Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot get rid of safesear.ch


  • Please log in to reply
35 replies to this topic

#1 madmusic36

madmusic36

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 27 January 2016 - 10:07 AM

I must have downloaded something and did not pay attention because everytime I open IE it opens on www.safesear.ch and I cannot get rid of it.  I did see in a previous posting on this site that someone had the same issue but the posting was from 2014 and they were running windows 8.1 and I am running Windows 10.  (here is a link to the posting http://www.bleepingcomputer.com/forums/t/536200/infected-with-safesearch-hijacked-firefox-and-ie11/)

 

Per the posting I ran the Farbar Recovery Scan tool per the instructions in the posting (hoping this would save time I hope I did not jump the gun).  I got the files it stated I would get.  I am attaching them to this postAttached File  addition.txt   40.43KB   5 downloadsAttached File  FRST.txt   40.17KB   9 downloads.  I hope you can help me fix this it is driving me nuts.  Thanks!

 



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 PM

Posted 27 January 2016 - 07:24 PM

Hello madmusic36 and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
   
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 
Sincerely
:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 PM

Posted 27 January 2016 - 07:51 PM

Hi madmusic36,

 

İnforming:
To protect these types of Ad-wares you have to be careful on some points.

  • You should not download any software from 3rd party downloading websites, Only download from their own website.
  • You should not keep ticked any unwanted check mark which are prompts while installing any software.
  • You should read the all agreement which is prompts while installing any software.
  • You should not open any executive file which is comes by e-mail if you really don’t know their publisher.

Before I conclude I would like to say a few things. Please create a system restore point first before you install any new software. Pay attention during the installation process. Don’t trust the word ‘Free’. Don’t just click on Next, Next, Next. Even the official installer of a legitimate software like Java includes third-party offers! Opt out where you can, if you cant, simply exit the installation process. So you have to be aware during the installation process!

 İt is important that you pay attention to the license agreements and installation screens when installing anything. ‘Think before you click on any Download link blindly’!

 

Please do the following.

Programs to remove
Amazon Browser App
Fast Browser

C:\Program Files (x86)\NpackdCL

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.

And PC restart now

====================================================================

 

Step 1:
 FRST Script:
 Please download this attached Attached File  Fixlist.txt   8.79KB   10 downloads  and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:

Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Step 5:
 Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 madmusic36

madmusic36
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 28 January 2016 - 01:55 PM

I am on step 1 and I have downloaded the attached file to the FRST directory.  I am the administator for the computer so I opened the FRST folder after saving the file and there is no FIX button.  What am I doing wrong?  Thank you.



#5 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 PM

Posted 28 January 2016 - 02:51 PM

Ashampoo_Snap_20140927_13h17m38s_001_Far
Can not you see the Fix button?


 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 madmusic36

madmusic36
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 29 January 2016 - 06:03 AM

So sorry I totally misunderstood.  Working on it today.  Thanks



#7 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 PM

Posted 29 January 2016 - 02:11 PM

Well,i am waiting.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 madmusic36

madmusic36
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 30 January 2016 - 08:35 AM

Here are all the log files. It worked thank you so much!!!!

 

# AdwCleaner v5.031 - Logfile created 30/01/2016 at 07:45:00
# Updated 25/01/2016 by Xplode
# Database : 2016-01-25.3 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Melissa - MYPLEASURE
# Running from : C:\Users\Melissa\Desktop\adwcleaner_5.031.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\Amazon\ABB
Folder Found : C:\Program Files (x86)\mipony
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mipony
Folder Found : C:\Users\Melissa\AppData\Roaming\AdvertismentImages
Folder Found : C:\Users\Melissa\AppData\Roaming\mipony
Folder Found : C:\Users\Melissa\AppData\Roaming\RPEng
Folder Found : C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mipony
Folder Found : C:\Users\Melissa\Documents\mipony

***** [ Files ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk
File Found : C:\Users\Melissa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk
File Found : C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.lnk
File Found : C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Youtube.lnk

***** [ DLL ] *****

***** [ Shortcuts ] *****

Shortcut Infected : C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk ( hxxp://www.safesear.ch/?type=20160113-135-sh-search )
Shortcut Infected : C:\Users\Melissa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk ( hxxp://www.safesear.ch/?type=20160113-135-ff-sr )
Shortcut Infected : C:\Users\Melissa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( hxxp://www.safesear.ch/?type=20160113-135-ff-sr )

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MiPony.exe
Key Found : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKCU\Software\PRODUCTSETUP
Key Found : HKCU\Software\undefined
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MiPony
Data Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://www.safesear.ch/web/?type=20160113-135-sshome-ie-df&q={searchTerms}
Data Found : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://www.safesear.ch/web/?type=20160113-135-sshome-ie-df&q={searchTerms}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://www.safesear.ch/web/?type=20160113-135-sshome-ie-df&q={searchTerms}
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\safesear.ch
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Codec Settings UAC Manager]

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3813 bytes] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 10 Home x64
Ran by Melissa (Administrator) on Sat 01/30/2016 at  7:49:07.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 2

Successfully deleted: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\search.lnk (Shortcut)
Successfully deleted: C:\Program Files (x86)\convert audio free (Folder)

 

Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F2BDC86-1CFB-425F-A2DB-6DDFF63BCF1E} (Registry Key)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/30/2016 at  7:50:05.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~ ZHPCleaner v2016.1.30.18 by Nicolas Coolman (2016/01/30)
~ Run by Melissa (Administrator)  (30/01/2016 08:01:20)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Melissa\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Melissa\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit  (Build 10586)

---\\  Services (0)
~ No malicious or unnecessary items found.

---\\  Browser internet (0)
~ No malicious or unnecessary items found.

---\\  Hosts file (1)
~ The hosts file is legitimate (21)

---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

---\\  Explorer ( File, Folder) (11)
MOVED file: C:\Users\Melissa\Desktop\Beware the Wild - Natalie C. Parker.epub    =>PUP.Optional.Multiplug
MOVED folder: C:\WINDOWS\Installer\MSI522F.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI554C.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI55EA.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI5677.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI5705.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI5EBA.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSICF38.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID10D.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID1BB.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIDDF3.tmp-  =>Empty

---\\  Registry ( Key, Value, Data) (2)
DELETED key*: HKEY_USERS\S-1-5-21-3273600096-229971226-1471375947-1001\SOFTWARE\Classes\AppXc6fcnnrt5nqm02vg6kz0174gy5t5hpj9 [Notepad 8 Text Document]  =>Adware.Navipromo
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.olark.com [5742]  =>PUP.Optional.Generic

---\\  Summary of the elements found (3)
http://www.nicolascoolman.fr/?p=1402  =>PUP.Optional.Multiplug
http://www.nicolascoolman.fr/?p=965  =>Adware.Navipromo
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.Generic

---\\  Other deletions. (17)
~ Registry Keys Tracing deleted (17)
~ Remove the old reports ZHPCleaner. (0)

---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Google Chrome)
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)

---\\ Statistics
~ Items scanned : 238
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 13

~ End of clean in 00h00mn03s
===================
ZHPCleaner-[R]-30012016-08_01_23.txt
ZHPCleaner-[S]-30012016-08_00_51.txt

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/30/2016
Scan Time: 8:10 AM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.30.02
Rootkit Database: v2016.01.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Melissa

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 354026
Time Elapsed: 5 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Downloader, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\IntegrationManager, Delete-on-Reboot, [8d3d45fa2475ac8a4075865ae1210cf4],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.SafeSearch.ShrtCln, C:\Users\Melissa\AppData\Local\Component, Quarantined, [6e5c77c83b5e52e4f6ff4f98c43edc24],

Files: 4
PUP.Optional.Proinstall, C:\Users\Melissa\Downloads\Mipony-Installer-50395800.exe, Quarantined, [0fbb2e112871c57101b72dd2907019e7],
PUP.Optional.InstallCore, C:\Users\Melissa\Downloads\Mipony_Setup.zip, Quarantined, [5773023d306939fd0ea371df8d74d62a],
PUP.Optional.Downloader, C:\Windows\System32\Tasks\IntegrationManager, Quarantined, [4c7ec679970240f610a37e6271919a66],
PUP.Optional.SafeSearch.ShrtCln, C:\Users\Melissa\AppData\Local\Component\com.exe, Quarantined, [6e5c77c83b5e52e4f6ff4f98c43edc24],

Physical Sectors: 0
(No malicious items detected)

(end)



#9 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 PM

Posted 30 January 2016 - 01:17 PM

Hi madmusic36,

Browser Reset
 
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

Proceed with the reset once done.

===========================================================================

Java update:
Updating Java and Clearing Cache:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to update.

Java 8 Update 51

Java 8 Update 65

  • Download the latest version of Java Runtime Environment (JRE) 8
  • Recommended Version is 8 Update 71
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows Offline (64-bit)  and save the file.
  • Close any programs you may have running - especially your web browser.

java-1.jpg
See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Installed Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

================================================================================

Zoek script run:

  • Temporarily disable your Antivirus protection - if you don't know how to do that, please consult the article below.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please download ZOEK and save it to your desktop (preferred version is the *.exe one - upper left corner).

http://hijackthis.nl/smeenk/

  • Attached to this message you will find a file called zoekscript

txt.gif  zoekscript.txt   188bytes   19 downloads

  • Download it too and save to your desktop - _it needs to be in the same location as the ZOEK tool
  • Drag zoekscript file and drop it onto ZOEK icon - this should launch the program:
  • The scan may take a while and may need a reboot.
  • Upon completion a file zoek-results should appear.
  • Attach it for my review.

Edited by olgun52, 31 January 2016 - 07:08 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 madmusic36

madmusic36
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 31 January 2016 - 09:12 AM

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Melissa on Sun 01/31/2016 at  9:00:13.24.
Microsoft Windows 10 Home 10.0.10586  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Melissa\Desktop\zoek.exe
Script used: C:\Users\Melissa\Desktop\zoekscript.txt

==== System Restore Info ======================

1/31/2016 9:00:40 AM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\Amazon deleted successfully
C:\PROGRA~2\Freemake deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\Freemake deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Melissa\AppData\Local\ActiveSync deleted successfully
C:\Users\Melissa\AppData\Local\calibre-cache deleted successfully
C:\Users\Melissa\AppData\Local\EmieSiteList deleted successfully
C:\Users\Melissa\AppData\Local\EmieUserList deleted successfully
C:\Users\Melissa\AppData\Local\NetworkTiles deleted successfully
C:\Users\Melissa\AppData\Local\PackageStaging deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Batch Command(s) Run By Tool======================

==== Deleting Files \ Folders ======================

C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~2\Amazon not found
C:\PROGRA~2\Freemake not found
C:\PROGRA~2\MiPony deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\PROGRA~3\{C6FA530F-BB98-4D9F-BA00-45FD0698077C} deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Melissa\AppData\Local\Avanquest North America deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\Melissa\Desktop\MiPony.lnk deleted
C:\Users\Melissa\ZHPCleaner.exe deleted

==== Chromium Look ======================

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.facebook.com/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.facebook.com/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MiPony deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Melissa\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Melissa\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Melissa\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Melissa\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=213 folders=67 98459489 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Melissa\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Sun 01/31/2016 at  9:10:39.04 ======================



#11 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 PM

Posted 31 January 2016 - 07:15 PM

Hi madmusic36,

RogueKiller by Tigzy

  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply

===================================================

Run TDSSKiller by Kaspersky

  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply even if no threats are found.

-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 madmusic36

madmusic36
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 01 February 2016 - 10:04 AM

RogueKiller V11.0.10.0 [Feb 1 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Melissa [Administrator]
Started from : C:\Users\Melissa\Desktop\RogueKiller.exe
Mode : Scan -- Date : 02/01/2016 06:29:24

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Conduit -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3273600096-229971226-1471375947-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.facebook.com/ -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3273600096-229971226-1471375947-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.facebook.com/ -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3273600096-229971226-1471375947-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3273600096-229971226-1471375947-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[Hidden.ADS][Stream] C:\Windows\SysWOW64:Win32App_1 -> Found
[PUP][File] C:\Users\Melissa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk [LNK@] C:\Program Files (x86)\MiPony\MiPony.exe -> Found

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DX001-1CM162 +++++
--- User ---
[MBR] 2ee9598b4b01e4bd88507c3d6da9b402
[BSP] ad9fe43429962f55ccf6181ef83402f1 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 2048 | Size: 1000 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 2582528 | Size: 500 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 3606528 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 3868672 | Size: 926980 MB
5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1902323712 | Size: 25000 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WD My Book 1230 USB Device +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! ([79] The semaphore timeout period has expired. )
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: WD My Book 1140 USB Device +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! ([79] The semaphore timeout period has expired. )
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: WD My Book 1130 USB Device +++++
--- User ---
[MBR] 05057e01396b4cba6c1a5d56ad4ddfb9
[BSP] 8269ede672a8e14161b3829f58e1fc1d : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907696 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: WD My Book 1230 USB Device +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! ([79] The semaphore timeout period has expired. )
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: WD My Book 1140 USB Device +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! ([79] The semaphore timeout period has expired. )
Error reading LL2 MBR! ([32] The request is not supported. )

09:57:51.0573 0x1f54 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
09:57:51.0573 0x1f54 UEFI system
09:57:58.0497 0x1f54 ============================================================
09:57:58.0497 0x1f54 Current date / time: 2016/02/01 09:57:58.0497
09:57:58.0497 0x1f54 SystemInfo:
09:57:58.0497 0x1f54
09:57:58.0497 0x1f54 OS Version: 10.0.10586 ServicePack: 0.0
09:57:58.0497 0x1f54 Product type: Workstation
09:57:58.0497 0x1f54 ComputerName: MYPLEASURE
09:57:58.0497 0x1f54 UserName: Melissa
09:57:58.0497 0x1f54 Windows directory: C:\WINDOWS
09:57:58.0497 0x1f54 System windows directory: C:\WINDOWS
09:57:58.0497 0x1f54 Running under WOW64
09:57:58.0497 0x1f54 Processor architecture: Intel x64
09:57:58.0497 0x1f54 Number of processors: 4
09:57:58.0497 0x1f54 Page size: 0x1000
09:57:58.0497 0x1f54 Boot type: Normal boot
09:57:58.0497 0x1f54 ============================================================
09:57:58.0576 0x1f54 KLMD registered as C:\WINDOWS\system32\drivers\59208100.sys
09:57:59.0091 0x1f54 System UUID: {8AF5B527-4106-364C-263B-0AF27B03DBE0}
09:57:59.0576 0x1f54 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:57:59.0576 0x1f54 Drive \Device\Harddisk1\DR1 - Size: 0x3A37F700000 ( 3725.99 Gb ), SectorSize: 0x1000, Cylinders: 0xED7F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:58:16.0675 0x1f54 Drive \Device\Harddisk2\DR2 - Size: 0x2BA9F400000 ( 2794.49 Gb ), SectorSize: 0x1000, Cylinders: 0xB21F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:58:34.0749 0x1f54 Drive \Device\Harddisk3\DR3 - Size: 0x1D1BF100000 ( 1862.99 Gb ), SectorSize: 0x200, Cylinders: 0x3B5FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:58:51.0771 0x1f54 Drive \Device\Harddisk4\DR4 - Size: 0x3A37F700000 ( 3725.99 Gb ), SectorSize: 0x1000, Cylinders: 0xED7F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:59:08.0899 0x1f54 Drive \Device\Harddisk5\DR5 - Size: 0x2BA9F400000 ( 2794.49 Gb ), SectorSize: 0x1000, Cylinders: 0xB21F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:59:26.0939 0x1f54 ============================================================
09:59:26.0939 0x1f54 \Device\Harddisk0\DR0:
09:59:26.0939 0x1f54 GPT partitions:
09:59:26.0939 0x1f54 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {78F180A4-E0DC-431D-AB78-12FEF2501F6D}, Name: , StartLBA 0x800, BlocksNum 0x1F4000
09:59:26.0939 0x1f54 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {F13A6F39-AF4C-4107-834E-AECAD79EC1C8}, Name: EFI system partition, StartLBA 0x1F4800, BlocksNum 0x82000
09:59:26.0939 0x1f54 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {BFBFAFE7-A34F-448A-9A5B-6213EB736C22}, UniqueGUID: {8745DECE-FD65-413C-BB1D-9998CA03F11E}, Name: , StartLBA 0x276800, BlocksNum 0xFA000
09:59:26.0939 0x1f54 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {8397A20C-A24D-4248-A6A9-E0976579C80B}, Name: Microsoft reserved partition, StartLBA 0x370800, BlocksNum 0x40000
09:59:26.0939 0x1f54 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {AA87A4F9-99D8-4B04-A875-593F7685E4B3}, Name: Basic data partition, StartLBA 0x3B0800, BlocksNum 0x71282000
09:59:26.0939 0x1f54 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {44DC5D97-DDD5-4867-B693-AB1AD1F702E3}, Name: , StartLBA 0x71632800, BlocksNum 0x30D4000
09:59:26.0939 0x1f54 MBR partitions:
09:59:26.0939 0x1f54 \Device\Harddisk1\DR1:
09:59:26.0939 0x1f54 MBR partitions:
09:59:26.0939 0x1f54 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x100, BlocksNum 0x3A37F600
09:59:26.0939 0x1f54 \Device\Harddisk2\DR2:
09:59:26.0939 0x1f54 MBR partitions:
09:59:26.0939 0x1f54 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x100, BlocksNum 0x2BA9F300
09:59:26.0939 0x1f54 \Device\Harddisk3\DR3:
09:59:26.0939 0x1f54 MBR partitions:
09:59:26.0939 0x1f54 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8DF8000
09:59:26.0939 0x1f54 \Device\Harddisk4\DR4:
09:59:26.0939 0x1f54 MBR partitions:
09:59:26.0939 0x1f54 \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x100, BlocksNum 0x3A37F600
09:59:26.0939 0x1f54 \Device\Harddisk5\DR5:
09:59:26.0939 0x1f54 MBR partitions:
09:59:26.0939 0x1f54 \Device\Harddisk5\DR5\Partition1: MBR, Type 0x7, StartLBA 0x100, BlocksNum 0x2BA9F300
09:59:26.0939 0x1f54 ============================================================
09:59:26.0939 0x1f54 C: <-> \Device\Harddisk0\DR0\Partition5
09:59:27.0814 0x1f54 E: <-> \Device\Harddisk4\DR4\Partition1
09:59:27.0861 0x1f54 F: <-> \Device\Harddisk5\DR5\Partition1
09:59:28.0314 0x1f54 H: <-> \Device\Harddisk3\DR3\Partition1
09:59:28.0892 0x1f54 I: <-> \Device\Harddisk1\DR1\Partition1
09:59:29.0361 0x1f54 J: <-> \Device\Harddisk2\DR2\Partition1
09:59:29.0361 0x1f54 ============================================================
09:59:29.0361 0x1f54 Initialize success
09:59:29.0361 0x1f54 ============================================================
09:59:37.0615 0x1f44 ============================================================
09:59:37.0615 0x1f44 Scan started
09:59:37.0615 0x1f44 Mode: Manual;
09:59:37.0615 0x1f44 ============================================================
09:59:37.0615 0x1f44 KSN ping started
09:59:40.0069 0x1f44 KSN ping finished: true
09:59:43.0914 0x1f44 ================ Scan system memory ========================
09:59:43.0914 0x1f44 System memory - ok
09:59:43.0914 0x1f44 ================ Scan services =============================
09:59:44.0023 0x1f44 1394ohci - ok
09:59:44.0023 0x1f44 3ware - ok
09:59:44.0039 0x1f44 ACPI - ok
09:59:44.0055 0x1f44 acpiex - ok
09:59:44.0055 0x1f44 acpipagr - ok
09:59:44.0070 0x1f44 AcpiPmi - ok
09:59:44.0070 0x1f44 acpitime - ok
09:59:44.0117 0x1f44 [ F6CEFEF46986DE02A3AE5D93AE32B5DC, 903EC5A7B40F4F6B2F3378EFFE8DF28667B88061CDF681C44F2E4FE39B62959E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:59:44.0117 0x1f44 AdobeARMservice - ok
09:59:44.0133 0x1f44 ADP80XX - ok
09:59:44.0148 0x1f44 AFD - ok
09:59:44.0148 0x1f44 agp440 - ok
09:59:44.0148 0x1f44 ahcache - ok
09:59:44.0148 0x1f44 AJRouter - ok
09:59:44.0148 0x1f44 ALG - ok
09:59:44.0148 0x1f44 AmdK8 - ok
09:59:44.0164 0x1f44 AmdPPM - ok
09:59:44.0164 0x1f44 amdsata - ok
09:59:44.0164 0x1f44 amdsbs - ok
09:59:44.0164 0x1f44 amdxata - ok
09:59:44.0164 0x1f44 AppID - ok
09:59:44.0180 0x1f44 AppIDSvc - ok
09:59:44.0180 0x1f44 Appinfo - ok
09:59:44.0195 0x1f44 [ 2D564BB1C4559A517B390A031955714D, 3048C187FD107C958D43DD8B954AB55FDD1BC538D3E0066CBFCB428C7A8A87E1 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:59:44.0195 0x1f44 Apple Mobile Device Service - ok
09:59:44.0195 0x1f44 AppReadiness - ok
09:59:44.0211 0x1f44 AppXSvc - ok
09:59:44.0211 0x1f44 arcsas - ok
09:59:44.0211 0x1f44 AsyncMac - ok
09:59:44.0211 0x1f44 atapi - ok
09:59:44.0211 0x1f44 AudioEndpointBuilder - ok
09:59:44.0226 0x1f44 Audiosrv - ok
09:59:44.0226 0x1f44 AxInstSV - ok
09:59:44.0226 0x1f44 b06bdrv - ok
09:59:44.0226 0x1f44 BasicDisplay - ok
09:59:44.0226 0x1f44 BasicRender - ok
09:59:44.0226 0x1f44 bcmfn - ok
09:59:44.0242 0x1f44 bcmfn2 - ok
09:59:44.0242 0x1f44 BDESVC - ok
09:59:44.0242 0x1f44 Beep - ok
09:59:44.0242 0x1f44 BFE - ok
09:59:44.0242 0x1f44 BITS - ok
09:59:44.0258 0x1f44 [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:59:44.0258 0x1f44 Bonjour Service - ok
09:59:44.0273 0x1f44 bowser - ok
09:59:44.0273 0x1f44 BrokerInfrastructure - ok
09:59:44.0273 0x1f44 Browser - ok
09:59:44.0305 0x1f44 [ 0471D5669F18C50E552B2BC0CB15E7B3, 472F471FF9E5A1FDD5610BAC2F5E727AB284B7B5A71C4E515D549667F0B5EB86 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
09:59:44.0351 0x1f44 BrYNSvc - ok
09:59:44.0351 0x1f44 BthAvrcpTg - ok
09:59:44.0351 0x1f44 BthEnum - ok
09:59:44.0351 0x1f44 BthHFEnum - ok
09:59:44.0351 0x1f44 bthhfhid - ok
09:59:44.0367 0x1f44 BthHFSrv - ok
09:59:44.0367 0x1f44 BthLEEnum - ok
09:59:44.0367 0x1f44 BTHMODEM - ok
09:59:44.0383 0x1f44 BthPan - ok
09:59:44.0383 0x1f44 BTHPORT - ok
09:59:44.0383 0x1f44 bthserv - ok
09:59:44.0383 0x1f44 BTHUSB - ok
09:59:44.0383 0x1f44 buttonconverter - ok
09:59:44.0398 0x1f44 CapImg - ok
09:59:44.0398 0x1f44 cdfs - ok
09:59:44.0398 0x1f44 CDPSvc - ok
09:59:44.0398 0x1f44 cdrom - ok
09:59:44.0398 0x1f44 CertPropSvc - ok
09:59:44.0398 0x1f44 circlass - ok
09:59:44.0414 0x1f44 CLFS - ok
09:59:44.0476 0x1f44 [ 39A1A170E8491EDC0F904FCAEB1AF4E9, 46D695A45500678D3D9B91BA73EE072DAAE517A2DF62051D17A30EFAABF529CF ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
09:59:44.0523 0x1f44 ClickToRunSvc - ok
09:59:44.0523 0x1f44 ClipSVC - ok
09:59:44.0523 0x1f44 CmBatt - ok
09:59:44.0539 0x1f44 CNG - ok
09:59:44.0539 0x1f44 cnghwassist - ok
09:59:44.0555 0x1f44 CompositeBus - ok
09:59:44.0555 0x1f44 COMSysApp - ok
09:59:44.0555 0x1f44 condrv - ok
09:59:44.0570 0x1f44 CoreMessagingRegistrar - ok
09:59:44.0570 0x1f44 CryptSvc - ok
09:59:44.0570 0x1f44 dam - ok
09:59:44.0570 0x1f44 DcomLaunch - ok
09:59:44.0586 0x1f44 DcpSvc - ok
09:59:44.0586 0x1f44 defragsvc - ok
09:59:44.0586 0x1f44 DeviceAssociationService - ok
09:59:44.0586 0x1f44 DeviceInstall - ok
09:59:44.0586 0x1f44 DevQueryBroker - ok
09:59:44.0601 0x1f44 Dfsc - ok
09:59:44.0601 0x1f44 [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
09:59:44.0617 0x1f44 dg_ssudbus - ok
09:59:44.0617 0x1f44 Dhcp - ok
09:59:44.0633 0x1f44 diagnosticshub.standardcollector.service - ok
09:59:44.0633 0x1f44 DiagTrack - ok
09:59:44.0633 0x1f44 disk - ok
09:59:44.0633 0x1f44 DmEnrollmentSvc - ok
09:59:44.0633 0x1f44 dmvsc - ok
09:59:44.0648 0x1f44 dmwappushservice - ok
09:59:44.0648 0x1f44 Dnscache - ok
09:59:44.0648 0x1f44 dot3svc - ok
09:59:44.0648 0x1f44 DPS - ok
09:59:44.0648 0x1f44 drmkaud - ok
09:59:44.0664 0x1f44 DsmSvc - ok
09:59:44.0664 0x1f44 DsSvc - ok
09:59:44.0664 0x1f44 [ 496C3C6BC3D930D0960C9E75AA30F4A7, 3FE0E86DA8C2C6A990BB2F1B92C22BD3483882B8D69FF8025BB68A199362C234 ] dtlitescsibus C:\WINDOWS\System32\drivers\dtlitescsibus.sys
09:59:44.0680 0x1f44 dtlitescsibus - ok
09:59:44.0680 0x1f44 [ 46571ED73AE84469DCA53081D33CF3C8, 8BB386BB4F6AD39F06A8607CD1DF3D67CFA45BBE52E40EDB90EB8C862283EBFF ] dtsoftbus01 C:\WINDOWS\System32\drivers\dtsoftbus01.sys
09:59:44.0695 0x1f44 dtsoftbus01 - ok
09:59:44.0695 0x1f44 DXGKrnl - ok
09:59:44.0695 0x1f44 Eaphost - ok
09:59:44.0711 0x1f44 ebdrv - ok
09:59:44.0711 0x1f44 EFS - ok
09:59:44.0711 0x1f44 EhStorClass - ok
09:59:44.0711 0x1f44 EhStorTcgDrv - ok
09:59:44.0711 0x1f44 embeddedmode - ok
09:59:44.0726 0x1f44 EntAppSvc - ok
09:59:44.0726 0x1f44 ErrDev - ok
09:59:44.0726 0x1f44 EventSystem - ok
09:59:44.0726 0x1f44 exfat - ok
09:59:44.0726 0x1f44 fastfat - ok
09:59:44.0742 0x1f44 Fax - ok
09:59:44.0742 0x1f44 fdc - ok
09:59:44.0742 0x1f44 fdPHost - ok
09:59:44.0758 0x1f44 FDResPub - ok
09:59:44.0758 0x1f44 fhsvc - ok
09:59:44.0758 0x1f44 FileCrypt - ok
09:59:44.0758 0x1f44 FileInfo - ok
09:59:44.0758 0x1f44 Filetrace - ok
09:59:44.0758 0x1f44 flpydisk - ok
09:59:44.0773 0x1f44 FltMgr - ok
09:59:44.0773 0x1f44 FontCache - ok
09:59:44.0789 0x1f44 FontCache3.0.0.0 - ok
09:59:44.0789 0x1f44 FsDepends - ok
09:59:44.0789 0x1f44 Fs_Rec - ok
09:59:44.0789 0x1f44 fvevol - ok
09:59:44.0789 0x1f44 gagp30kx - ok
09:59:44.0789 0x1f44 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:59:44.0789 0x1f44 GEARAspiWDM - ok
09:59:44.0805 0x1f44 gencounter - ok
09:59:44.0805 0x1f44 genericusbfn - ok
09:59:44.0805 0x1f44 GPIOClx0101 - ok
09:59:44.0805 0x1f44 gpsvc - ok
09:59:44.0805 0x1f44 GpuEnergyDrv - ok
09:59:44.0805 0x1f44 HDAudBus - ok
09:59:44.0805 0x1f44 HidBatt - ok
09:59:44.0820 0x1f44 HidBth - ok
09:59:44.0820 0x1f44 hidi2c - ok
09:59:44.0820 0x1f44 hidinterrupt - ok
09:59:44.0820 0x1f44 HidIr - ok
09:59:44.0820 0x1f44 hidserv - ok
09:59:44.0836 0x1f44 HidUsb - ok
09:59:44.0836 0x1f44 HomeGroupListener - ok
09:59:44.0836 0x1f44 HomeGroupProvider - ok
09:59:44.0836 0x1f44 HpSAMD - ok
09:59:44.0851 0x1f44 HTTP - ok
09:59:44.0851 0x1f44 hwpolicy - ok
09:59:44.0851 0x1f44 hyperkbd - ok
09:59:44.0851 0x1f44 i8042prt - ok
09:59:44.0851 0x1f44 iai2c - ok
09:59:44.0851 0x1f44 iaLPSS2i_I2C - ok
09:59:44.0851 0x1f44 iaLPSSi_GPIO - ok
09:59:44.0867 0x1f44 iaLPSSi_I2C - ok
09:59:44.0883 0x1f44 [ 25555186E4FBDF0E30A5DBFC9B9A73F9, 4A9DAC2B56389C5955C343E202C6E81CD3A608E78A4BB7E6ED560719DF02C955 ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys
09:59:44.0883 0x1f44 iaStorA - ok
09:59:44.0883 0x1f44 iaStorAV - ok
09:59:44.0898 0x1f44 [ 6241810294275CEA59EBA9733080E5EE, F9A1A505B9279CD660CAAF4F8D21BDC34AC75FD86E881632A378B9BF39A3738E ] IAStorDataMgrSvc C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
09:59:44.0914 0x1f44 IAStorDataMgrSvc - ok
09:59:44.0914 0x1f44 iaStorV - ok
09:59:44.0914 0x1f44 ibbus - ok
09:59:44.0914 0x1f44 icssvc - ok
09:59:44.0914 0x1f44 IEEtwCollectorService - ok
09:59:44.0930 0x1f44 IKEEXT - ok
09:59:44.0961 0x1f44 [ BB4577840BE24C5468C5E258E00ED0C0, 690B9F99C7CB208D2F5615E775B8670E26C9EF76186CE26991BD3A629CF0BF02 ] ImControllerService C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
09:59:44.0976 0x1f44 ImControllerService - ok
09:59:45.0055 0x1f44 [ 622868E4BAE8FBCD22CB1A5901A2C824, C1A2264C0984DD16C83B663C9CE43E049E1356E32C5771C3ACE225F285699138 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
09:59:45.0117 0x1f44 IntcAzAudAddService - ok
09:59:45.0149 0x1f44 [ DAE6C3099D291EED8922A65C29ABCF52, AD0A932345382824122F84AF97A8609BAE1B916A3B9FD608779A1411E37D3643 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
09:59:45.0695 0x1f44 Intel® Capability Licensing Service Interface - ok
09:59:45.0727 0x1f44 [ D45226E3E7A25F1E7CE8DF8FD0A2A098, 7BD74E9E3CB0A83D26BA3FD8177C6B9BA46A8695B6569CF7887FDC87947DA2D6 ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
09:59:46.0289 0x1f44 Intel® Capability Licensing Service TCP IP Interface - ok
09:59:46.0289 0x1f44 intelide - ok
09:59:46.0289 0x1f44 intelpep - ok
09:59:46.0289 0x1f44 intelppm - ok
09:59:46.0305 0x1f44 IoQos - ok
09:59:46.0305 0x1f44 IpFilterDriver - ok
09:59:46.0305 0x1f44 iphlpsvc - ok
09:59:46.0305 0x1f44 IPMIDRV - ok
09:59:46.0305 0x1f44 IPNAT - ok
09:59:46.0352 0x1f44 [ B066C46E4B638B849245E35A5703AF80, 738A2A76A68721DCA5004DFF381EF2F032A7E309454294E4ABDFF5141BAC9337 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:59:46.0352 0x1f44 iPod Service - ok
09:59:46.0352 0x1f44 IRENUM - ok
09:59:46.0367 0x1f44 isapnp - ok
09:59:46.0367 0x1f44 iScsiPrt - ok
09:59:46.0367 0x1f44 [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
09:59:46.0399 0x1f44 jhi_service - ok
09:59:46.0414 0x1f44 [ E2CFDA7E9606FD5ECAB93E4817414661, F60A1EFFD7EB9D69620E971AB30D3FF4138D233A6EDE51CFD1BE8CCB5776E321 ] JME Keyboard C:\Windows\jmesoft\Service.exe
09:59:46.0430 0x1f44 JME Keyboard - ok
09:59:46.0430 0x1f44 kbdclass - ok
09:59:46.0430 0x1f44 kbdhid - ok
09:59:46.0430 0x1f44 kdnic - ok
09:59:46.0445 0x1f44 KeyIso - ok
09:59:46.0445 0x1f44 KSecDD - ok
09:59:46.0445 0x1f44 KSecPkg - ok
09:59:46.0445 0x1f44 ksthunk - ok
09:59:46.0445 0x1f44 KtmRm - ok
09:59:46.0445 0x1f44 LanmanServer - ok
09:59:46.0461 0x1f44 LanmanWorkstation - ok
09:59:46.0492 0x1f44 [ 754891B0F48F961571580569C185EB00, 0818FCF23E0C795DFDB72A7215973D801E6559818F5A4AF050E0994522B6EAF7 ] Lenovo EasyPlus Hotspot C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe
09:59:46.0508 0x1f44 Lenovo EasyPlus Hotspot - ok
09:59:46.0539 0x1f44 [ 8CD7568B0F809731D931144DE376FD16, 78902FA1BED048B336DE71FB82A3614A58BBAA834483F2F2B5ABF4A70FA491F3 ] Lenovo System Agent Service C:\Program Files\Lenovo\iMController\SystemAgentService.exe
09:59:46.0555 0x1f44 Lenovo System Agent Service - ok
09:59:46.0570 0x1f44 lfsvc - ok
09:59:46.0570 0x1f44 LicenseManager - ok
09:59:46.0570 0x1f44 lltdio - ok
09:59:46.0570 0x1f44 lltdsvc - ok
09:59:46.0570 0x1f44 lmhosts - ok
09:59:46.0586 0x1f44 [ D9A646E8BC99F0383E9BC0D3A96C4501, C36ECF85E591AACCCE2D1E02A3B07806193A04BDE8752464C6703E3CF53C8CD2 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
09:59:46.0602 0x1f44 LMS - ok
09:59:46.0617 0x1f44 [ CE87E8E09273791172F7A1C60B225648, 03AB8A69C5A58FD3BCFF9E36FF83338B6866D82E4E550CD7CED686C4CC096DC1 ] LSCWinService C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
09:59:46.0633 0x1f44 LSCWinService - ok
09:59:46.0633 0x1f44 LSI_SAS - ok
09:59:46.0633 0x1f44 LSI_SAS2i - ok
09:59:46.0633 0x1f44 LSI_SAS3i - ok
09:59:46.0633 0x1f44 LSI_SSS - ok
09:59:46.0633 0x1f44 LSM - ok
09:59:46.0649 0x1f44 luafv - ok
09:59:46.0649 0x1f44 MapsBroker - ok
09:59:46.0649 0x1f44 [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
09:59:46.0649 0x1f44 MBAMProtector - ok
09:59:46.0695 0x1f44 [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
09:59:46.0711 0x1f44 MBAMScheduler - ok
09:59:46.0742 0x1f44 [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
09:59:46.0758 0x1f44 MBAMService - ok
09:59:46.0774 0x1f44 [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
09:59:46.0774 0x1f44 MBAMSwissArmy - ok
09:59:46.0774 0x1f44 [ 08DECFCB9BA97786165A69AB1015BC30, EDC8C8447B57BD412E2DEBCA9B5B1B58C19D40105DC7CE9520DE214081696B05 ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
09:59:46.0774 0x1f44 MBAMWebAccessControl - ok
09:59:46.0774 0x1f44 megasas - ok
09:59:46.0789 0x1f44 megasr - ok
09:59:46.0789 0x1f44 [ 8FE46E9374DAD76ED081936DEDD3F6B0, 2CEA37D4C9BD68BCF554120FF2A6A6B6E2A5CBB48C62071D1210557CB6A1D32D ] MEIx64 C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys
09:59:46.0805 0x1f44 MEIx64 - ok
09:59:46.0805 0x1f44 MessagingService - ok
09:59:46.0820 0x1f44 mlx4_bus - ok
09:59:46.0820 0x1f44 MMCSS - ok
09:59:46.0820 0x1f44 Modem - ok
09:59:46.0836 0x1f44 monitor - ok
09:59:46.0836 0x1f44 mouclass - ok
09:59:46.0836 0x1f44 mouhid - ok
09:59:46.0836 0x1f44 mountmgr - ok
09:59:46.0836 0x1f44 mpsdrv - ok
09:59:46.0852 0x1f44 MpsSvc - ok
09:59:46.0852 0x1f44 MRxDAV - ok
09:59:46.0852 0x1f44 mrxsmb - ok
09:59:46.0852 0x1f44 mrxsmb10 - ok
09:59:46.0852 0x1f44 mrxsmb20 - ok
09:59:46.0867 0x1f44 MsBridge - ok
09:59:46.0867 0x1f44 MSDTC - ok
09:59:46.0867 0x1f44 Msfs - ok
09:59:46.0867 0x1f44 msgpiowin32 - ok
09:59:46.0883 0x1f44 mshidkmdf - ok
09:59:46.0883 0x1f44 mshidumdf - ok
09:59:46.0883 0x1f44 msisadrv - ok
09:59:46.0883 0x1f44 MSiSCSI - ok
09:59:46.0899 0x1f44 msiserver - ok
09:59:46.0899 0x1f44 MSKSSRV - ok
09:59:46.0899 0x1f44 MsLldp - ok
09:59:46.0899 0x1f44 MSPCLOCK - ok
09:59:46.0914 0x1f44 MSPQM - ok
09:59:46.0914 0x1f44 MsRPC - ok
09:59:46.0914 0x1f44 mssmbios - ok
09:59:46.0914 0x1f44 MSTEE - ok
09:59:46.0914 0x1f44 MTConfig - ok
09:59:46.0914 0x1f44 Mup - ok
09:59:46.0930 0x1f44 mvumis - ok
09:59:46.0930 0x1f44 NativeWifiP - ok
09:59:46.0930 0x1f44 NcaSvc - ok
09:59:46.0930 0x1f44 NcbService - ok
09:59:46.0930 0x1f44 NcdAutoSetup - ok
09:59:46.0930 0x1f44 ndfltr - ok
09:59:46.0930 0x1f44 NDIS - ok
09:59:46.0945 0x1f44 NdisCap - ok
09:59:46.0945 0x1f44 NdisImPlatform - ok
09:59:46.0945 0x1f44 NdisTapi - ok
09:59:46.0945 0x1f44 Ndisuio - ok
09:59:46.0945 0x1f44 NdisVirtualBus - ok
09:59:46.0945 0x1f44 NdisWan - ok
09:59:46.0961 0x1f44 ndiswanlegacy - ok
09:59:46.0961 0x1f44 ndproxy - ok
09:59:46.0961 0x1f44 Ndu - ok
09:59:46.0961 0x1f44 NetBIOS - ok
09:59:46.0961 0x1f44 NetBT - ok
09:59:46.0961 0x1f44 Netlogon - ok
09:59:46.0977 0x1f44 Netman - ok
09:59:46.0977 0x1f44 netprofm - ok
09:59:46.0977 0x1f44 NetSetupSvc - ok
09:59:46.0992 0x1f44 NetTcpPortSharing - ok
09:59:46.0992 0x1f44 NgcCtnrSvc - ok
09:59:46.0992 0x1f44 NgcSvc - ok
09:59:46.0992 0x1f44 NlaSvc - ok
09:59:46.0992 0x1f44 Npfs - ok
09:59:47.0008 0x1f44 npsvctrig - ok
09:59:47.0008 0x1f44 nsi - ok
09:59:47.0008 0x1f44 nsiproxy - ok
09:59:47.0008 0x1f44 NTFS - ok
09:59:47.0008 0x1f44 Null - ok
09:59:47.0039 0x1f44 [ 624C1453F9109D98F7E2612DAD76BBB1, 4578623BF7EA1AF42038070AA3A1A9AC4A9582132ABBFAD9C3A99F46308DE8C3 ] NVHDA C:\WINDOWS\system32\drivers\nvhda64v.sys
09:59:47.0055 0x1f44 NVHDA - ok
09:59:47.0289 0x1f44 [ DF0BB2C179476D312B7BC0056CEC50A6, 64CC3201FA903E0EC9C99BE167C439C14A4C9AC2A88898B64789EEB381DB97B6 ] nvlddmkm C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
09:59:47.0430 0x1f44 nvlddmkm - ok
09:59:47.0461 0x1f44 nvraid - ok
09:59:47.0477 0x1f44 nvstor - ok
09:59:47.0508 0x1f44 [ DFCCA437717EACA8418F47992A41B39A, E587A629B894EE6A16AC414747D492FFC6B6E9F051B40F7D25F0D4406E2FF919 ] nvsvc C:\WINDOWS\system32\nvvsvc.exe
09:59:47.0586 0x1f44 nvsvc - ok
09:59:47.0602 0x1f44 nv_agp - ok
09:59:47.0602 0x1f44 OneSyncSvc - ok
09:59:47.0617 0x1f44 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:59:47.0617 0x1f44 ose - ok
09:59:47.0617 0x1f44 p2pimsvc - ok
09:59:47.0617 0x1f44 p2psvc - ok
09:59:47.0617 0x1f44 Parport - ok
09:59:47.0617 0x1f44 partmgr - ok
09:59:47.0617 0x1f44 PcaSvc - ok
09:59:47.0633 0x1f44 pci - ok
09:59:47.0633 0x1f44 pciide - ok
09:59:47.0633 0x1f44 pcmcia - ok
09:59:47.0633 0x1f44 pcw - ok
09:59:47.0633 0x1f44 pdc - ok
09:59:47.0664 0x1f44 [ 1EAE050F8CDC82B12C9F8C58DFB7567A, DE5B4839FCFDD09CA33D8ACB97635D805FAFED33C7F6DD119AE4D5EC17733B62 ] PDFProFiltSrvPP C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
09:59:47.0664 0x1f44 PDFProFiltSrvPP - ok
09:59:47.0664 0x1f44 PEAUTH - ok
09:59:47.0664 0x1f44 percsas2i - ok
09:59:47.0680 0x1f44 percsas3i - ok
09:59:47.0742 0x1f44 PerfHost - ok
09:59:47.0742 0x1f44 PhoneSvc - ok
09:59:47.0742 0x1f44 PimIndexMaintenanceSvc - ok
09:59:47.0758 0x1f44 pla - ok
09:59:47.0758 0x1f44 PlugPlay - ok
09:59:47.0758 0x1f44 PNRPAutoReg - ok
09:59:47.0758 0x1f44 PNRPsvc - ok
09:59:47.0774 0x1f44 PolicyAgent - ok
09:59:47.0774 0x1f44 Power - ok
09:59:47.0774 0x1f44 PptpMiniport - ok
09:59:47.0883 0x1f44 [ 959F94AD1255BC749884EDDD14EC29C4, 2CD6DA9778EA36FA0B4080F6DB1C634712238E014E47546403CD3CDB35A1DCA8 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
09:59:47.0930 0x1f44 PrintNotify - ok
09:59:47.0946 0x1f44 Processor - ok
09:59:47.0946 0x1f44 ProfSvc - ok
09:59:47.0946 0x1f44 Psched - ok
09:59:47.0946 0x1f44 QWAVE - ok
09:59:47.0946 0x1f44 QWAVEdrv - ok
09:59:47.0946 0x1f44 RasAcd - ok
09:59:47.0961 0x1f44 RasAgileVpn - ok
09:59:47.0961 0x1f44 RasAuto - ok
09:59:47.0961 0x1f44 Rasl2tp - ok
09:59:47.0961 0x1f44 RasMan - ok
09:59:47.0961 0x1f44 RasPppoe - ok
09:59:47.0961 0x1f44 RasSstp - ok
09:59:47.0977 0x1f44 rdbss - ok
09:59:47.0977 0x1f44 rdpbus - ok
09:59:47.0977 0x1f44 RDPDR - ok
09:59:47.0977 0x1f44 RdpVideoMiniport - ok
09:59:47.0992 0x1f44 rdyboost - ok
09:59:47.0992 0x1f44 ReFSv1 - ok
09:59:47.0992 0x1f44 RemoteAccess - ok
09:59:47.0992 0x1f44 RemoteRegistry - ok
09:59:47.0992 0x1f44 RetailDemo - ok
09:59:47.0992 0x1f44 RFCOMM - ok
09:59:48.0008 0x1f44 RpcEptMapper - ok
09:59:48.0008 0x1f44 RpcLocator - ok
09:59:48.0008 0x1f44 RpcSs - ok
09:59:48.0008 0x1f44 rspndr - ok
09:59:48.0008 0x1f44 rt640x64 - ok
09:59:48.0039 0x1f44 [ E6C05129D1713069D7EE417607E6F332, 98F50B8243D62B62D96E12A6281413860C56D39A0D84B8EAEE185CBC20E58543 ] RtkBtFilter C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys
09:59:48.0039 0x1f44 RtkBtFilter - ok
09:59:48.0055 0x1f44 [ 3940780911A7BD1793B7CEEC9E4429C2, 539511D26D2EE348F80D9EFA414FD731983B14D8218E498217E7A0A0E439E41C ] RTSUER C:\WINDOWS\system32\Drivers\RtsUer.sys
09:59:48.0071 0x1f44 RTSUER - ok
09:59:48.0071 0x1f44 RTWlanE - ok
09:59:48.0071 0x1f44 s3cap - ok
09:59:48.0071 0x1f44 SamSs - ok
09:59:48.0071 0x1f44 sbp2port - ok
09:59:48.0071 0x1f44 SCardSvr - ok
09:59:48.0086 0x1f44 ScDeviceEnum - ok
09:59:48.0086 0x1f44 scfilter - ok
09:59:48.0086 0x1f44 Schedule - ok
09:59:48.0086 0x1f44 SCPolicySvc - ok
09:59:48.0086 0x1f44 sdbus - ok
09:59:48.0086 0x1f44 SDRSVC - ok
09:59:48.0102 0x1f44 sdstor - ok
09:59:48.0102 0x1f44 seclogon - ok
09:59:48.0102 0x1f44 SENS - ok
09:59:48.0102 0x1f44 SensorDataService - ok
09:59:48.0102 0x1f44 SensorService - ok
09:59:48.0102 0x1f44 SensrSvc - ok
09:59:48.0102 0x1f44 SerCx - ok
09:59:48.0117 0x1f44 SerCx2 - ok
09:59:48.0117 0x1f44 Serenum - ok
09:59:48.0117 0x1f44 Serial - ok
09:59:48.0117 0x1f44 sermouse - ok
09:59:48.0117 0x1f44 SessionEnv - ok
09:59:48.0133 0x1f44 sfloppy - ok
09:59:48.0133 0x1f44 SharedAccess - ok
09:59:48.0139 0x1f44 ShellHWDetection - ok
09:59:48.0143 0x1f44 SiSRaid2 - ok
09:59:48.0143 0x1f44 SiSRaid4 - ok
09:59:48.0147 0x1f44 smphost - ok
09:59:48.0151 0x1f44 SmsRouter - ok
09:59:48.0155 0x1f44 SNMPTRAP - ok
09:59:48.0159 0x1f44 spaceport - ok
09:59:48.0159 0x1f44 SpbCx - ok
09:59:48.0163 0x1f44 Spooler - ok
09:59:48.0163 0x1f44 sppsvc - ok
09:59:48.0167 0x1f44 srv - ok
09:59:48.0171 0x1f44 srv2 - ok
09:59:48.0171 0x1f44 srvnet - ok
09:59:48.0183 0x1f44 SSDPSRV - ok
09:59:48.0183 0x1f44 SstpSvc - ok
09:59:48.0191 0x1f44 [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
09:59:48.0207 0x1f44 ssudmdm - ok
09:59:48.0211 0x1f44 StateRepository - ok
09:59:48.0211 0x1f44 stexstor - ok
09:59:48.0215 0x1f44 [ 2834415C4EDD6CE35CB3CFEC50E08469, 28426616C709457DF38B5E2B4B9666C1255B81D2097589A95AAABD1BFACD302A ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
09:59:48.0215 0x1f44 StillCam - ok
09:59:48.0219 0x1f44 stisvc - ok
09:59:48.0223 0x1f44 storahci - ok
09:59:48.0223 0x1f44 storflt - ok
09:59:48.0227 0x1f44 stornvme - ok
09:59:48.0231 0x1f44 storqosflt - ok
09:59:48.0231 0x1f44 StorSvc - ok
09:59:48.0235 0x1f44 storufs - ok
09:59:48.0239 0x1f44 storvsc - ok
09:59:48.0243 0x1f44 svsvc - ok
09:59:48.0247 0x1f44 swenum - ok
09:59:48.0247 0x1f44 swprv - ok
09:59:48.0251 0x1f44 Synth3dVsc - ok
09:59:48.0255 0x1f44 SysMain - ok
09:59:48.0259 0x1f44 SystemEventsBroker - ok
09:59:48.0263 0x1f44 TabletInputService - ok
09:59:48.0263 0x1f44 TapiSrv - ok
09:59:48.0267 0x1f44 Tcpip - ok
09:59:48.0271 0x1f44 Tcpip6 - ok
09:59:48.0276 0x1f44 tcpipreg - ok
09:59:48.0276 0x1f44 tdx - ok
09:59:48.0280 0x1f44 terminpt - ok
09:59:48.0284 0x1f44 TermService - ok
09:59:48.0284 0x1f44 Themes - ok
09:59:48.0288 0x1f44 TieringEngineService - ok
09:59:48.0292 0x1f44 tiledatamodelsvc - ok
09:59:48.0292 0x1f44 TimeBroker - ok
09:59:48.0300 0x1f44 TPM - ok
09:59:48.0300 0x1f44 TrkWks - ok
09:59:48.0312 0x1f44 [ 0C997B061E3C66BD9E927C1288EB1CC7, 3807E9A1BC159B9E8FC0C7CAAD10D7213FF8ED8AD1CEA9EA552B093C81BF624B ] TrueSight C:\Windows\System32\drivers\TrueSight.sys
09:59:48.0324 0x1f44 TrueSight - ok
09:59:48.0332 0x1f44 TrustedInstaller - ok
09:59:48.0336 0x1f44 tsusbflt - ok
09:59:48.0336 0x1f44 TsUsbGD - ok
09:59:48.0340 0x1f44 tunnel - ok
09:59:48.0340 0x1f44 tzautoupdate - ok
09:59:48.0344 0x1f44 uagp35 - ok
09:59:48.0344 0x1f44 UASPStor - ok
09:59:48.0348 0x1f44 UcmCx0101 - ok
09:59:48.0352 0x1f44 UcmUcsi - ok
09:59:48.0352 0x1f44 Ucx01000 - ok
09:59:48.0356 0x1f44 UdeCx - ok
09:59:48.0356 0x1f44 udfs - ok
09:59:48.0360 0x1f44 UEFI - ok
09:59:48.0372 0x1f44 Ufx01000 - ok
09:59:48.0384 0x1f44 UfxChipidea - ok
09:59:48.0388 0x1f44 ufxsynopsys - ok
09:59:48.0392 0x1f44 UI0Detect - ok
09:59:48.0396 0x1f44 uliagpkx - ok
09:59:48.0400 0x1f44 umbus - ok
09:59:48.0404 0x1f44 UmPass - ok
09:59:48.0408 0x1f44 UmRdpService - ok
09:59:48.0412 0x1f44 UnistoreSvc - ok
09:59:48.0416 0x1f44 upnphost - ok
09:59:48.0420 0x1f44 UrsChipidea - ok
09:59:48.0420 0x1f44 UrsCx01000 - ok
09:59:48.0424 0x1f44 UrsSynopsys - ok
09:59:48.0436 0x1f44 [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64 C:\WINDOWS\System32\Drivers\usbaapl64.sys
09:59:48.0448 0x1f44 USBAAPL64 - ok
09:59:48.0456 0x1f44 usbccgp - ok
09:59:48.0456 0x1f44 usbcir - ok
09:59:48.0460 0x1f44 usbehci - ok
09:59:48.0464 0x1f44 usbhub - ok
09:59:48.0464 0x1f44 USBHUB3 - ok
09:59:48.0468 0x1f44 usbohci - ok
09:59:48.0472 0x1f44 usbprint - ok
09:59:48.0472 0x1f44 usbser - ok
09:59:48.0476 0x1f44 USBSTOR - ok
09:59:48.0476 0x1f44 usbuhci - ok
09:59:48.0480 0x1f44 USBXHCI - ok
09:59:48.0484 0x1f44 UserDataSvc - ok
09:59:48.0488 0x1f44 UserManager - ok
09:59:48.0488 0x1f44 UsoSvc - ok
09:59:48.0492 0x1f44 VaultSvc - ok
09:59:48.0492 0x1f44 vdrvroot - ok
09:59:48.0496 0x1f44 vds - ok
09:59:48.0500 0x1f44 VerifierExt - ok
09:59:48.0504 0x1f44 vhdmp - ok
09:59:48.0504 0x1f44 vhf - ok
09:59:48.0508 0x1f44 vmbus - ok
09:59:48.0512 0x1f44 VMBusHID - ok
09:59:48.0516 0x1f44 vmicguestinterface - ok
09:59:48.0520 0x1f44 vmicheartbeat - ok
09:59:48.0526 0x1f44 vmickvpexchange - ok
09:59:48.0530 0x1f44 vmicrdv - ok
09:59:48.0530 0x1f44 vmicshutdown - ok
09:59:48.0534 0x1f44 vmictimesync - ok
09:59:48.0534 0x1f44 vmicvmsession - ok
09:59:48.0538 0x1f44 vmicvss - ok
09:59:48.0542 0x1f44 volmgr - ok
09:59:48.0542 0x1f44 volmgrx - ok
09:59:48.0546 0x1f44 volsnap - ok
09:59:48.0550 0x1f44 vpci - ok
09:59:48.0550 0x1f44 vsmraid - ok
09:59:48.0554 0x1f44 VSS - ok
09:59:48.0559 0x1f44 VSTXRAID - ok
09:59:48.0559 0x1f44 vwifibus - ok
09:59:48.0559 0x1f44 vwififlt - ok
09:59:48.0559 0x1f44 vwifimp - ok
09:59:48.0559 0x1f44 W32Time - ok
09:59:48.0559 0x1f44 WacomPen - ok
09:59:48.0575 0x1f44 WalletService - ok
09:59:48.0575 0x1f44 wanarp - ok
09:59:48.0575 0x1f44 wanarpv6 - ok
09:59:48.0575 0x1f44 wbengine - ok
09:59:48.0575 0x1f44 WbioSrvc - ok
09:59:48.0575 0x1f44 Wcmsvc - ok
09:59:48.0590 0x1f44 wcncsvc - ok
09:59:48.0590 0x1f44 WcsPlugInService - ok
09:59:48.0590 0x1f44 WdBoot - ok
09:59:48.0590 0x1f44 [ A556768CC1FA4F36022BEE2F0EDE2566, 3A4BC9DE614F43CD94FA354A565C66B2E1E36C0608D84C6288010B97B9D811AA ] WDC_SAM C:\WINDOWS\System32\drivers\wdcsam64.sys
09:59:48.0590 0x1f44 WDC_SAM - ok
09:59:48.0590 0x1f44 Wdf01000 - ok
09:59:48.0590 0x1f44 WdFilter - ok
09:59:48.0606 0x1f44 WdiServiceHost - ok
09:59:48.0606 0x1f44 WdiSystemHost - ok
09:59:48.0606 0x1f44 wdiwifi - ok
09:59:48.0606 0x1f44 WdNisDrv - ok
09:59:48.0606 0x1f44 WdNisSvc - ok
09:59:48.0606 0x1f44 WebClient - ok
09:59:48.0621 0x1f44 Wecsvc - ok
09:59:48.0621 0x1f44 WEPHOSTSVC - ok
09:59:48.0621 0x1f44 wercplsupport - ok
09:59:48.0621 0x1f44 WerSvc - ok
09:59:48.0621 0x1f44 WFPLWFS - ok
09:59:48.0621 0x1f44 WiaRpc - ok
09:59:48.0621 0x1f44 WIMMount - ok
09:59:48.0637 0x1f44 WinDefend - ok
09:59:48.0637 0x1f44 WindowsTrustedRT - ok
09:59:48.0637 0x1f44 WindowsTrustedRTProxy - ok
09:59:48.0637 0x1f44 WinHttpAutoProxySvc - ok
09:59:48.0637 0x1f44 WinMad - ok
09:59:48.0653 0x1f44 Winmgmt - ok
09:59:48.0653 0x1f44 WinRM - ok
09:59:48.0653 0x1f44 WINUSB - ok
09:59:48.0668 0x1f44 WinVerbs - ok
09:59:48.0668 0x1f44 WlanSvc - ok
09:59:48.0668 0x1f44 wlidsvc - ok
09:59:48.0668 0x1f44 WmiAcpi - ok
09:59:48.0668 0x1f44 wmiApSrv - ok
09:59:48.0684 0x1f44 WMPNetworkSvc - ok
09:59:48.0684 0x1f44 [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof C:\WINDOWS\system32\drivers\Wof.sys
09:59:48.0684 0x1f44 Wof - ok
09:59:48.0700 0x1f44 workfolderssvc - ok
09:59:48.0700 0x1f44 wpcfltr - ok
09:59:48.0700 0x1f44 WPDBusEnum - ok
09:59:48.0700 0x1f44 WpdUpFltr - ok
09:59:48.0700 0x1f44 WpnService - ok
09:59:48.0700 0x1f44 ws2ifsl - ok
09:59:48.0715 0x1f44 wscsvc - ok
09:59:48.0715 0x1f44 WSDPrintDevice - ok
09:59:48.0715 0x1f44 WSDScan - ok
09:59:48.0715 0x1f44 WSearch - ok
09:59:48.0715 0x1f44 WSService - ok
09:59:48.0731 0x1f44 [ 72B4E9DF6456C43C42A1419B09486045, 536BA7377B5BEA7EA46864453933111DB88DB8FB689C68915ACD7261A996E61D ] wsvd C:\WINDOWS\system32\DRIVERS\wsvd.sys
09:59:48.0731 0x1f44 wsvd - ok
09:59:48.0731 0x1f44 wuauserv - ok
09:59:48.0731 0x1f44 WudfPf - ok
09:59:48.0731 0x1f44 WUDFRd - ok
09:59:48.0746 0x1f44 wudfsvc - ok
09:59:48.0746 0x1f44 WUDFWpdFs - ok
09:59:48.0746 0x1f44 WUDFWpdMtp - ok
09:59:48.0746 0x1f44 WwanSvc - ok
09:59:48.0762 0x1f44 XblAuthManager - ok
09:59:48.0762 0x1f44 XblGameSave - ok
09:59:48.0762 0x1f44 xboxgip - ok
09:59:48.0762 0x1f44 XboxNetApiSvc - ok
09:59:48.0762 0x1f44 xinputhid - ok
09:59:48.0778 0x1f44 ================ Scan global ===============================
09:59:48.0778 0x1f44 [ Global ] - ok
09:59:48.0778 0x1f44 ================ Scan MBR ==================================
09:59:48.0793 0x1f44 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
09:59:48.0809 0x1f44 \Device\Harddisk0\DR0 - ok
09:59:48.0840 0x1f44 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
09:59:48.0840 0x1f44 \Device\Harddisk1\DR1 - ok
09:59:48.0840 0x1f44 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
09:59:48.0856 0x1f44 \Device\Harddisk2\DR2 - ok
09:59:48.0856 0x1f44 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
09:59:48.0856 0x1f44 \Device\Harddisk3\DR3 - ok
09:59:48.0887 0x1f44 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk4\DR4
09:59:48.0903 0x1f44 \Device\Harddisk4\DR4 - ok
09:59:48.0903 0x1f44 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk5\DR5
09:59:48.0903 0x1f44 \Device\Harddisk5\DR5 - ok
09:59:48.0903 0x1f44 ================ Scan VBR ==================================
09:59:48.0903 0x1f44 [ 0C8FA7E140F2E0BA26CC9E58E0EFBDDC ] \Device\Harddisk0\DR0\Partition1
09:59:48.0965 0x1f44 \Device\Harddisk0\DR0\Partition1 - ok
09:59:48.0981 0x1f44 [ 062A4C40D2B9486A8B4F0534B0D8EC11 ] \Device\Harddisk0\DR0\Partition2
09:59:48.0996 0x1f44 \Device\Harddisk0\DR0\Partition2 - ok
09:59:49.0012 0x1f44 [ 7BA4020D01BDE12727AC08179B34EEF2 ] \Device\Harddisk0\DR0\Partition3
09:59:49.0045 0x1f44 \Device\Harddisk0\DR0\Partition3 - ok
09:59:49.0045 0x1f44 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition4
09:59:49.0045 0x1f44 \Device\Harddisk0\DR0\Partition4 - ok
09:59:49.0049 0x1f44 [ 1AECE37479B4D1E13759DA61BE5A5169 ] \Device\Harddisk0\DR0\Partition5
09:59:49.0105 0x1f44 \Device\Harddisk0\DR0\Partition5 - ok
09:59:49.0105 0x1f44 [ 709D6268D2CDC4161E745904BECC895F ] \Device\Harddisk0\DR0\Partition6
09:59:49.0134 0x1f44 \Device\Harddisk0\DR0\Partition6 - ok
09:59:49.0138 0x1f44 [ 74CD9471D8F18D6E8E6A9D668D2FEBB0 ] \Device\Harddisk1\DR1\Partition1
09:59:49.0148 0x1f44 \Device\Harddisk1\DR1\Partition1 - ok
09:59:49.0149 0x1f44 [ 56A94F02C80039E90636552A3370E776 ] \Device\Harddisk2\DR2\Partition1
09:59:49.0206 0x1f44 \Device\Harddisk2\DR2\Partition1 - ok
09:59:49.0206 0x1f44 [ 046A5F89B9A5F6B9260F98E8243F6186 ] \Device\Harddisk3\DR3\Partition1
09:59:49.0719 0x1f44 \Device\Harddisk3\DR3\Partition1 - ok
09:59:49.0735 0x1f44 [ D3C2709979AFE1DB7C447BBAE3111224 ] \Device\Harddisk4\DR4\Partition1
09:59:49.0735 0x1f44 \Device\Harddisk4\DR4\Partition1 - ok
09:59:49.0735 0x1f44 [ 026BFB11A80EEB52AD075D8DED7D74EA ] \Device\Harddisk5\DR5\Partition1
09:59:49.0750 0x1f44 \Device\Harddisk5\DR5\Partition1 - ok
09:59:49.0750 0x1f44 ================ Scan generic autorun ======================
09:59:50.0047 0x1f44 [ 65E8545F1297CD83534C354A7BED1848, 19B3F3C17A335837454DC1851C6436D0BB2D8B1595AEB4DC71265FB20868B48F ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
09:59:50.0203 0x1f44 RtHDVCpl - ok
09:59:50.0235 0x1f44 [ 31821EC63BDEDE18E64C11F7248B32AB, 6982AE866F8EC7943FDB3E4B77B03542A2E3E07F080B8D806C4ED903DE3368CE ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
09:59:50.0250 0x1f44 RtHDVBg_Dolby - ok
09:59:50.0281 0x1f44 [ 31821EC63BDEDE18E64C11F7248B32AB, 6982AE866F8EC7943FDB3E4B77B03542A2E3E07F080B8D806C4ED903DE3368CE ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
09:59:50.0297 0x1f44 RtHDVBg_LENOVO_MICPKEY - ok
09:59:50.0313 0x1f44 [ E6A3062BDB2E18EBDEB69CF7F7A3A070, 48AB0CCA0230DCBB47CCC765659E390A4A42AC7303A27B835B9FBB1168AC7BF1 ] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
09:59:50.0328 0x1f44 IAStorIcon - ok
09:59:50.0344 0x1f44 [ ADFCC68B42627055979B26FC00759D17, 5C1C8395A7846E5DDEB6FFE2B37B537DDA4712D62CE05D7EA8B1773C75D46DE6 ] C:\Program Files\iTunes\iTunesHelper.exe
09:59:50.0360 0x1f44 iTunesHelper - ok
09:59:50.0360 0x1f44 [ 17716C3DD52BF815291D80FAAF329AC7, 3E42FBED89BF8CE6C0EE8C97C050358ED98577BB1DDFA93CDE25F431FC55138E ] C:\windows\jmesoft\hotkey.exe
09:59:50.0391 0x1f44 jmekey - ok
09:59:50.0406 0x1f44 [ A7464F6ED03611109F435218E424AAB8, 2C582D2E97F5AE97D1FBEC0493DF45A8EAF2D2CA93048556FD11B4AAA09956E6 ] C:\Windows\jmesoft\ServiceLoader.exe
09:59:50.0422 0x1f44 jmesoft - ok
09:59:50.0438 0x1f44 [ 50299DBA20F8A1735830914777B55932, 7A8864A9FA81BF6C53797B7B8FCC2199B812A7E913D35387A0C5C63C170BAC02 ] C:\Program Files\Lenovo\LVT\LJYZ.exe
09:59:50.0453 0x1f44 LVT - ok
09:59:50.0469 0x1f44 [ 0B427D9943C838620AFA30CBB24A6D77, 5A98B1405126F79846C810E739E964B11A4397F3DE597991308DB3C6AABB8F81 ] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
09:59:50.0469 0x1f44 CLMLServer - ok
09:59:50.0485 0x1f44 [ 8F83160C43C61FC6775391B46B7C16BF, 648588126B2CD0B9F50F478BF4F7474137D1285061A3B22B56C1CB5B4FD3C3BF ] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
09:59:50.0485 0x1f44 UpdateP2GoShortCut - ok
09:59:50.0500 0x1f44 [ C049C40CAEE8900130BD5F80B594CC7B, F54FC31662A9B8032B380793D534F34A0C63FED9C84DE313D17A61612EB31DC4 ] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
09:59:50.0500 0x1f44 RemoteControl10 - ok
09:59:50.0531 0x1f44 [ 9F0ACAA725CF5A391AF7E2067AE45746, CA7F3C2C9D4DCB135ECBFFEB3448D272552B5DB720E0A526B4AC07B1F5E8BC9E ] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
09:59:50.0531 0x1f44 PDFHook - ok
09:59:50.0547 0x1f44 [ 154420A93E4F676AA33A055A116255D9, DF76577C22EBB439DF2B72D1B6B7A465F067CCEC886FC7A7FB337865DA1DB914 ] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
09:59:50.0547 0x1f44 PDF5 Registry Controller - ok
09:59:50.0594 0x1f44 [ C1CDB7E522CB926136A38A3BD1CECDCE, 5A69A9A41360444584EE4AB8AA7ADD137F8D8B29BE3C0AD63EDA91BD741A2590 ] C:\Program Files (x86)\Nova Development\Print Artist Platinum 25\ReminderApp.exe
09:59:50.0594 0x1f44 ReminderApp_EEAC3053-7055-4143-B8A0-306758055099 - ok
09:59:50.0625 0x1f44 [ 8FB487DE828538CEFE4315B0F715CCE1, AA2EB87874524C21C8FCE48C37B0BEEA4978E6238AA45C8EE960733AC4BFB8A7 ] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe
09:59:50.0641 0x1f44 IndexSearch - ok
09:59:50.0641 0x1f44 [ C0BF703A497846AB8976F26D44701E0F, 5F716EE857E6C3D678608E615AFC7E11DB2D6760004618729CBF71FD5321EEB6 ] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
09:59:50.0641 0x1f44 PaperPort PTD - ok
09:59:50.0656 0x1f44 [ 25550E7DB114579EB50BC98A8DFD8B9F, 11F81387B6EE44FBE4DCF251A0D4AFF3E84C550BACCA39B71B41B452D512628B ] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe
09:59:50.0719 0x1f44 ControlCenter4 - ok
09:59:50.0844 0x1f44 [ A12927788DE1555B598DFD16B4FA3F8B, 57B36F188FC212D73CFBE6431FC5095BAB3C189D04D34CA428801F6823636DFA ] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
09:59:51.0172 0x1f44 BrStsMon00 - ok
09:59:51.0266 0x1f44 [ CCD7E282045AB48CEA58AA2E2A715362, 87952B5BD23F451DB5A17B280B4047E41AEF37DEB0B8FECDA48D6F1F9C7DE866 ] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
09:59:51.0422 0x1f44 BrHelp - ok
09:59:51.0485 0x1f44 [ 1A0270C4612B8A93C3D29BA405BA55F3, 7E2D893DABD0921F25496086560F0BA7B9045A9ADE27361FBFECCE1CDA01FC2B ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
09:59:51.0563 0x1f44 SunJavaUpdateSched - ok
09:59:51.0625 0x1f44 OneDriveSetup - ok
09:59:51.0625 0x1f44 OneDriveSetup - ok
09:59:51.0688 0x1f44 [ 2010CA459E5EC8F9D5FC8B000D130294, 058FF215A3AAD04F2A4CF23B2CC62A5EA28F5A705EFA689DCE9126720CF33229 ] C:\Users\Melissa\AppData\Local\Microsoft\OneDrive\OneDrive.exe
09:59:51.0703 0x1f44 OneDrive - ok
09:59:51.0844 0x1f44 [ AFE3883FB37A5567C913E7DFCF2924A5, 3CA38EE302E0FF343DB87AE90DA868DCE5B7B490C2AA32164AF8DD4773482265 ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
09:59:51.0985 0x1f44 DAEMON Tools Lite - ok
09:59:52.0032 0x1f44 [ 6BF7676296D5359AFC135A5397000053, D31B9BCB856D6EFDEA27E4D4D341FF939BCBF0E8C97786B447C2074B3C68298E ] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
09:59:52.0047 0x1f44 ISUSPM - ok
09:59:52.0125 0x1f44 Uninstall C:\Users\Melissa\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64 - ok
09:59:52.0125 0x1f44 Waiting for KSN requests completion. In queue: 39
09:59:53.0141 0x1f44 Waiting for KSN requests completion. In queue: 39
09:59:54.0142 0x1f44 Waiting for KSN requests completion. In queue: 39
09:59:54.0830 0x0840 Object required for P2P: [ 2010CA459E5EC8F9D5FC8B000D130294 ] C:\Users\Melissa\AppData\Local\Microsoft\OneDrive\OneDrive.exe
09:59:55.0142 0x1f44 Waiting for KSN requests completion. In queue: 3
09:59:56.0158 0x1f44 Waiting for KSN requests completion. In queue: 3
09:59:57.0158 0x1f44 Waiting for KSN requests completion. In queue: 3
09:59:57.0549 0x0840 Object send P2P result: true
09:59:58.0174 0x1f44 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.0 ), 0x61100 ( enabled : updated )
09:59:58.0190 0x1f44 Win FW state via NFP2: enabled ( trusted )
10:00:00.0691 0x1f44 ============================================================
10:00:00.0691 0x1f44 Scan finished
10:00:00.0691 0x1f44 ============================================================
10:00:00.0706 0x114c Detected object count: 0
10:00:00.0706 0x114c Actual detected object count: 0
10:03:05.0555 0x00ec ============================================================
10:03:05.0555 0x00ec Scan started
10:03:05.0555 0x00ec Mode: Manual;
10:03:05.0555 0x00ec ============================================================
10:03:05.0555 0x00ec KSN ping started
10:03:07.0909 0x00ec KSN ping finished: true
10:03:10.0098 0x00ec ================ Scan system memory ========================
10:03:10.0098 0x00ec System memory - ok
10:03:10.0098 0x00ec ================ Scan services =============================
10:03:10.0207 0x00ec 1394ohci - ok
10:03:10.0207 0x00ec 3ware - ok
10:03:10.0223 0x00ec ACPI - ok
10:03:10.0223 0x00ec acpiex - ok
10:03:10.0239 0x00ec acpipagr - ok
10:03:10.0239 0x00ec AcpiPmi - ok
10:03:10.0239 0x00ec acpitime - ok
10:03:10.0254 0x00ec [ F6CEFEF46986DE02A3AE5D93AE32B5DC, 903EC5A7B40F4F6B2F3378EFFE8DF28667B88061CDF681C44F2E4FE39B62959E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:03:10.0254 0x00ec AdobeARMservice - ok
10:03:10.0254 0x00ec ADP80XX - ok
10:03:10.0270 0x00ec AFD - ok
10:03:10.0270 0x00ec agp440 - ok
10:03:10.0270 0x00ec ahcache - ok
10:03:10.0270 0x00ec AJRouter - ok
10:03:10.0286 0x00ec ALG - ok
10:03:10.0286 0x00ec AmdK8 - ok
10:03:10.0286 0x00ec AmdPPM - ok
10:03:10.0286 0x00ec amdsata - ok
10:03:10.0286 0x00ec amdsbs - ok
10:03:10.0301 0x00ec amdxata - ok
10:03:10.0301 0x00ec AppID - ok
10:03:10.0301 0x00ec AppIDSvc - ok
10:03:10.0301 0x00ec Appinfo - ok
10:03:10.0317 0x00ec [ 2D564BB1C4559A517B390A031955714D, 3048C187FD107C958D43DD8B954AB55FDD1BC538D3E0066CBFCB428C7A8A87E1 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:03:10.0317 0x00ec Apple Mobile Device Service - ok
10:03:10.0317 0x00ec AppReadiness - ok
10:03:10.0317 0x00ec AppXSvc - ok
10:03:10.0317 0x00ec arcsas - ok
10:03:10.0317 0x00ec AsyncMac - ok
10:03:10.0332 0x00ec atapi - ok
10:03:10.0332 0x00ec AudioEndpointBuilder - ok
10:03:10.0332 0x00ec Audiosrv - ok
10:03:10.0332 0x00ec AxInstSV - ok
10:03:10.0332 0x00ec b06bdrv - ok
10:03:10.0348 0x00ec BasicDisplay - ok
10:03:10.0348 0x00ec BasicRender - ok
10:03:10.0348 0x00ec bcmfn - ok
10:03:10.0348 0x00ec bcmfn2 - ok
10:03:10.0348 0x00ec BDESVC - ok
10:03:10.0364 0x00ec Beep - ok
10:03:10.0364 0x00ec BFE - ok
10:03:10.0364 0x00ec BITS - ok
10:03:10.0379 0x00ec [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:03:10.0379 0x00ec Bonjour Service - ok
10:03:10.0379 0x00ec bowser - ok
10:03:10.0395 0x00ec BrokerInfrastructure - ok
10:03:10.0395 0x00ec Browser - ok
10:03:10.0395 0x00ec [ 0471D5669F18C50E552B2BC0CB15E7B3, 472F471FF9E5A1FDD5610BAC2F5E727AB284B7B5A71C4E515D549667F0B5EB86 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
10:03:10.0411 0x00ec BrYNSvc - ok
10:03:10.0411 0x00ec BthAvrcpTg - ok
10:03:10.0411 0x00ec BthEnum - ok
10:03:10.0411 0x00ec BthHFEnum - ok
10:03:10.0411 0x00ec bthhfhid - ok
10:03:10.0426 0x00ec BthHFSrv - ok
10:03:10.0426 0x00ec BthLEEnum - ok
10:03:10.0426 0x00ec BTHMODEM - ok
10:03:10.0426 0x00ec BthPan - ok
10:03:10.0426 0x00ec BTHPORT - ok
10:03:10.0442 0x00ec bthserv - ok
10:03:10.0442 0x00ec BTHUSB - ok
10:03:10.0442 0x00ec buttonconverter - ok
10:03:10.0442 0x00ec CapImg - ok
10:03:10.0442 0x00ec cdfs - ok
10:03:10.0457 0x00ec CDPSvc - ok
10:03:10.0457 0x00ec cdrom - ok
10:03:10.0457 0x00ec CertPropSvc - ok
10:03:10.0457 0x00ec circlass - ok
10:03:10.0457 0x00ec CLFS - ok
10:03:10.0520 0x00ec [ 39A1A170E8491EDC0F904FCAEB1AF4E9, 46D695A45500678D3D9B91BA73EE072DAAE517A2DF62051D17A30EFAABF529CF ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
10:03:10.0567 0x00ec ClickToRunSvc - ok
10:03:10.0567 0x00ec ClipSVC - ok
10:03:10.0567 0x00ec CmBatt - ok
10:03:10.0567 0x00ec CNG - ok
10:03:10.0583 0x00ec cnghwassist - ok
10:03:10.0598 0x00ec CompositeBus - ok
10:03:10.0598 0x00ec COMSysApp - ok
10:03:10.0598 0x00ec condrv - ok
10:03:10.0614 0x00ec CoreMessagingRegistrar - ok
10:03:10.0614 0x00ec CryptSvc - ok
10:03:10.0614 0x00ec dam - ok
10:03:10.0614 0x00ec DcomLaunch - ok
10:03:10.0629 0x00ec DcpSvc - ok
10:03:10.0629 0x00ec defragsvc - ok
10:03:10.0629 0x00ec DeviceAssociationService - ok
10:03:10.0629 0x00ec DeviceInstall - ok
10:03:10.0629 0x00ec DevQueryBroker - ok
10:03:10.0645 0x00ec Dfsc - ok
10:03:10.0645 0x00ec [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
10:03:10.0645 0x00ec dg_ssudbus - ok
10:03:10.0645 0x00ec Dhcp - ok
10:03:10.0645 0x00ec diagnosticshub.standardcollector.service - ok
10:03:10.0661 0x00ec DiagTrack - ok
10:03:10.0661 0x00ec disk - ok
10:03:10.0661 0x00ec DmEnrollmentSvc - ok
10:03:10.0661 0x00ec dmvsc - ok
10:03:10.0661 0x00ec dmwappushservice - ok
10:03:10.0676 0x00ec Dnscache - ok
10:03:10.0676 0x00ec dot3svc - ok
10:03:10.0676 0x00ec DPS - ok
10:03:10.0676 0x00ec drmkaud - ok
10:03:10.0692 0x00ec DsmSvc - ok
10:03:10.0692 0x00ec DsSvc - ok
10:03:10.0692 0x00ec [ 496C3C6BC3D930D0960C9E75AA30F4A7, 3FE0E86DA8C2C6A990BB2F1B92C22BD3483882B8D69FF8025BB68A199362C234 ] dtlitescsibus C:\WINDOWS\System32\drivers\dtlitescsibus.sys
10:03:10.0692 0x00ec dtlitescsibus - ok
10:03:10.0707 0x00ec [ 46571ED73AE84469DCA53081D33CF3C8, 8BB386BB4F6AD39F06A8607CD1DF3D67CFA45BBE52E40EDB90EB8C862283EBFF ] dtsoftbus01 C:\WINDOWS\System32\drivers\dtsoftbus01.sys
10:03:10.0707 0x00ec dtsoftbus01 - ok
10:03:10.0707 0x00ec DXGKrnl - ok
10:03:10.0707 0x00ec Eaphost - ok
10:03:10.0707 0x00ec ebdrv - ok
10:03:10.0723 0x00ec EFS - ok
10:03:10.0723 0x00ec EhStorClass - ok
10:03:10.0723 0x00ec EhStorTcgDrv - ok
10:03:10.0723 0x00ec embeddedmode - ok
10:03:10.0723 0x00ec EntAppSvc - ok
10:03:10.0739 0x00ec ErrDev - ok
10:03:10.0739 0x00ec EventSystem - ok
10:03:10.0739 0x00ec exfat - ok
10:03:10.0739 0x00ec fastfat - ok
10:03:10.0754 0x00ec Fax - ok
10:03:10.0754 0x00ec fdc - ok
10:03:10.0754 0x00ec fdPHost - ok
10:03:10.0754 0x00ec FDResPub - ok
10:03:10.0754 0x00ec fhsvc - ok
10:03:10.0770 0x00ec FileCrypt - ok
10:03:10.0770 0x00ec FileInfo - ok
10:03:10.0770 0x00ec Filetrace - ok
10:03:10.0770 0x00ec flpydisk - ok
10:03:10.0770 0x00ec FltMgr - ok
10:03:10.0786 0x00ec FontCache - ok
10:03:10.0786 0x00ec FontCache3.0.0.0 - ok
10:03:10.0786 0x00ec FsDepends - ok
10:03:10.0786 0x00ec Fs_Rec - ok
10:03:10.0786 0x00ec fvevol - ok
10:03:10.0801 0x00ec gagp30kx - ok
10:03:10.0801 0x00ec [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:03:10.0801 0x00ec GEARAspiWDM - ok
10:03:10.0801 0x00ec gencounter - ok
10:03:10.0801 0x00ec genericusbfn - ok
10:03:10.0801 0x00ec GPIOClx0101 - ok
10:03:10.0801 0x00ec gpsvc - ok
10:03:10.0817 0x00ec GpuEnergyDrv - ok
10:03:10.0817 0x00ec HDAudBus - ok
10:03:10.0817 0x00ec HidBatt - ok
10:03:10.0817 0x00ec HidBth - ok
10:03:10.0817 0x00ec hidi2c - ok
10:03:10.0817 0x00ec hidinterrupt - ok
10:03:10.0817 0x00ec HidIr - ok
10:03:10.0832 0x00ec hidserv - ok
10:03:10.0832 0x00ec HidUsb - ok
10:03:10.0832 0x00ec HomeGroupListener - ok
10:03:10.0832 0x00ec HomeGroupProvider - ok
10:03:10.0832 0x00ec HpSAMD - ok
10:03:10.0832 0x00ec HTTP - ok
10:03:10.0832 0x00ec hwpolicy - ok
10:03:10.0848 0x00ec hyperkbd - ok
10:03:10.0848 0x00ec i8042prt - ok
10:03:10.0848 0x00ec iai2c - ok
10:03:10.0848 0x00ec iaLPSS2i_I2C - ok
10:03:10.0848 0x00ec iaLPSSi_GPIO - ok
10:03:10.0848 0x00ec iaLPSSi_I2C - ok
10:03:10.0864 0x00ec [ 25555186E4FBDF0E30A5DBFC9B9A73F9, 4A9DAC2B56389C5955C343E202C6E81CD3A608E78A4BB7E6ED560719DF02C955 ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys
10:03:10.0879 0x00ec iaStorA - ok
10:03:10.0879 0x00ec iaStorAV - ok
10:03:10.0879 0x00ec [ 6241810294275CEA59EBA9733080E5EE, F9A1A505B9279CD660CAAF4F8D21BDC34AC75FD86E881632A378B9BF39A3738E ] IAStorDataMgrSvc C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
10:03:10.0879 0x00ec IAStorDataMgrSvc - ok
10:03:10.0879 0x00ec iaStorV - ok
10:03:10.0879 0x00ec ibbus - ok
10:03:10.0895 0x00ec icssvc - ok
10:03:10.0895 0x00ec IEEtwCollectorService - ok
10:03:10.0895 0x00ec IKEEXT - ok
10:03:10.0895 0x00ec [ BB4577840BE24C5468C5E258E00ED0C0, 690B9F99C7CB208D2F5615E775B8670E26C9EF76186CE26991BD3A629CF0BF02 ] ImControllerService C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
10:03:10.0895 0x00ec ImControllerService - ok
10:03:10.0989 0x00ec [ 622868E4BAE8FBCD22CB1A5901A2C824, C1A2264C0984DD16C83B663C9CE43E049E1356E32C5771C3ACE225F285699138 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
10:03:11.0036 0x00ec IntcAzAudAddService - ok
10:03:11.0051 0x00ec [ DAE6C3099D291EED8922A65C29ABCF52, AD0A932345382824122F84AF97A8609BAE1B916A3B9FD608779A1411E37D3643 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
10:03:11.0067 0x00ec Intel® Capability Licensing Service Interface - ok
10:03:11.0083 0x00ec [ D45226E3E7A25F1E7CE8DF8FD0A2A098, 7BD74E9E3CB0A83D26BA3FD8177C6B9BA46A8695B6569CF7887FDC87947DA2D6 ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
10:03:11.0098 0x00ec Intel® Capability Licensing Service TCP IP Interface - ok
10:03:11.0098 0x00ec intelide - ok
10:03:11.0098 0x00ec intelpep - ok
10:03:11.0098 0x00ec intelppm - ok
10:03:11.0114 0x00ec IoQos - ok
10:03:11.0114 0x00ec IpFilterDriver - ok
10:03:11.0114 0x00ec iphlpsvc - ok
10:03:11.0114 0x00ec IPMIDRV - ok
10:03:11.0114 0x00ec IPNAT - ok
10:03:11.0129 0x00ec [ B066C46E4B638B849245E35A5703AF80, 738A2A76A68721DCA5004DFF381EF2F032A7E309454294E4ABDFF5141BAC9337 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:03:11.0145 0x00ec iPod Service - ok
10:03:11.0145 0x00ec IRENUM - ok
10:03:11.0145 0x00ec isapnp - ok
10:03:11.0145 0x00ec iScsiPrt - ok
10:03:11.0161 0x00ec [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
10:03:11.0161 0x00ec jhi_service - ok
10:03:11.0161 0x00ec [ E2CFDA7E9606FD5ECAB93E4817414661, F60A1EFFD7EB9D69620E971AB30D3FF4138D233A6EDE51CFD1BE8CCB5776E321 ] JME Keyboard C:\Windows\jmesoft\Service.exe
10:03:11.0161 0x00ec JME Keyboard - ok
10:03:11.0161 0x00ec kbdclass - ok
10:03:11.0161 0x00ec kbdhid - ok
10:03:11.0161 0x00ec kdnic - ok
10:03:11.0176 0x00ec KeyIso - ok
10:03:11.0176 0x00ec KSecDD - ok
10:03:11.0176 0x00ec KSecPkg - ok
10:03:11.0176 0x00ec ksthunk - ok
10:03:11.0176 0x00ec KtmRm - ok
10:03:11.0176 0x00ec LanmanServer - ok
10:03:11.0176 0x00ec LanmanWorkstation - ok
10:03:11.0207 0x00ec [ 754891B0F48F961571580569C185EB00, 0818FCF23E0C795DFDB72A7215973D801E6559818F5A4AF050E0994522B6EAF7 ] Lenovo EasyPlus Hotspot C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe
10:03:11.0207 0x00ec Lenovo EasyPlus Hotspot - ok
10:03:11.0223 0x00ec [ 8CD7568B0F809731D931144DE376FD16, 78902FA1BED048B336DE71FB82A3614A58BBAA834483F2F2B5ABF4A70FA491F3 ] Lenovo System Agent Service C:\Program Files\Lenovo\iMController\SystemAgentService.exe
10:03:11.0223 0x00ec Lenovo System Agent Service - ok
10:03:11.0223 0x00ec lfsvc - ok
10:03:11.0239 0x00ec LicenseManager - ok
10:03:11.0239 0x00ec lltdio - ok
10:03:11.0239 0x00ec lltdsvc - ok
10:03:11.0239 0x00ec lmhosts - ok
10:03:11.0254 0x00ec [ D9A646E8BC99F0383E9BC0D3A96C4501, C36ECF85E591AACCCE2D1E02A3B07806193A04BDE8752464C6703E3CF53C8CD2 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
10:03:11.0254 0x00ec LMS - ok
10:03:11.0270 0x00ec [ CE87E8E09273791172F7A1C60B225648, 03AB8A69C5A58FD3BCFF9E36FF83338B6866D82E4E550CD7CED686C4CC096DC1 ] LSCWinService C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
10:03:11.0270 0x00ec LSCWinService - ok
10:03:11.0270 0x00ec LSI_SAS - ok
10:03:11.0270 0x00ec LSI_SAS2i - ok
10:03:11.0270 0x00ec LSI_SAS3i - ok
10:03:11.0286 0x00ec LSI_SSS - ok
10:03:11.0286 0x00ec LSM - ok
10:03:11.0286 0x00ec luafv - ok
10:03:11.0286 0x00ec MapsBroker - ok
10:03:11.0286 0x00ec [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
10:03:11.0286 0x00ec MBAMProtector - ok
10:03:11.0317 0x00ec [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
10:03:11.0332 0x00ec MBAMScheduler - ok
10:03:11.0364 0x00ec [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
10:03:11.0379 0x00ec MBAMService - ok
10:03:11.0395 0x00ec [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
10:03:11.0395 0x00ec MBAMSwissArmy - ok
10:03:11.0395 0x00ec [ 08DECFCB9BA97786165A69AB1015BC30, EDC8C8447B57BD412E2DEBCA9B5B1B58C19D40105DC7CE9520DE214081696B05 ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
10:03:11.0411 0x00ec MBAMWebAccessControl - ok
10:03:11.0411 0x00ec megasas - ok
10:03:11.0411 0x00ec megasr - ok
10:03:11.0411 0x00ec [ 8FE46E9374DAD76ED081936DEDD3F6B0, 2CEA37D4C9BD68BCF554120FF2A6A6B6E2A5CBB48C62071D1210557CB6A1D32D ] MEIx64 C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys
10:03:11.0411 0x00ec MEIx64 - ok
10:03:11.0411 0x00ec MessagingService - ok
10:03:11.0426 0x00ec mlx4_bus - ok
10:03:11.0426 0x00ec MMCSS - ok
10:03:11.0426 0x00ec Modem - ok
10:03:11.0426 0x00ec monitor - ok
10:03:11.0426 0x00ec mouclass - ok
10:03:11.0426 0x00ec mouhid - ok
10:03:11.0442 0x00ec mountmgr - ok
10:03:11.0442 0x00ec mpsdrv - ok
10:03:11.0442 0x00ec MpsSvc - ok
10:03:11.0442 0x00ec MRxDAV - ok
10:03:11.0442 0x00ec mrxsmb - ok
10:03:11.0442 0x00ec mrxsmb10 - ok
10:03:11.0442 0x00ec mrxsmb20 - ok
10:03:11.0442 0x00ec MsBridge - ok
10:03:11.0458 0x00ec MSDTC - ok
10:03:11.0458 0x00ec Msfs - ok
10:03:11.0458 0x00ec msgpiowin32 - ok
10:03:11.0458 0x00ec mshidkmdf - ok
10:03:11.0458 0x00ec mshidumdf - ok
10:03:11.0458 0x00ec msisadrv - ok
10:03:11.0473 0x00ec MSiSCSI - ok
10:03:11.0473 0x00ec msiserver - ok
10:03:11.0473 0x00ec MSKSSRV - ok
10:03:11.0473 0x00ec MsLldp - ok
10:03:11.0473 0x00ec MSPCLOCK - ok
10:03:11.0473 0x00ec MSPQM - ok
10:03:11.0473 0x00ec MsRPC - ok
10:03:11.0489 0x00ec mssmbios - ok
10:03:11.0489 0x00ec MSTEE - ok
10:03:11.0489 0x00ec MTConfig - ok
10:03:11.0489 0x00ec Mup - ok
10:03:11.0489 0x00ec mvumis - ok
10:03:11.0489 0x00ec NativeWifiP - ok
10:03:11.0505 0x00ec NcaSvc - ok
10:03:11.0505 0x00ec NcbService - ok
10:03:11.0505 0x00ec NcdAutoSetup - ok
10:03:11.0505 0x00ec ndfltr - ok
10:03:11.0505 0x00ec NDIS - ok
10:03:11.0505 0x00ec NdisCap - ok
10:03:11.0505 0x00ec NdisImPlatform - ok
10:03:11.0520 0x00ec NdisTapi - ok
10:03:11.0520 0x00ec Ndisuio - ok
10:03:11.0520 0x00ec NdisVirtualBus - ok
10:03:11.0520 0x00ec NdisWan - ok
10:03:11.0520 0x00ec ndiswanlegacy - ok
10:03:11.0520 0x00ec ndproxy - ok
10:03:11.0520 0x00ec Ndu - ok
10:03:11.0536 0x00ec NetBIOS - ok
10:03:11.0536 0x00ec NetBT - ok
10:03:11.0536 0x00ec Netlogon - ok
10:03:11.0536 0x00ec Netman - ok
10:03:11.0536 0x00ec netprofm - ok
10:03:11.0536 0x00ec NetSetupSvc - ok
10:03:11.0552 0x00ec NetTcpPortSharing - ok
10:03:11.0552 0x00ec NgcCtnrSvc - ok
10:03:11.0552 0x00ec NgcSvc - ok
10:03:11.0567 0x00ec NlaSvc - ok
10:03:11.0567 0x00ec Npfs - ok
10:03:11.0567 0x00ec npsvctrig - ok
10:03:11.0567 0x00ec nsi - ok
10:03:11.0567 0x00ec nsiproxy - ok
10:03:11.0567 0x00ec NTFS - ok
10:03:11.0567 0x00ec Null - ok
10:03:11.0583 0x00ec [ 624C1453F9109D98F7E2612DAD76BBB1, 4578623BF7EA1AF42038070AA3A1A9AC4A9582132ABBFAD9C3A99F46308DE8C3 ] NVHDA C:\WINDOWS\system32\drivers\nvhda64v.sys
10:03:11.0583 0x00ec NVHDA - ok
10:03:11.0816 0x00ec [ DF0BB2C179476D312B7BC0056CEC50A6, 64CC3201FA903E0EC9C99BE167C439C14A4C9AC2A88898B64789EEB381DB97B6 ] nvlddmkm C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
10:03:11.0941 0x00ec nvlddmkm - ok
10:03:11.0956 0x00ec nvraid - ok
10:03:11.0956 0x00ec nvstor - ok
10:03:11.0972 0x00ec [ DFCCA437717EACA8418F47992A41B39A, E587A629B894EE6A16AC414747D492FFC6B6E9F051B40F7D25F0D4406E2FF919 ] nvsvc C:\WINDOWS\system32\nvvsvc.exe
10:03:11.0988 0x00ec nvsvc - ok
10:03:12.0003 0x00ec nv_agp - ok
10:03:12.0003 0x00ec OneSyncSvc - ok
10:03:12.0003 0x00ec [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:03:12.0003 0x00ec ose - ok
10:03:12.0003 0x00ec p2pimsvc - ok
10:03:12.0019 0x00ec p2psvc - ok
10:03:12.0019 0x00ec Parport - ok
10:03:12.0019 0x00ec partmgr - ok
10:03:12.0019 0x00ec PcaSvc - ok
10:03:12.0019 0x00ec pci - ok
10:03:12.0019 0x00ec pciide - ok
10:03:12.0019 0x00ec pcmcia - ok
10:03:12.0035 0x00ec pcw - ok
10:03:12.0035 0x00ec pdc - ok
10:03:12.0050 0x00ec [ 1EAE050F8CDC82B12C9F8C58DFB7567A, DE5B4839FCFDD09CA33D8ACB97635D805FAFED33C7F6DD119AE4D5EC17733B62 ] PDFProFiltSrvPP C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
10:03:12.0050 0x00ec PDFProFiltSrvPP - ok
10:03:12.0050 0x00ec PEAUTH - ok
10:03:12.0066 0x00ec percsas2i - ok
10:03:12.0066 0x00ec percsas3i - ok
10:03:12.0128 0x00ec PerfHost - ok
10:03:12.0144 0x00ec PhoneSvc - ok
10:03:12.0144 0x00ec PimIndexMaintenanceSvc - ok
10:03:12.0160 0x00ec pla - ok
10:03:12.0160 0x00ec PlugPlay - ok
10:03:12.0175 0x00ec PNRPAutoReg - ok
10:03:12.0175 0x00ec PNRPsvc - ok
10:03:12.0175 0x00ec PolicyAgent - ok
10:03:12.0175 0x00ec Power - ok
10:03:12.0175 0x00ec PptpMiniport - ok
10:03:12.0300 0x00ec [ 959F94AD1255BC749884EDDD14EC29C4, 2CD6DA9778EA36FA0B4080F6DB1C634712238E014E47546403CD3CDB35A1DCA8 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
10:03:12.0347 0x00ec PrintNotify - ok
10:03:12.0347 0x00ec Processor - ok
10:03:12.0347 0x00ec ProfSvc - ok
10:03:12.0347 0x00ec Psched - ok
10:03:12.0363 0x00ec QWAVE - ok
10:03:12.0363 0x00ec QWAVEdrv - ok
10:03:12.0363 0x00ec RasAcd - ok
10:03:12.0363 0x00ec RasAgileVpn - ok
10:03:12.0363 0x00ec RasAuto - ok
10:03:12.0363 0x00ec Rasl2tp - ok
10:03:12.0379 0x00ec RasMan - ok
10:03:12.0379 0x00ec RasPppoe - ok
10:03:12.0379 0x00ec RasSstp - ok
10:03:12.0379 0x00ec rdbss - ok
10:03:12.0379 0x00ec rdpbus - ok
10:03:12.0379 0x00ec RDPDR - ok
10:03:12.0394 0x00ec RdpVideoMiniport - ok
10:03:12.0394 0x00ec rdyboost - ok
10:03:12.0394 0x00ec ReFSv1 - ok
10:03:12.0394 0x00ec RemoteAccess - ok
10:03:12.0394 0x00ec RemoteRegistry - ok
10:03:12.0394 0x00ec RetailDemo - ok
10:03:12.0394 0x00ec RFCOMM - ok
10:03:12.0410 0x00ec RpcEptMapper - ok
10:03:12.0410 0x00ec RpcLocator - ok
10:03:12.0410 0x00ec RpcSs - ok
10:03:12.0410 0x00ec rspndr - ok
10:03:12.0410 0x00ec rt640x64 - ok
10:03:12.0425 0x00ec [ E6C05129D1713069D7EE417607E6F332, 98F50B8243D62B62D96E12A6281413860C56D39A0D84B8EAEE185CBC20E58543 ] RtkBtFilter C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys
10:03:12.0441 0x00ec RtkBtFilter - ok
10:03:12.0441 0x00ec [ 3940780911A7BD1793B7CEEC9E4429C2, 539511D26D2EE348F80D9EFA414FD731983B14D8218E498217E7A0A0E439E41C ] RTSUER C:\WINDOWS\system32\Drivers\RtsUer.sys
10:03:12.0457 0x00ec RTSUER - ok
10:03:12.0457 0x00ec RTWlanE - ok
10:03:12.0457 0x00ec s3cap - ok
10:03:12.0457 0x00ec SamSs - ok
10:03:12.0457 0x00ec sbp2port - ok
10:03:12.0457 0x00ec SCardSvr - ok
10:03:12.0457 0x00ec ScDeviceEnum - ok
10:03:12.0472 0x00ec scfilter - ok
10:03:12.0472 0x00ec Schedule - ok
10:03:12.0472 0x00ec SCPolicySvc - ok
10:03:12.0472 0x00ec sdbus - ok
10:03:12.0472 0x00ec SDRSVC - ok
10:03:12.0472 0x00ec sdstor - ok
10:03:12.0488 0x00ec seclogon - ok
10:03:12.0488 0x00ec SENS - ok
10:03:12.0488 0x00ec SensorDataService - ok
10:03:12.0488 0x00ec SensorService - ok
10:03:12.0488 0x00ec SensrSvc - ok
10:03:12.0488 0x00ec SerCx - ok
10:03:12.0488 0x00ec SerCx2 - ok
10:03:12.0504 0x00ec Serenum - ok
10:03:12.0504 0x00ec Serial - ok
10:03:12.0504 0x00ec sermouse - ok
10:03:12.0504 0x00ec SessionEnv - ok
10:03:12.0504 0x00ec sfloppy - ok
10:03:12.0504 0x00ec SharedAccess - ok
10:03:12.0519 0x00ec ShellHWDetection - ok
10:03:12.0519 0x00ec SiSRaid2 - ok
10:03:12.0519 0x00ec SiSRaid4 - ok
10:03:12.0519 0x00ec smphost - ok
10:03:12.0519 0x00ec SmsRouter - ok
10:03:12.0535 0x00ec SNMPTRAP - ok
10:03:12.0535 0x00ec spaceport - ok
10:03:12.0535 0x00ec SpbCx - ok
10:03:12.0535 0x00ec Spooler - ok
10:03:12.0535 0x00ec sppsvc - ok
10:03:12.0535 0x00ec srv - ok
10:03:12.0535 0x00ec srv2 - ok
10:03:12.0550 0x00ec srvnet - ok
10:03:12.0550 0x00ec SSDPSRV - ok
10:03:12.0550 0x00ec SstpSvc - ok
10:03:12.0550 0x00ec [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
10:03:12.0566 0x00ec ssudmdm - ok
10:03:12.0566 0x00ec StateRepository - ok
10:03:12.0566 0x00ec stexstor - ok
10:03:12.0566 0x00ec [ 2834415C4EDD6CE35CB3CFEC50E08469, 28426616C709457DF38B5E2B4B9666C1255B81D2097589A95AAABD1BFACD302A ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
10:03:12.0566 0x00ec StillCam - ok
10:03:12.0566 0x00ec stisvc - ok
10:03:12.0566 0x00ec storahci - ok
10:03:12.0566 0x00ec storflt - ok
10:03:12.0582 0x00ec stornvme - ok
10:03:12.0582 0x00ec storqosflt - ok
10:03:12.0582 0x00ec StorSvc - ok
10:03:12.0582 0x00ec storufs - ok
10:03:12.0582 0x00ec storvsc - ok
10:03:12.0582 0x00ec svsvc - ok
10:03:12.0597 0x00ec swenum - ok
10:03:12.0597 0x00ec swprv - ok
10:03:12.0597 0x00ec Synth3dVsc - ok
10:03:12.0597 0x00ec SysMain - ok
10:03:12.0597 0x00ec SystemEventsBroker - ok
10:03:12.0597 0x00ec TabletInputService - ok
10:03:12.0597 0x00ec TapiSrv - ok
10:03:12.0613 0x00ec Tcpip - ok
10:03:12.0613 0x00ec Tcpip6 - ok
10:03:12.0613 0x00ec tcpipreg - ok
10:03:12.0613 0x00ec tdx - ok
10:03:12.0613 0x00ec terminpt - ok
10:03:12.0629 0x00ec TermService - ok
10:03:12.0629 0x00ec Themes - ok
10:03:12.0629 0x00ec TieringEngineService - ok
10:03:12.0629 0x00ec tiledatamodelsvc - ok
10:03:12.0629 0x00ec TimeBroker - ok
10:03:12.0629 0x00ec TPM - ok
10:03:12.0629 0x00ec TrkWks - ok
10:03:12.0644 0x00ec [ 0C997B061E3C66BD9E927C1288EB1CC7, 3807E9A1BC159B9E8FC0C7CAAD10D7213FF8ED8AD1CEA9EA552B093C81BF624B ] TrueSight C:\Windows\System32\drivers\TrueSight.sys
10:03:12.0644 0x00ec TrueSight - ok
10:03:12.0644 0x00ec TrustedInstaller - ok
10:03:12.0644 0x00ec tsusbflt - ok
10:03:12.0644 0x00ec TsUsbGD - ok
10:03:12.0644 0x00ec tunnel - ok
10:03:12.0660 0x00ec tzautoupdate - ok
10:03:12.0660 0x00ec uagp35 - ok
10:03:12.0660 0x00ec UASPStor - ok
10:03:12.0660 0x00ec UcmCx0101 - ok
10:03:12.0660 0x00ec UcmUcsi - ok
10:03:12.0660 0x00ec Ucx01000 - ok
10:03:12.0660 0x00ec UdeCx - ok
10:03:12.0660 0x00ec udfs - ok
10:03:12.0675 0x00ec UEFI - ok
10:03:12.0675 0x00ec Ufx01000 - ok
10:03:12.0675 0x00ec UfxChipidea - ok
10:03:12.0675 0x00ec ufxsynopsys - ok
10:03:12.0675 0x00ec UI0Detect - ok
10:03:12.0691 0x00ec uliagpkx - ok
10:03:12.0691 0x00ec umbus - ok
10:03:12.0691 0x00ec UmPass - ok
10:03:12.0691 0x00ec UmRdpService - ok
10:03:12.0691 0x00ec UnistoreSvc - ok
10:03:12.0691 0x00ec upnphost - ok
10:03:12.0691 0x00ec UrsChipidea - ok
10:03:12.0707 0x00ec UrsCx01000 - ok
10:03:12.0707 0x00ec UrsSynopsys - ok
10:03:12.0707 0x00ec [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64 C:\WINDOWS\System32\Drivers\usbaapl64.sys
10:03:12.0707 0x00ec USBAAPL64 - ok
10:03:12.0707 0x00ec usbccgp - ok
10:03:12.0707 0x00ec usbcir - ok
10:03:12.0722 0x00ec usbehci - ok
10:03:12.0722 0x00ec usbhub - ok
10:03:12.0722 0x00ec USBHUB3 - ok
10:03:12.0722 0x00ec usbohci - ok
10:03:12.0722 0x00ec usbprint - ok
10:03:12.0722 0x00ec usbser - ok
10:03:12.0722 0x00ec USBSTOR - ok
10:03:12.0738 0x00ec usbuhci - ok
10:03:12.0738 0x00ec USBXHCI - ok
10:03:12.0738 0x00ec UserDataSvc - ok
10:03:12.0738 0x00ec UserManager - ok
10:03:12.0738 0x00ec UsoSvc - ok
10:03:12.0738 0x00ec VaultSvc - ok
10:03:12.0738 0x00ec vdrvroot - ok
10:03:12.0754 0x00ec vds - ok
10:03:12.0754 0x00ec VerifierExt - ok
10:03:12.0754 0x00ec vhdmp - ok
10:03:12.0754 0x00ec vhf - ok
10:03:12.0754 0x00ec vmbus - ok
10:03:12.0754 0x00ec VMBusHID - ok
10:03:12.0754 0x00ec vmicguestinterface - ok
10:03:12.0769 0x00ec vmicheartbeat - ok
10:03:12.0769 0x00ec vmickvpexchange - ok
10:03:12.0769 0x00ec vmicrdv - ok
10:03:12.0769 0x00ec vmicshutdown - ok
10:03:12.0769 0x00ec vmictimesync - ok
10:03:12.0769 0x00ec vmicvmsession - ok
10:03:12.0769 0x00ec vmicvss - ok
10:03:12.0785 0x00ec volmgr - ok
10:03:12.0785 0x00ec volmgrx - ok
10:03:12.0785 0x00ec volsnap - ok
10:03:12.0785 0x00ec vpci - ok
10:03:12.0785 0x00ec vsmraid - ok
10:03:12.0785 0x00ec VSS - ok
10:03:12.0785 0x00ec VSTXRAID - ok
10:03:12.0800 0x00ec vwifibus - ok
10:03:12.0800 0x00ec vwififlt - ok
10:03:12.0800 0x00ec vwifimp - ok
10:03:12.0800 0x00ec W32Time - ok
10:03:12.0800 0x00ec WacomPen - ok
10:03:12.0800 0x00ec WalletService - ok
10:03:12.0800 0x00ec wanarp - ok
10:03:12.0816 0x00ec wanarpv6 - ok
10:03:12.0816 0x00ec wbengine - ok
10:03:12.0816 0x00ec WbioSrvc - ok
10:03:12.0816 0x00ec Wcmsvc - ok
10:03:12.0816 0x00ec wcncsvc - ok
10:03:12.0816 0x00ec WcsPlugInService - ok
10:03:12.0816 0x00ec WdBoot - ok
10:03:12.0832 0x00ec [ A556768CC1FA4F36022BEE2F0EDE2566, 3A4BC9DE614F43CD94FA354A565C66B2E1E36C0608D84C6288010B97B9D811AA ] WDC_SAM C:\WINDOWS\System32\drivers\wdcsam64.sys
10:03:12.0832 0x00ec WDC_SAM - ok
10:03:12.0832 0x00ec Wdf01000 - ok
10:03:12.0832 0x00ec WdFilter - ok
10:03:12.0832 0x00ec WdiServiceHost - ok
10:03:12.0832 0x00ec WdiSystemHost - ok
10:03:12.0832 0x00ec wdiwifi - ok
10:03:12.0847 0x00ec WdNisDrv - ok
10:03:12.0847 0x00ec WdNisSvc - ok
10:03:12.0847 0x00ec WebClient - ok
10:03:12.0847 0x00ec Wecsvc - ok
10:03:12.0847 0x00ec WEPHOSTSVC - ok
10:03:12.0847 0x00ec wercplsupport - ok
10:03:12.0863 0x00ec WerSvc - ok
10:03:12.0863 0x00ec WFPLWFS - ok
10:03:12.0863 0x00ec WiaRpc - ok
10:03:12.0863 0x00ec WIMMount - ok
10:03:12.0863 0x00ec WinDefend - ok
10:03:12.0863 0x00ec WindowsTrustedRT - ok
10:03:12.0879 0x00ec WindowsTrustedRTProxy - ok
10:03:12.0879 0x00ec WinHttpAutoProxySvc - ok
10:03:12.0879 0x00ec WinMad - ok
10:03:12.0879 0x00ec Winmgmt - ok
10:03:12.0894 0x00ec WinRM - ok
10:03:12.0894 0x00ec WINUSB - ok
10:03:12.0894 0x00ec WinVerbs - ok
10:03:12.0894 0x00ec WlanSvc - ok
10:03:12.0894 0x00ec wlidsvc - ok
10:03:12.0894 0x00ec WmiAcpi - ok
10:03:12.0910 0x00ec wmiApSrv - ok
10:03:12.0910 0x00ec WMPNetworkSvc - ok
10:03:12.0910 0x00ec [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof C:\WINDOWS\system32\drivers\Wof.sys
10:03:12.0910 0x00ec Wof - ok
10:03:12.0925 0x00ec workfolderssvc - ok
10:03:12.0925 0x00ec wpcfltr - ok
10:03:12.0925 0x00ec WPDBusEnum - ok
10:03:12.0925 0x00ec WpdUpFltr - ok
10:03:12.0925 0x00ec WpnService - ok
10:03:12.0925 0x00ec ws2ifsl - ok
10:03:12.0941 0x00ec wscsvc - ok
10:03:12.0941 0x00ec WSDPrintDevice - ok
10:03:12.0941 0x00ec WSDScan - ok
10:03:12.0941 0x00ec WSearch - ok
10:03:12.0941 0x00ec WSService - ok
10:03:12.0941 0x00ec [ 72B4E9DF6456C43C42A1419B09486045, 536BA7377B5BEA7EA46864453933111DB88DB8FB689C68915ACD7261A996E61D ] wsvd C:\WINDOWS\system32\DRIVERS\wsvd.sys
10:03:12.0957 0x00ec wsvd - ok
10:03:12.0957 0x00ec wuauserv - ok
10:03:12.0957 0x00ec WudfPf - ok
10:03:12.0957 0x00ec WUDFRd - ok
10:03:12.0957 0x00ec wudfsvc - ok
10:03:12.0957 0x00ec WUDFWpdFs - ok
10:03:12.0957 0x00ec WUDFWpdMtp - ok
10:03:12.0972 0x00ec WwanSvc - ok
10:03:12.0972 0x00ec XblAuthManager - ok
10:03:12.0972 0x00ec XblGameSave - ok
10:03:12.0972 0x00ec xboxgip - ok
10:03:12.0972 0x00ec XboxNetApiSvc - ok
10:03:12.0972 0x00ec xinputhid - ok
10:03:12.0972 0x00ec ================ Scan global ===============================
10:03:12.0988 0x00ec [ Global ] - ok
10:03:12.0988 0x00ec ================ Scan MBR ==================================
10:03:12.0988 0x00ec [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
10:03:12.0988 0x00ec \Device\Harddisk0\DR0 - ok
10:03:12.0988 0x00ec [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
10:03:13.0004 0x00ec \Device\Harddisk1\DR1 - ok
10:03:13.0004 0x00ec [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
10:03:13.0004 0x00ec \Device\Harddisk2\DR2 - ok
10:03:13.0019 0x00ec [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
10:03:13.0019 0x00ec \Device\Harddisk3\DR3 - ok
10:03:13.0035 0x00ec [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk4\DR4
10:03:13.0035 0x00ec \Device\Harddisk4\DR4 - ok
10:03:13.0035 0x00ec [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk5\DR5
10:03:13.0035 0x00ec \Device\Harddisk5\DR5 - ok
10:03:13.0035 0x00ec ================ Scan VBR ==================================
10:03:13.0035 0x00ec [ 0C8FA7E140F2E0BA26CC9E58E0EFBDDC ] \Device\Harddisk0\DR0\Partition1
10:03:13.0050 0x00ec \Device\Harddisk0\DR0\Partition1 - ok
10:03:13.0050 0x00ec [ 062A4C40D2B9486A8B4F0534B0D8EC11 ] \Device\Harddisk0\DR0\Partition2
10:03:13.0050 0x00ec \Device\Harddisk0\DR0\Partition2 - ok
10:03:13.0050 0x00ec [ 7BA4020D01BDE12727AC08179B34EEF2 ] \Device\Harddisk0\DR0\Partition3
10:03:13.0066 0x00ec \Device\Harddisk0\DR0\Partition3 - ok
10:03:13.0066 0x00ec [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition4
10:03:13.0066 0x00ec \Device\Harddisk0\DR0\Partition4 - ok
10:03:13.0066 0x00ec [ 1AECE37479B4D1E13759DA61BE5A5169 ] \Device\Harddisk0\DR0\Partition5
10:03:13.0066 0x00ec \Device\Harddisk0\DR0\Partition5 - ok
10:03:13.0066 0x00ec [ 709D6268D2CDC4161E745904BECC895F ] \Device\Harddisk0\DR0\Partition6
10:03:13.0066 0x00ec \Device\Harddisk0\DR0\Partition6 - ok
10:03:13.0066 0x00ec [ 74CD9471D8F18D6E8E6A9D668D2FEBB0 ] \Device\Harddisk1\DR1\Partition1
10:03:13.0066 0x00ec \Device\Harddisk1\DR1\Partition1 - ok
10:03:13.0066 0x00ec [ 56A94F02C80039E90636552A3370E776 ] \Device\Harddisk2\DR2\Partition1
10:03:13.0082 0x00ec \Device\Harddisk2\DR2\Partition1 - ok
10:03:13.0082 0x00ec [ 046A5F89B9A5F6B9260F98E8243F6186 ] \Device\Harddisk3\DR3\Partition1
10:03:13.0191 0x00ec \Device\Harddisk3\DR3\Partition1 - ok
10:03:13.0191 0x00ec [ D3C2709979AFE1DB7C447BBAE3111224 ] \Device\Harddisk4\DR4\Partition1
10:03:13.0191 0x00ec \Device\Harddisk4\DR4\Partition1 - ok
10:03:13.0207 0x00ec [ 026BFB11A80EEB52AD075D8DED7D74EA ] \Device\Harddisk5\DR5\Partition1
10:03:13.0207 0x00ec \Device\Harddisk5\DR5\Partition1 - ok
10:03:13.0207 0x00ec ================ Scan generic autorun ======================
10:03:13.0489 0x00ec [ 65E8545F1297CD83534C354A7BED1848, 19B3F3C17A335837454DC1851C6436D0BB2D8B1595AEB4DC71265FB20868B48F ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
10:03:13.0645 0x00ec RtHDVCpl - ok
10:03:13.0692 0x00ec [ 31821EC63BDEDE18E64C11F7248B32AB, 6982AE866F8EC7943FDB3E4B77B03542A2E3E07F080B8D806C4ED903DE3368CE ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
10:03:13.0712 0x00ec RtHDVBg_Dolby - ok
10:03:13.0726 0x00ec [ 31821EC63BDEDE18E64C11F7248B32AB, 6982AE866F8EC7943FDB3E4B77B03542A2E3E07F080B8D806C4ED903DE3368CE ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
10:03:13.0742 0x00ec RtHDVBg_LENOVO_MICPKEY - ok
10:03:13.0757 0x00ec [ E6A3062BDB2E18EBDEB69CF7F7A3A070, 48AB0CCA0230DCBB47CCC765659E390A4A42AC7303A27B835B9FBB1168AC7BF1 ] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
10:03:13.0757 0x00ec IAStorIcon - ok
10:03:13.0757 0x00ec [ ADFCC68B42627055979B26FC00759D17, 5C1C8395A7846E5DDEB6FFE2B37B537DDA4712D62CE05D7EA8B1773C75D46DE6 ] C:\Program Files\iTunes\iTunesHelper.exe
10:03:13.0757 0x00ec iTunesHelper - ok
10:03:13.0757 0x00ec [ 17716C3DD52BF815291D80FAAF329AC7, 3E42FBED89BF8CE6C0EE8C97C050358ED98577BB1DDFA93CDE25F431FC55138E ] C:\windows\jmesoft\hotkey.exe
10:03:13.0773 0x00ec jmekey - ok
10:03:13.0773 0x00ec [ A7464F6ED03611109F435218E424AAB8, 2C582D2E97F5AE97D1FBEC0493DF45A8EAF2D2CA93048556FD11B4AAA09956E6 ] C:\Windows\jmesoft\ServiceLoader.exe
10:03:13.0773 0x00ec jmesoft - ok
10:03:13.0789 0x00ec [ 50299DBA20F8A1735830914777B55932, 7A8864A9FA81BF6C53797B7B8FCC2199B812A7E913D35387A0C5C63C170BAC02 ] C:\Program Files\Lenovo\LVT\LJYZ.exe
10:03:13.0804 0x00ec LVT - ok
10:03:13.0804 0x00ec [ 0B427D9943C838620AFA30CBB24A6D77, 5A98B1405126F79846C810E739E964B11A4397F3DE597991308DB3C6AABB8F81 ] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
10:03:13.0804 0x00ec CLMLServer - ok
10:03:13.0820 0x00ec [ 8F83160C43C61FC6775391B46B7C16BF, 648588126B2CD0B9F50F478BF4F7474137D1285061A3B22B56C1CB5B4FD3C3BF ] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
10:03:13.0820 0x00ec UpdateP2GoShortCut - ok
10:03:13.0820 0x00ec [ C049C40CAEE8900130BD5F80B594CC7B, F54FC31662A9B8032B380793D534F34A0C63FED9C84DE313D17A61612EB31DC4 ] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
10:03:13.0820 0x00ec RemoteControl10 - ok
10:03:13.0836 0x00ec [ 9F0ACAA725CF5A391AF7E2067AE45746, CA7F3C2C9D4DCB135ECBFFEB3448D272552B5DB720E0A526B4AC07B1F5E8BC9E ] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
10:03:13.0851 0x00ec PDFHook - ok
10:03:13.0851 0x00ec [ 154420A93E4F676AA33A055A116255D9, DF76577C22EBB439DF2B72D1B6B7A465F067CCEC886FC7A7FB337865DA1DB914 ] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
10:03:13.0851 0x00ec PDF5 Registry Controller - ok
10:03:13.0867 0x00ec [ C1CDB7E522CB926136A38A3BD1CECDCE, 5A69A9A41360444584EE4AB8AA7ADD137F8D8B29BE3C0AD63EDA91BD741A2590 ] C:\Program Files (x86)\Nova Development\Print Artist Platinum 25\ReminderApp.exe
10:03:13.0867 0x00ec ReminderApp_EEAC3053-7055-4143-B8A0-306758055099 - ok
10:03:13.0883 0x00ec [ 8FB487DE828538CEFE4315B0F715CCE1, AA2EB87874524C21C8FCE48C37B0BEEA4978E6238AA45C8EE960733AC4BFB8A7 ] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe
10:03:13.0883 0x00ec IndexSearch - ok
10:03:13.0883 0x00ec [ C0BF703A497846AB8976F26D44701E0F, 5F716EE857E6C3D678608E615AFC7E11DB2D6760004618729CBF71FD5321EEB6 ] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
10:03:13.0883 0x00ec PaperPort PTD - ok
10:03:13.0898 0x00ec [ 25550E7DB114579EB50BC98A8DFD8B9F, 11F81387B6EE44FBE4DCF251A0D4AFF3E84C550BACCA39B71B41B452D512628B ] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe
10:03:13.0898 0x00ec ControlCenter4 - ok
10:03:14.0008 0x00ec [ A12927788DE1555B598DFD16B4FA3F8B, 57B36F188FC212D73CFBE6431FC5095BAB3C189D04D34CA428801F6823636DFA ] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
10:03:14.0054 0x00ec BrStsMon00 - ok
10:03:14.0101 0x00ec [ CCD7E282045AB48CEA58AA2E2A715362, 87952B5BD23F451DB5A17B280B4047E41AEF37DEB0B8FECDA48D6F1F9C7DE866 ] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
10:03:14.0117 0x00ec BrHelp - ok
10:03:14.0133 0x00ec [ 1A0270C4612B8A93C3D29BA405BA55F3, 7E2D893DABD0921F25496086560F0BA7B9045A9ADE27361FBFECCE1CDA01FC2B ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
10:03:14.0148 0x00ec SunJavaUpdateSched - ok
10:03:14.0195 0x00ec OneDriveSetup - ok
10:03:14.0195 0x00ec OneDriveSetup - ok
10:03:14.0258 0x00ec [ 2010CA459E5EC8F9D5FC8B000D130294, 058FF215A3AAD04F2A4CF23B2CC62A5EA28F5A705EFA689DCE9126720CF33229 ] C:\Users\Melissa\AppData\Local\Microsoft\OneDrive\OneDrive.exe
10:03:14.0273 0x00ec OneDrive - ok
10:03:14.0273 0x00ec Object required for P2P: [ 2010CA459E5EC8F9D5FC8B000D130294 ] C:\Users\Melissa\AppData\Local\Microsoft\OneDrive\OneDrive.exe
10:03:16.0901 0x00ec Object send P2P result: true
10:03:17.0010 0x00ec [ AFE3883FB37A5567C913E7DFCF2924A5, 3CA38EE302E0FF343DB87AE90DA868DCE5B7B490C2AA32164AF8DD4773482265 ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
10:03:17.0057 0x00ec DAEMON Tools Lite - ok
10:03:17.0057 0x00ec [ 6BF7676296D5359AFC135A5397000053, D31B9BCB856D6EFDEA27E4D4D341FF939BCBF0E8C97786B447C2074B3C68298E ] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
10:03:17.0073 0x00ec ISUSPM - ok
10:03:17.0135 0x00ec Uninstall C:\Users\Melissa\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64 - ok
10:03:17.0151 0x00ec AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.0 ), 0x61100 ( enabled : updated )
10:03:17.0151 0x00ec Win FW state via NFP2: enabled ( trusted )
10:03:19.0617 0x00ec ============================================================
10:03:19.0617 0x00ec Scan finished
10:03:19.0617 0x00ec ============================================================
10:03:19.0617 0x1e54 Detected object count: 0
10:03:19.0617 0x1e54 Actual detected object count: 0

#13 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 PM

Posted 01 February 2016 - 03:38 PM

Hi madmusic36,

  • Close all the running processes
  • Double click the RogueKiller icon to run the program again.
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Make sure only the following lines are checked:-
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Conduit -> Found
[PUP][File] C:\Users\Melissa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk [LNK@] C:\Program Files (x86)\MiPony\MiPony.exe -> Found
  • Now click the Delete button.
  • Please copy and paste the report in your next reply. A copy of the RKreport.txt can be found on your desktop.

====================================================================
 
Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

=========================================================================
How is the machine running now and any issues ? Please let me know.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 madmusic36

madmusic36
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 04 February 2016 - 09:57 AM

The safesear.ch is gone, thank you, but system is running slow.

#15 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:43 PM

Posted 04 February 2016 - 05:23 PM

The safesear.ch is gone, thank you, but system is running slow.

:thumbup2:  Please post eset scan log.

 

And PC restart >>>>>> Send a fresh FRST Logs for my check.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users