38:44.0097 0x6788  fsssvc - ok
12:38:44.0159 0x6788  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:38:44.0159 0x6788  Fs_Rec - ok
12:38:44.0221 0x6788  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:38:44.0237 0x6788  fvevol - ok
12:38:44.0315 0x6788  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:38:44.0315 0x6788  gagp30kx - ok
12:38:44.0440 0x6788  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:38:44.0487 0x6788  gpsvc - ok
12:38:44.0518 0x6788  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:38:44.0518 0x6788  hcw85cir - ok
12:38:44.0596 0x6788  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:38:44.0611 0x6788  HdAudAddService - ok
12:38:44.0674 0x6788  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:38:44.0674 0x6788  HDAudBus - ok
12:38:44.0705 0x6788  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
12:38:44.0705 0x6788  HidBatt - ok
12:38:44.0736 0x6788  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:38:44.0736 0x6788  HidBth - ok
12:38:44.0767 0x6788  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:38:44.0767 0x6788  HidIr - ok
12:38:44.0799 0x6788  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
12:38:44.0799 0x6788  hidserv - ok
12:38:44.0830 0x6788  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
12:38:44.0830 0x6788  HidUsb - ok
12:38:44.0877 0x6788  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:38:44.0877 0x6788  hkmsvc - ok
12:38:44.0908 0x6788  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:38:44.0923 0x6788  HomeGroupListener - ok
12:38:44.0970 0x6788  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:38:44.0986 0x6788  HomeGroupProvider - ok
12:38:45.0095 0x6788  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05, 7B3F117C1D606DDA7623BEC0BFBC362C33A12213E899F049AC56A55826984134 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
12:38:45.0111 0x6788  hpqcxs08 - ok
12:38:45.0142 0x6788  [ F3F72A2A86C22610BCA5439FA789DD52, DA5A8F09DCC512AA1558863AD4FAC12F72DD83CA8FB4D8D9831E4AFBB6B3C616 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
12:38:45.0142 0x6788  hpqddsvc - ok
12:38:45.0173 0x6788  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:38:45.0189 0x6788  HpSAMD - ok
12:38:45.0313 0x6788  [ F37882F128EFACEFE353E0BAE2766909, 2F9D21613500F092DFC0DB879180B549EE615D9B07408A5CC1A7F84663B2F47A ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
12:38:45.0407 0x6788  HPSLPSVC - ok
12:38:45.0469 0x6788  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:38:45.0516 0x6788  HTTP - ok
12:38:45.0547 0x6788  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:38:45.0547 0x6788  hwpolicy - ok
12:38:45.0579 0x6788  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:38:45.0594 0x6788  i8042prt - ok
12:38:45.0672 0x6788  [ 26CF4275034214ECEDD8EC17B0A18A99, 95A08C63971C28F1BC97040C0ADA247E3B43DE7D937B14E33A394B955D0AC8B7 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
12:38:45.0703 0x6788  iaStor - ok
12:38:45.0766 0x6788  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:38:45.0781 0x6788  iaStorV - ok
12:38:45.0891 0x6788  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:38:45.0953 0x6788  idsvc - ok
12:38:46.0000 0x6788  IEEtwCollectorService - ok
12:38:46.0951 0x6788  [ 0089B53F1BEFD34B7D8CA4AB021335FA, AE2B32E05E166DBAFA602C38D9FF670A1A9E561D8E37E5C088E1519779AE8475 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
12:38:47.0747 0x6788  igfx - ok
12:38:47.0809 0x6788  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:38:47.0809 0x6788  iirsp - ok
12:38:47.0903 0x6788  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
12:38:47.0965 0x6788  IKEEXT - ok
12:38:48.0246 0x6788  [ 651972B4061F940DC154C6F7B948B76A, CF171B7A9AD3B906754E87E3A1EFB8B5ACD7E58E284797F0C90A9AB2ACFEA9CE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:38:48.0433 0x6788  IntcAzAudAddService - ok
12:38:48.0511 0x6788  [ AE594CC17C33AC146739494615E14851, 0E4FA415C1B4065083D761A458450FAE9C6A6EE6E49B3A598B43871D6F01B3EC ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
12:38:48.0527 0x6788  IntcDAud - ok
12:38:48.0558 0x6788  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:38:48.0558 0x6788  intelide - ok
12:38:48.0589 0x6788  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:38:48.0589 0x6788  intelppm - ok
12:38:48.0636 0x6788  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:38:48.0636 0x6788  IPBusEnum - ok
12:38:48.0683 0x6788  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:38:48.0683 0x6788  IpFilterDriver - ok
12:38:48.0745 0x6788  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:38:48.0792 0x6788  iphlpsvc - ok
12:38:48.0808 0x6788  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:38:48.0823 0x6788  IPMIDRV - ok
12:38:48.0839 0x6788  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:38:48.0839 0x6788  IPNAT - ok
12:38:48.0870 0x6788  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:38:48.0870 0x6788  IRENUM - ok
12:38:48.0901 0x6788  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:38:48.0901 0x6788  isapnp - ok
12:38:48.0979 0x6788  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:38:49.0011 0x6788  iScsiPrt - ok
12:38:49.0073 0x6788  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:38:49.0089 0x6788  kbdclass - ok
12:38:49.0120 0x6788  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
12:38:49.0120 0x6788  kbdhid - ok
12:38:49.0167 0x6788  [ E63EF8C3271D014F14E2469CE75FECB4, 3A8DFA4B446AFDC35F01FD5218D0BEBC510A1E3DE9976210F00D19767D0F9069 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
12:38:49.0167 0x6788  kbfiltr - ok
12:38:49.0198 0x6788  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
12:38:49.0198 0x6788  KeyIso - ok
12:38:49.0276 0x6788  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:38:49.0276 0x6788  KSecDD - ok
12:38:49.0354 0x6788  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:38:49.0354 0x6788  KSecPkg - ok
12:38:49.0401 0x6788  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:38:49.0401 0x6788  ksthunk - ok
12:38:49.0463 0x6788  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:38:49.0479 0x6788  KtmRm - ok
12:38:49.0541 0x6788  [ A4A9CA24E54E81C6C3E469EAEB4B3F42, FB6B72BF973EC2EE2D81AAAF47B030C0A5E7E7B079DAB257C52FEFC3F222CDC8 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
12:38:49.0541 0x6788  L1C - ok
12:38:49.0603 0x6788  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:38:49.0619 0x6788  LanmanServer - ok
12:38:49.0650 0x6788  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:38:49.0666 0x6788  LanmanWorkstation - ok
12:38:49.0713 0x6788  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:38:49.0713 0x6788  lltdio - ok
12:38:49.0791 0x6788  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:38:49.0806 0x6788  lltdsvc - ok
12:38:49.0837 0x6788  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:38:49.0837 0x6788  lmhosts - ok
12:38:49.0931 0x6788  [ 7F32D4C47A50E7223491E8FB9359907D, 6D3F59A8D006BED3234697933D09C8EE8F7A9F4A4196CFA878F8E8A929B24CE5 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:38:49.0947 0x6788  LMS - ok
12:38:49.0993 0x6788  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:38:50.0009 0x6788  LSI_FC - ok
12:38:50.0040 0x6788  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:38:50.0040 0x6788  LSI_SAS - ok
12:38:50.0071 0x6788  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:38:50.0071 0x6788  LSI_SAS2 - ok
12:38:50.0087 0x6788  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:38:50.0103 0x6788  LSI_SCSI - ok
12:38:50.0134 0x6788  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:38:50.0134 0x6788  luafv - ok
12:38:50.0212 0x6788  [ 3540DDFAC8A076B983F86EB2A79D8FBD, 3BFAEB3A4C3AA8D4E7A085D1686E6392AECC4F53CBCF33D6FF7235473C7CF96C ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
12:38:50.0227 0x6788  mbamchameleon - ok
12:38:50.0274 0x6788  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:38:50.0274 0x6788  Mcx2Svc - ok
12:38:50.0305 0x6788  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:38:50.0305 0x6788  megasas - ok
12:38:50.0337 0x6788  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
12:38:50.0352 0x6788  MegaSR - ok
12:38:50.0399 0x6788  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
12:38:50.0399 0x6788  MEIx64 - ok
12:38:50.0430 0x6788  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
12:38:50.0430 0x6788  MMCSS - ok
12:38:50.0461 0x6788  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
12:38:50.0461 0x6788  Modem - ok
12:38:50.0493 0x6788  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:38:50.0493 0x6788  monitor - ok
12:38:50.0539 0x6788  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:38:50.0539 0x6788  mouclass - ok
12:38:50.0571 0x6788  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
12:38:50.0586 0x6788  mouhid - ok
12:38:50.0602 0x6788  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:38:50.0602 0x6788  mountmgr - ok
12:38:50.0680 0x6788  [ B4E9C7383A705628AD491CF0F87D901F, 5C0CD7133D4F5B1E0466CDB2A2210ECA57206A8BC41F37BC6324120AE5501C70 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:38:50.0695 0x6788  MozillaMaintenance - ok
12:38:50.0727 0x6788  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:38:50.0742 0x6788  mpio - ok
12:38:50.0789 0x6788  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:38:50.0789 0x6788  mpsdrv - ok
12:38:50.0867 0x6788  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:38:50.0929 0x6788  MpsSvc - ok
12:38:50.0961 0x6788  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:38:50.0976 0x6788  MRxDAV - ok
12:38:51.0007 0x6788  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:38:51.0007 0x6788  mrxsmb - ok
12:38:51.0054 0x6788  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:38:51.0070 0x6788  mrxsmb10 - ok
12:38:51.0085 0x6788  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:38:51.0101 0x6788  mrxsmb20 - ok
12:38:51.0132 0x6788  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:38:51.0132 0x6788  msahci - ok
12:38:51.0163 0x6788  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:38:51.0179 0x6788  msdsm - ok
12:38:51.0210 0x6788  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
12:38:51.0226 0x6788  MSDTC - ok
12:38:51.0273 0x6788  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:38:51.0273 0x6788  Msfs - ok
12:38:51.0304 0x6788  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:38:51.0304 0x6788  mshidkmdf - ok
12:38:51.0319 0x6788  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:38:51.0319 0x6788  msisadrv - ok
12:38:51.0366 0x6788  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:38:51.0382 0x6788  MSiSCSI - ok
12:38:51.0382 0x6788  msiserver - ok
12:38:51.0413 0x6788  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:38:51.0413 0x6788  MSKSSRV - ok
12:38:51.0429 0x6788  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:38:51.0429 0x6788  MSPCLOCK - ok
12:38:51.0444 0x6788  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:38:51.0444 0x6788  MSPQM - ok
12:38:51.0491 0x6788  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:38:51.0538 0x6788  MsRPC - ok
12:38:51.0569 0x6788  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:38:51.0569 0x6788  mssmbios - ok
12:38:51.0585 0x6788  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:38:51.0585 0x6788  MSTEE - ok
12:38:51.0600 0x6788  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
12:38:51.0600 0x6788  MTConfig - ok
12:38:51.0631 0x6788  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
12:38:51.0631 0x6788  Mup - ok
12:38:51.0709 0x6788  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
12:38:51.0741 0x6788  napagent - ok
12:38:51.0803 0x6788  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:38:51.0819 0x6788  NativeWifiP - ok
12:38:51.0912 0x6788  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:38:51.0975 0x6788  NDIS - ok
12:38:51.0990 0x6788  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:38:51.0990 0x6788  NdisCap - ok
12:38:52.0021 0x6788  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:38:52.0021 0x6788  NdisTapi - ok
12:38:52.0053 0x6788  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:38:52.0053 0x6788  Ndisuio - ok
12:38:52.0084 0x6788  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:38:52.0099 0x6788  NdisWan - ok
12:38:52.0115 0x6788  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:38:52.0115 0x6788  NDProxy - ok
12:38:52.0177 0x6788  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
12:38:52.0177 0x6788  Net Driver HPZ12 - ok
12:38:52.0224 0x6788  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:38:52.0224 0x6788  NetBIOS - ok
12:38:52.0255 0x6788  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:38:52.0271 0x6788  NetBT - ok
12:38:52.0287 0x6788  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
12:38:52.0302 0x6788  Netlogon - ok
12:38:52.0349 0x6788  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
12:38:52.0365 0x6788  Netman - ok
12:38:52.0411 0x6788  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:38:52.0411 0x6788  NetMsmqActivator - ok
12:38:52.0458 0x6788  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:38:52.0474 0x6788  NetPipeActivator - ok
12:38:52.0521 0x6788  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
12:38:52.0552 0x6788  netprofm - ok
12:38:52.0567 0x6788  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:38:52.0583 0x6788  NetTcpActivator - ok
12:38:52.0599 0x6788  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:38:52.0599 0x6788  NetTcpPortSharing - ok
12:38:52.0630 0x6788  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:38:52.0630 0x6788  nfrd960 - ok
12:38:52.0677 0x6788  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:38:52.0692 0x6788  NlaSvc - ok
12:38:52.0739 0x6788  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:38:52.0739 0x6788  Npfs - ok
12:38:52.0755 0x6788  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
12:38:52.0770 0x6788  nsi - ok
12:38:52.0786 0x6788  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:38:52.0786 0x6788  nsiproxy - ok
12:38:52.0942 0x6788  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:38:53.0082 0x6788  Ntfs - ok
12:38:53.0113 0x6788  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
12:38:53.0113 0x6788  Null - ok
12:38:53.0145 0x6788  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:38:53.0160 0x6788  nvraid - ok
12:38:53.0207 0x6788  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:38:53.0223 0x6788  nvstor - ok
12:38:53.0254 0x6788  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:38:53.0254 0x6788  nv_agp - ok
12:38:53.0285 0x6788  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:38:53.0285 0x6788  ohci1394 - ok
12:38:53.0347 0x6788  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:38:53.0363 0x6788  ose - ok
12:38:53.0753 0x6788  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:38:54.0003 0x6788  osppsvc - ok
12:38:54.0049 0x6788  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:38:54.0065 0x6788  p2pimsvc - ok
12:38:54.0112 0x6788  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
12:38:54.0127 0x6788  p2psvc - ok
12:38:54.0174 0x6788  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
12:38:54.0174 0x6788  Parport - ok
12:38:54.0205 0x6788  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:38:54.0205 0x6788  partmgr - ok
12:38:54.0252 0x6788  [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:38:54.0268 0x6788  PcaSvc - ok
12:38:54.0299 0x6788  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
12:38:54.0315 0x6788  pci - ok
12:38:54.0361 0x6788  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:38:54.0361 0x6788  pciide - ok
12:38:54.0393 0x6788  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:38:54.0408 0x6788  pcmcia - ok
12:38:54.0455 0x6788  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:38:54.0471 0x6788  pcw - ok
12:38:54.0533 0x6788  [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:38:54.0564 0x6788  PEAUTH - ok
12:38:54.0689 0x6788  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:38:54.0689 0x6788  PerfHost - ok
12:38:54.0829 0x6788  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
12:38:54.0923 0x6788  pla - ok
12:38:55.0017 0x6788  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:38:55.0048 0x6788  PlugPlay - ok
12:38:55.0095 0x6788  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
12:38:55.0095 0x6788  Pml Driver HPZ12 - ok
12:38:55.0126 0x6788  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:38:55.0126 0x6788  PNRPAutoReg - ok
12:38:55.0157 0x6788  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:38:55.0173 0x6788  PNRPsvc - ok
12:38:55.0235 0x6788  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:38:55.0266 0x6788  PolicyAgent - ok
12:38:55.0297 0x6788  PortTalk - ok
12:38:55.0344 0x6788  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
12:38:55.0360 0x6788  Power - ok
12:38:55.0422 0x6788  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:38:55.0422 0x6788  PptpMiniport - ok
12:38:55.0453 0x6788  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
12:38:55.0453 0x6788  Processor - ok
12:38:55.0500 0x6788  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:38:55.0516 0x6788  ProfSvc - ok
12:38:55.0531 0x6788  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:38:55.0547 0x6788  ProtectedStorage - ok
12:38:55.0578 0x6788  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:38:55.0594 0x6788  Psched - ok
12:38:55.0719 0x6788  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:38:55.0812 0x6788  ql2300 - ok
12:38:55.0843 0x6788  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:38:55.0859 0x6788  ql40xx - ok
12:38:55.0890 0x6788  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
12:38:55.0906 0x6788  QWAVE - ok
12:38:55.0921 0x6788  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:38:55.0937 0x6788  QWAVEdrv - ok
12:38:55.0953 0x6788  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:38:55.0953 0x6788  RasAcd - ok
12:38:55.0999 0x6788  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:38:56.0015 0x6788  RasAgileVpn - ok
12:38:56.0031 0x6788  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
12:38:56.0031 0x6788  RasAuto - ok
12:38:56.0062 0x6788  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:38:56.0062 0x6788  Rasl2tp - ok
12:38:56.0124 0x6788  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
12:38:56.0140 0x6788  RasMan - ok
12:38:56.0155 0x6788  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:38:56.0155 0x6788  RasPppoe - ok
12:38:56.0187 0x6788  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:38:56.0202 0x6788  RasSstp - ok
12:38:56.0265 0x6788  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:38:56.0280 0x6788  rdbss - ok
12:38:56.0296 0x6788  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
12:38:56.0296 0x6788  rdpbus - ok
12:38:56.0327 0x6788  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:38:56.0327 0x6788  RDPCDD - ok
12:38:56.0358 0x6788  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:38:56.0358 0x6788  RDPENCDD - ok
12:38:56.0374 0x6788  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:38:56.0374 0x6788  RDPREFMP - ok
12:38:56.0421 0x6788  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:38:56.0436 0x6788  RDPWD - ok
12:38:56.0483 0x6788  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:38:56.0499 0x6788  rdyboost - ok
12:38:56.0545 0x6788  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:38:56.0545 0x6788  RemoteAccess - ok
12:38:56.0592 0x6788  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:38:56.0592 0x6788  RemoteRegistry - ok
12:38:56.0655 0x6788  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
12:38:56.0655 0x6788  RFCOMM - ok
12:38:56.0686 0x6788  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:38:56.0701 0x6788  RpcEptMapper - ok
12:38:56.0733 0x6788  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
12:38:56.0733 0x6788  RpcLocator - ok
12:38:56.0779 0x6788  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
12:38:56.0811 0x6788  RpcSs - ok
12:38:56.0857 0x6788  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:38:56.0857 0x6788  rspndr - ok
12:38:56.0873 0x6788  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
12:38:56.0873 0x6788  SamSs - ok
12:38:56.0967 0x6788  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:38:56.0967 0x6788  SASDIFSV - ok
12:38:57.0013 0x6788  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:38:57.0013 0x6788  SASKUTIL - ok
12:38:57.0029 0x6788  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:38:57.0045 0x6788  sbp2port - ok
12:38:57.0091 0x6788  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:38:57.0091 0x6788  SCardSvr - ok
12:38:57.0123 0x6788  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:38:57.0123 0x6788  scfilter - ok
12:38:57.0216 0x6788  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
12:38:57.0294 0x6788  Schedule - ok
12:38:57.0341 0x6788  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:38:57.0341 0x6788  SCPolicySvc - ok
12:38:57.0528 0x6788  [ B60E9769655DDEE8368E3ABB6668E076, EECA05B36C6F837FA6DB2EDD78E17E9EA5F0D793B869CB99A08C61AB485A1E67 ] ScrybeUpdater   C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
12:38:57.0606 0x6788  ScrybeUpdater - ok
12:38:57.0653 0x6788  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:38:57.0653 0x6788  SDRSVC - ok
12:38:57.0700 0x6788  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:38:57.0700 0x6788  secdrv - ok
12:38:57.0731 0x6788  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
12:38:57.0731 0x6788  seclogon - ok
12:38:57.0747 0x6788  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
12:38:57.0762 0x6788  SENS - ok
12:38:57.0778 0x6788  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:38:57.0778 0x6788  SensrSvc - ok
12:38:57.0809 0x6788  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
12:38:57.0809 0x6788  Serenum - ok
12:38:57.0840 0x6788  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
12:38:57.0856 0x6788  Serial - ok
12:38:57.0871 0x6788  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:38:57.0871 0x6788  sermouse - ok
12:38:57.0934 0x6788  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
12:38:57.0934 0x6788  SessionEnv - ok
12:38:57.0949 0x6788  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:38:57.0965 0x6788  sffdisk - ok
12:38:57.0981 0x6788  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:38:57.0981 0x6788  sffp_mmc - ok
12:38:57.0996 0x6788  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:38:57.0996 0x6788  sffp_sd - ok
12:38:58.0012 0x6788  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:38:58.0027 0x6788  sfloppy - ok
12:38:58.0121 0x6788  [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
12:38:58.0168 0x6788  Sftfs - ok
12:38:58.0277 0x6788  [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
12:38:58.0324 0x6788  sftlist - ok
12:38:58.0371 0x6788  [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
12:38:58.0402 0x6788  Sftplay - ok
12:38:58.0417 0x6788  [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
12:38:58.0417 0x6788  Sftredir - ok
12:38:58.0433 0x6788  [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
12:38:58.0449 0x6788  Sftvol - ok
12:38:58.0464 0x6788  [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
12:38:58.0480 0x6788  sftvsa - ok
12:38:58.0558 0x6788  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:38:58.0573 0x6788  SharedAccess - ok
12:38:58.0651 0x6788  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:38:58.0667 0x6788  ShellHWDetection - ok
12:38:58.0714 0x6788  [ 1BC348CF6BAA90EC8E533EF6E6A69933, 2B26F6EB701F48E092DED6A7B888F24736F2899EE81D54DD4B1E9DF7CFD36E7A ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
12:38:58.0729 0x6788  SiSGbeLH - ok
12:38:58.0761 0x6788  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:38:58.0776 0x6788  SiSRaid2 - ok
12:38:58.0792 0x6788  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:38:58.0807 0x6788  SiSRaid4 - ok
12:38:58.0870 0x6788  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
12:38:58.0870 0x6788  SkypeUpdate - ok
12:38:58.0901 0x6788  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:38:58.0901 0x6788  Smb - ok
12:38:58.0963 0x6788  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:38:58.0963 0x6788  SNMPTRAP - ok
12:38:58.0995 0x6788  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:38:58.0995 0x6788  spldr - ok
12:38:59.0073 0x6788  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
12:38:59.0104 0x6788  Spooler - ok
12:38:59.0369 0x6788  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
12:38:59.0603 0x6788  sppsvc - ok
12:38:59.0650 0x6788  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:38:59.0650 0x6788  sppuinotify - ok
12:38:59.0712 0x6788  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:38:59.0743 0x6788  srv - ok
12:38:59.0790 0x6788  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:38:59.0821 0x6788  srv2 - ok
12:38:59.0853 0x6788  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:38:59.0853 0x6788  srvnet - ok
12:38:59.0899 0x6788  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:38:59.0915 0x6788  SSDPSRV - ok
12:38:59.0931 0x6788  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:38:59.0946 0x6788  SstpSvc - ok
12:38:59.0962 0x6788  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:38:59.0962 0x6788  stexstor - ok
12:38:59.0993 0x6788  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\drivers\serscan.sys
12:38:59.0993 0x6788  StillCam - ok
12:39:00.0087 0x6788  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
12:39:00.0118 0x6788  stisvc - ok
12:39:00.0149 0x6788  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:39:00.0149 0x6788  swenum - ok
12:39:00.0196 0x6788  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
12:39:00.0243 0x6788  swprv - ok
12:39:00.0383 0x6788  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
12:39:00.0477 0x6788  SysMain - ok
12:39:00.0523 0x6788  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:39:00.0523 0x6788  TabletInputService - ok
12:39:00.0570 0x6788  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:39:00.0586 0x6788  TapiSrv - ok
12:39:00.0601 0x6788  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
12:39:00.0617 0x6788  TBS - ok
12:39:00.0789 0x6788  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:39:00.0898 0x6788  Tcpip - ok
12:39:01.0054 0x6788  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:39:01.0163 0x6788  TCPIP6 - ok
12:39:01.0194 0x6788  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:39:01.0210 0x6788  tcpipreg - ok
12:39:01.0241 0x6788  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:39:01.0241 0x6788  TDPIPE - ok
12:39:01.0288 0x6788  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:39:01.0288 0x6788  TDTCP - ok
12:39:01.0335 0x6788  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:39:01.0335 0x6788  tdx - ok
12:39:01.0366 0x6788  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:39:01.0381 0x6788  TermDD - ok
12:39:01.0444 0x6788  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
12:39:01.0491 0x6788  TermService - ok
12:39:01.0522 0x6788  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
12:39:01.0537 0x6788  Themes - ok
12:39:01.0553 0x6788  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
12:39:01.0569 0x6788  THREADORDER - ok
12:39:01.0584 0x6788  [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM             C:\Windows\system32\drivers\tpm.sys
12:39:01.0584 0x6788  TPM - ok
12:39:01.0615 0x6788  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
12:39:01.0615 0x6788  TrkWks - ok
12:39:01.0678 0x6788  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:39:01.0693 0x6788  TrustedInstaller - ok
12:39:01.0725 0x6788  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:39:01.0725 0x6788  tssecsrv - ok
12:39:01.0756 0x6788  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:39:01.0771 0x6788  TsUsbFlt - ok
12:39:01.0771 0x6788  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
12:39:01.0771 0x6788  TsUsbGD - ok
12:39:01.0818 0x6788  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:39:01.0834 0x6788  tunnel - ok
12:39:01.0849 0x6788  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:39:01.0849 0x6788  uagp35 - ok
12:39:01.0896 0x6788  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:39:01.0912 0x6788  udfs - ok
12:39:01.0943 0x6788  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:39:01.0959 0x6788  UI0Detect - ok
12:39:01.0990 0x6788  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:39:01.0990 0x6788  uliagpkx - ok
12:39:02.0021 0x6788  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:39:02.0037 0x6788  umbus - ok
12:39:02.0052 0x6788  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
12:39:02.0052 0x6788  UmPass - ok
12:39:02.0302 0x6788  [ 2C16648A12999AE69A9EBF41974B0BA2, 06008F61B6EC36CD34CB8C4BA983371DB7A9F4BEE15E5329F5E90FEEE300D258 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:39:02.0473 0x6788  UNS - ok
12:39:02.0551 0x6788  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
12:39:02.0583 0x0b9c  Object send P2P result: false
12:39:02.0583 0x0b9c  Object required for P2P: [ DE3E38431B00C2EA247C53675DCF01A0 ] AudioEndpointBuilder
12:39:02.0583 0x6788  upnphost - ok
12:39:02.0645 0x6788  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:39:02.0645 0x6788  usbccgp - ok
12:39:02.0692 0x6788  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:39:02.0707 0x6788  usbcir - ok
12:39:02.0754 0x6788  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
12:39:02.0754 0x6788  usbehci - ok
12:39:02.0910 0x6788  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:39:02.0926 0x6788  usbhub - ok
12:39:02.0973 0x6788  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:39:02.0988 0x6788  usbohci - ok
12:39:03.0082 0x6788  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
12:39:03.0082 0x6788  usbprint - ok
12:39:03.0129 0x6788  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:39:03.0144 0x6788  USBSTOR - ok
12:39:03.0207 0x6788  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:39:03.0207 0x6788  usbuhci - ok
12:39:03.0300 0x6788  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
12:39:03.0300 0x6788  usbvideo - ok
12:39:03.0347 0x6788  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
12:39:03.0347 0x6788  UxSms - ok
12:39:03.0378 0x6788  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
12:39:03.0378 0x6788  VaultSvc - ok
12:39:03.0425 0x6788  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:39:03.0425 0x6788  vdrvroot - ok
12:39:03.0487 0x6788  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
12:39:03.0519 0x6788  vds - ok
12:39:03.0565 0x6788  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:39:03.0565 0x6788  vga - ok
12:39:03.0581 0x6788  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:39:03.0581 0x6788  VgaSave - ok
12:39:03.0612 0x6788  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:39:03.0628 0x6788  vhdmp - ok
12:39:03.0675 0x6788  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:39:03.0675 0x6788  viaide - ok
12:39:03.0690 0x6788  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:39:03.0706 0x6788  volmgr - ok
12:39:03.0737 0x6788  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:39:03.0753 0x6788  volmgrx - ok
12:39:03.0768 0x6788  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:39:03.0784 0x6788  volsnap - ok
12:39:03.0846 0x6788  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:39:03.0846 0x6788  vsmraid - ok
12:39:04.0002 0x6788  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
12:39:04.0096 0x6788  VSS - ok
12:39:04.0111 0x6788  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:39:04.0111 0x6788  vwifibus - ok
12:39:04.0143 0x6788  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:39:04.0143 0x6788  vwififlt - ok
12:39:04.0189 0x6788  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
12:39:04.0205 0x6788  W32Time - ok
12:39:04.0221 0x6788  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:39:04.0221 0x6788  WacomPen - ok
12:39:04.0267 0x6788  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:39:04.0267 0x6788  WANARP - ok
12:39:04.0283 0x6788  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:39:04.0299 0x6788  Wanarpv6 - ok
12:39:04.0330 0x6788  [ ECEB715BECE47E101DDEC06B11126066, 6BD577D6EABD48B1BA31955DB3DEEE68528EA54375CA64D233B723D161B45CBA ] wanatw          C:\Windows\system32\DRIVERS\wanatw64.sys
12:39:04.0330 0x6788  wanatw - ok
12:39:04.0470 0x6788  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:39:04.0548 0x6788  WatAdminSvc - ok
12:39:04.0689 0x6788  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
12:39:04.0782 0x6788  wbengine - ok
12:39:04.0813 0x6788  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:39:04.0829 0x6788  WbioSrvc - ok
12:39:04.0876 0x6788  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:39:04.0907 0x6788  wcncsvc - ok
12:39:04.0923 0x6788  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:39:04.0938 0x6788  WcsPlugInService - ok
12:39:04.0954 0x6788  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
12:39:04.0954 0x6788  Wd - ok
12:39:05.0001 0x6788  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
12:39:05.0001 0x6788  WDC_SAM - ok
12:39:05.0079 0x6788  [ EAB3C68E3C38646AC5D5225F9D943D12, 493146BB553AC94E36E7A96806B7E05BFB1E8696E08625399172E1B62CEB501F ] WDDMService.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
12:39:05.0094 0x6788  WDDMService.exe - ok
12:39:05.0172 0x6788  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:39:05.0219 0x6788  Wdf01000 - ok
12:39:05.0266 0x6788  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:39:05.0266 0x6788  WdiServiceHost - ok
12:39:05.0281 0x6788  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:39:05.0297 0x6788  WdiSystemHost - ok
12:39:05.0344 0x6788  [ 138AB06ADBBF300AA804D7974A5AEC82, 61A99CB8176C291E858F9D964A9B2EC36970F3BFFF3D5F933A16E9B28BF922DD ] WDSmartWareBackgroundService C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
12:39:05.0344 0x6788  WDSmartWareBackgroundService - ok
12:39:05.0391 0x6788  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
12:39:05.0422 0x6788  WebClient - ok
12:39:05.0484 0x6788  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:39:05.0500 0x6788  Wecsvc - ok
12:39:05.0515 0x6788  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:39:05.0531 0x6788  wercplsupport - ok
12:39:05.0562 0x6788  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:39:05.0578 0x6788  WerSvc - ok
12:39:05.0625 0x6788  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:39:05.0640 0x6788  WfpLwf - ok
12:39:05.0671 0x6788  [ 52DED146E4797E6CCF94799E8E22BB2A, 57A29260D81AA3AD3F8C29E9CFA7CE3970D7A8BF673ADD9B256EE76C7DEC080E ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
12:39:05.0671 0x6788  WimFltr - ok
12:39:05.0703 0x6788  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:39:05.0703 0x6788  WIMMount - ok
12:39:05.0718 0x6788  WinDefend - ok
12:39:05.0749 0x6788  WinHttpAutoProxySvc - ok
12:39:05.0827 0x6788  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:39:05.0843 0x6788  Winmgmt - ok
12:39:06.0030 0x6788  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
12:39:06.0155 0x6788  WinRM - ok
12:39:06.0311 0x6788  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:39:06.0373 0x6788  Wlansvc - ok
12:39:06.0436 0x6788  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:39:06.0436 0x6788  wlcrasvc - ok
12:39:06.0451 0x74ec  Object required for P2P: [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC
12:39:06.0685 0x6788  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:39:06.0826 0x6788  wlidsvc - ok
12:39:06.0857 0x6788  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
12:39:06.0873 0x6788  WmiAcpi - ok
12:39:06.0919 0x6788  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:39:06.0935 0x6788  wmiApSrv - ok
12:39:06.0966 0x6788  WMPNetworkSvc - ok
12:39:06.0997 0x6788  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:39:07.0013 0x6788  WPCSvc - ok
12:39:07.0029 0x6788  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:39:07.0044 0x6788  WPDBusEnum - ok
12:39:07.0060 0x6788  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:39:07.0060 0x6788  ws2ifsl - ok
12:39:07.0091 0x6788  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
12:39:07.0091 0x6788  wscsvc - ok
12:39:07.0107 0x6788  WSearch - ok
12:39:07.0325 0x6788  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:39:07.0481 0x6788  wuauserv - ok
12:39:07.0528 0x6788  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:39:07.0543 0x6788  WudfPf - ok
12:39:07.0590 0x6788  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:39:07.0606 0x6788  WUDFRd - ok
12:39:07.0637 0x6788  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:39:07.0653 0x6788  wudfsvc - ok
12:39:07.0699 0x6788  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:39:07.0715 0x6788  WwanSvc - ok
12:39:07.0746 0x6788  ================ Scan global ===============================
12:39:07.0777 0x6788  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
12:39:07.0809 0x6788  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:39:07.0871 0x6788  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:39:07.0918 0x6788  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
12:39:07.0965 0x6788  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
12:39:07.0996 0x6788  [ Global ] - ok
12:39:07.0996 0x6788  ================ Scan MBR ==================================
12:39:08.0011 0x6788  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:39:08.0635 0x6788  \Device\Harddisk0\DR0 - detected TDSS File System ( 1 )
12:39:08.0635 0x6788  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:39:11.0287 0x6788  ================ Scan VBR ==================================
12:39:11.0287 0x6788  [ E14A76216885B5F2297461FD64106EBF ] \Device\Harddisk0\DR0\Partition1
12:39:11.0287 0x6788  \Device\Harddisk0\DR0\Partition1 - ok
12:39:11.0303 0x6788  [ D199E68ED519E02D918C5CA26D00F60A ] \Device\Harddisk0\DR0\Partition2
12:39:11.0303 0x6788  \Device\Harddisk0\DR0\Partition2 - ok
12:39:11.0303 0x6788  ================ Scan generic autorun ======================
12:39:11.0303 0x6788  ETDCtrl - ok
12:39:11.0365 0x6788  [ 4490896F4491FD5F1BE601BA9C8245BD, 53709493AFDDE795A08F5E54FCF210479304B998522A06054AA9FAF514C8F1C6 ] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
12:39:11.0412 0x6788  AmIcoSinglun64 - ok
12:39:11.0599 0x6788  [ E897F9B62E611D59FDFAB82FC829B93A, E11E1A488D461105104E7FFD9F8219BDD231807FE33600233BEF11A432E138FD ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
12:39:11.0755 0x6788  RtHDVBg - ok
12:39:11.0802 0x6788  [ 41A39C0171981E6FC2106200F6400E08, C24445A8F488D4337F08A6F815C5A456603A80A43DA0435702A7DC69987DEA4F ] C:\Windows\system32\igfxtray.exe
12:39:11.0802 0x6788  IgfxTray - ok
12:39:11.0849 0x6788  [ A7B5B4D80D495503D44D5602B24CC8E2, 9D27D86756F273ACAAC759942FBC071F487AFD7F879C7093DAC2152515DEA4EA ] C:\Windows\system32\hkcmd.exe
12:39:11.0896 0x6788  HotKeysCmds - ok
12:39:11.0943 0x6788  [ FF9AAEA8282A7F15E2746F804CED7723, 03400AA082CBEA3D72E153007F895623C01768E04EFC2E2D31669F9CAFF27571 ] C:\Windows\system32\igfxpers.exe
12:39:11.0989 0x6788  Persistence - ok
12:39:12.0535 0x6788  [ 69CFED513B87D6FE10DBE421708501B3, DE7F8F22EB5C88DF11C51E5FD69A18EDAFDA6873AAFFBC5BD134DC67E2E75813 ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
12:39:12.0629 0x4f38  Object required for P2P: [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM
12:39:13.0003 0x6788  SUPERAntiSpyware - ok
12:39:13.0066 0x6788  [ 9DDF21A0182D1E9EEEAC6AA18EA4FD78, 90207EEC2131FC94450F1AD3C937F5ED0B2239469D94778C65A9CE913B0D8B5E ] C:\Program Files (x86)\AIM6\aim6.exe
12:39:13.0066 0x6788  Aim6 - ok
12:39:13.0159 0x6788  FlashPlayerUpdate - ok
12:39:13.0159 0x6788  Waiting for KSN requests completion. In queue: 337
12:39:14.0173 0x6788  Waiting for KSN requests completion. In queue: 337
12:39:15.0187 0x6788  Waiting for KSN requests completion. In queue: 337
12:39:16.0201 0x6788  Waiting for KSN requests completion. In queue: 337
12:39:16.0326 0x4f38  Object send P2P result: true
12:39:17.0215 0x6788  Waiting for KSN requests completion. In queue: 301
12:39:18.0229 0x6788  Waiting for KSN requests completion. In queue: 301
12:39:19.0243 0x6788  Waiting for KSN requests completion. In queue: 301
12:39:20.0257 0x6788  Waiting for KSN requests completion. In queue: 301
12:39:21.0271 0x6788  Waiting for KSN requests completion. In queue: 301
12:39:22.0285 0x6788  Waiting for KSN requests completion. In queue: 301
12:39:22.0597 0x0b9c  Object send P2P result: false
12:39:22.0597 0x0b9c  Object required for P2P: [ DE3E38431B00C2EA247C53675DCF01A0 ] AudioSrv
12:39:23.0299 0x6788  Waiting for KSN requests completion. In queue: 300
12:39:24.0313 0x6788  Waiting for KSN requests completion. In queue: 300
12:39:25.0327 0x6788  Waiting for KSN requests completion. In queue: 300
12:39:25.0546 0x0b9c  Object send P2P result: true
12:39:26.0341 0x6788  Waiting for KSN requests completion. In queue: 283
12:39:26.0466 0x74ec  Object send P2P result: false
12:39:26.0466 0x74ec  Object required for P2P: [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV
12:39:27.0355 0x6788  Waiting for KSN requests completion. In queue: 222
12:39:28.0369 0x6788  Waiting for KSN requests completion. In queue: 222
12:39:29.0383 0x6788  Waiting for KSN requests completion. In queue: 222
12:39:29.0571 0x74ec  Object send P2P result: true
12:39:29.0586 0x74ec  Object required for P2P: [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci
12:39:30.0397 0x6788  Waiting for KSN requests completion. In queue: 166
12:39:31.0411 0x6788  Waiting for KSN requests completion. In queue: 166
12:39:32.0425 0x6788  Waiting for KSN requests completion. In queue: 166
12:39:32.0691 0x74ec  Object send P2P result: true
12:39:32.0691 0x74ec  Object required for P2P: [ 1A29A59A4C5BA6F8C85062A613B7E2B2 ] Ntfs
12:39:33.0439 0x6788  Waiting for KSN requests completion. In queue: 129
12:39:34.0453 0x6788  Waiting for KSN requests completion. In queue: 129
12:39:35.0467 0x6788  Waiting for KSN requests completion. In queue: 129
12:39:36.0029 0x74ec  Object send P2P result: true
12:39:36.0029 0x74ec  Object required for P2P: [ B6A58491307B4CADA572583D863DC602 ] ProfSvc
12:39:36.0481 0x6788  Waiting for KSN requests completion. In queue: 101
12:39:37.0495 0x6788  Waiting for KSN requests completion. In queue: 101
12:39:38.0509 0x6788  Waiting for KSN requests completion. In queue: 101
12:39:39.0523 0x6788  Waiting for KSN requests completion. In queue: 101
12:39:40.0537 0x6788  Waiting for KSN requests completion. In queue: 101
12:39:41.0551 0x6788  Waiting for KSN requests completion. In queue: 101
12:39:42.0565 0x6788  Waiting for KSN requests completion. In queue: 101
12:39:42.0612 0x74ec  Object send P2P result: true
12:39:42.0612 0x74ec  Object required for P2P: [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port
12:39:43.0579 0x6788  Waiting for KSN requests completion. In queue: 73
12:39:44.0593 0x6788  Waiting for KSN requests completion. In queue: 73
12:39:45.0607 0x6788  Waiting for KSN requests completion. In queue: 73
12:39:46.0060 0x74ec  Object send P2P result: true
12:39:46.0699 0x6788  Win FW state via NFP2: enabled
12:39:50.0085 0x6788  ============================================================
12:39:50.0085 0x6788  Scan finished
12:39:50.0085 0x6788  ============================================================
12:39:50.0100 0x2644  Detected object count: 1
12:39:50.0100 0x2644  Actual detected object count: 1
12:40:15.0014 0x2644  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:40:15.0014 0x2644  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
 



#5 BWyant

BWyant
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 06 February 2015 - 02:05 PM

Here is our Rogue Killer log....

 

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Brock [Administrator]
Mode : Scan -- Date : 02/06/2015  13:01:19

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] tdsskiller.exe(47764) -- C:\Users\Brock\Desktop\tdsskiller.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 5 ¤¤¤
[PUM.Desktop] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 6nfz5kgj.default : user_pref("browser.startup.homepage", "google.com"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BPVT-80JJ5T0 +++++
--- User ---
[MBR] 2d7d94ba8776bd501073fc5c5b67dc55
[BSP] 6038da5abdb86a32e945c2c6aa172f56 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 52430848 | Size: 122098 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 302487552 | Size: 157545 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 



#6 BWyant

BWyant
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 06 February 2015 - 03:08 PM

Here's the system log from MBar.

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17501

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 6341918720, free: 3813330944

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17501

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 6341918720, free: 3817078784

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17501

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 6341918720, free: 3135954944

Could not load protection driver
=======================================
Initializing...
------------ Kernel report ------------
     02/01/2015 18:48:06
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\asmtxhci.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbfiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\wanatw64.sys
\SystemRoot\system32\drivers\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\asmthub3.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\difxapi.dll
\Windows\System32\ole32.dll
\Windows\System32\advapi32.dll
\Windows\System32\imm32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\setupapi.dll
\Windows\System32\nsi.dll
\Windows\System32\msctf.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\lpk.dll
\Windows\System32\oleaut32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\kernel32.dll
\Windows\System32\urlmon.dll
\Windows\System32\psapi.dll
\Windows\System32\wininet.dll
\Windows\System32\iertutil.dll
\Windows\System32\sechost.dll
\Windows\System32\normaliz.dll
\Windows\System32\usp10.dll
\Windows\System32\shlwapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\gdi32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\shell32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\user32.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800885c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800885cab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800885c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005f8cc40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005f8f050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E3102A4B

Partition information:

    Partition 0 type is Other (0x1c)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 52428800

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 52430848  Numsec = 250056704
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 302487552  Numsec = 322652160

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-52430848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17501

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 6341918720, free: 3775938560

Could not load protection driver
Downloaded database version: v2015.02.06.07
Downloaded database version: v2015.02.03.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
     02/06/2015 13:22:31
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\asmtxhci.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbfiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\wanatw64.sys
\SystemRoot\system32\drivers\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\asmthub3.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\19021520.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\difxapi.dll
\Windows\System32\ole32.dll
\Windows\System32\advapi32.dll
\Windows\System32\imm32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\setupapi.dll
\Windows\System32\nsi.dll
\Windows\System32\msctf.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\lpk.dll
\Windows\System32\oleaut32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\kernel32.dll
\Windows\System32\urlmon.dll
\Windows\System32\psapi.dll
\Windows\System32\wininet.dll
\Windows\System32\iertutil.dll
\Windows\System32\sechost.dll
\Windows\System32\normaliz.dll
\Windows\System32\usp10.dll
\Windows\System32\shlwapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\gdi32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\shell32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\user32.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.02.06.07
  rootkit: v2015.02.03.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800885c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800885cab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800885c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005f8cc40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005f8f050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E3102A4B

Partition information:

    Partition 0 type is Other (0x1c)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 52428800

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 52430848  Numsec = 250056704
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 302487552  Numsec = 322652160

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Scan finished
 



#7 BWyant

BWyant
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 06 February 2015 - 03:25 PM

For one reason or another, I'm unable to find the MBar report in the folder along with the system log, or anywhere else on my PC for that matter. However, I have two of them from 5 days ago. No changes have been made to my PC since then. Hopefully, that will suffice. For the record though, when I did the scan, nothing was detected.

 

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Brock :: BROCK-PC [administrator]

2/1/2015 6:48:31 PM
mbar-log-2015-02-01 (18-48-31).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 365658
Time elapsed: 39 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:57 AM

Posted 07 February 2015 - 08:50 AM

[PUM.Desktop] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found


Run the RogueKiller tool and fix these items.
This will reset your System restore which is presently disable.

The other New start panel will be reset to the default.

===

Run the TDSSKiller tool one more time and cure these items.

12:40:15.0014 0x2644 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:40:15.0014 0x2644 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Restart the computer normally.
How is it now?

#9 BWyant

BWyant
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 07 February 2015 - 09:04 PM

So, I saved the fixlist.txt file into the same folder as the Farbar Scanner, and the FRST log file, but I don't understand how to run the fixlist.txt file.... Forgive me if I'm ignorant.

 

After doing that, I ran the Farbar Recovery scanner, as suggested in your first post, nasdaq. There was "fix" button associated with the program.This was the log that was generated though.

 

Farbar Service Scanner Version: 21-07-2014
Ran by Brock (administrator) on 07-02-2015 at 19:53:12
Running from "C:\Users\Brock\Desktop\Virus Tools"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

I will run the Rogue Killer and TDSS again and see what happens.



#10 BWyant

BWyant
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 07 February 2015 - 09:15 PM

Ran Rogue Killer and deleted the files that you suggested.

 

Then ran TDSSKiller, detected the same thing again, Harddisk/Dr0, but there is still no option to cure.

 

Should I have restarted the computer after running Rogue Killer?



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:57 AM

Posted 08 February 2015 - 08:30 AM

Should I have restarted the computer after running Rogue Killer?

Yes please run the fix again and restart the computer.

Let me know if the problem persists.

#12 BWyant

BWyant
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 08 February 2015 - 03:49 PM

Rogue Killer got rid of the items suggested in your list. Progress, eh? Thank you.

 

However, TDSSKiller still detects the Harddisk/Dr0 problem. Options available - skip, quaruntine, delete.

 

Would it help if I went to safe mode and ran RKill beforehand? Just a thought.

 

Need any of the log files?



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:57 AM

Posted 09 February 2015 - 09:17 AM

However, TDSSKiller still detects the Harddisk/Dr0 problem. Options available - skip, quaruntine, delete.

You have selected the delete function and have restarted the computer and these items are still listed?

Would it help if I went to safe mode and ran RKill beforehand? Just a thought.

If still a problem please do.

#14 BWyant

BWyant
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 09 February 2015 - 01:03 PM

Ah, no, I did not run the "delete" function. I thought I was looking for "cure." In addition, deleting from my hard-disk is a little bit of a scary proposition. I'll run that "delete" function and get back to you once more. Thanks for being patient.



#15 BWyant

BWyant
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 09 February 2015 - 01:28 PM

Got it! What's next?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users