Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan agent keeps returning after being cleaned


  • This topic is locked This topic is locked
31 replies to this topic

#1 larry-ark

larry-ark

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 23 March 2016 - 12:01 PM

This lap top pc has been on the shelf for awile because of malware. I cleaned and tried to run it but it kept bsoding and would only run about a min. I had the mini dump read and was advised to come here to try some removal logs. Thanks for all help. larry

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Tosha (administrator) on TOSHA-HP (23-03-2016 11:40:24)
Running from C:\Users\Tosha\Desktop
Loaded Profiles: Tosha (Available Profiles: Tosha)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\svchost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-02-15] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-17] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-10-09] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1444880 2016-03-21] (Easybits)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1306225438-342258371-4147660141-1000\...\Run: [Google Update] => C:\Users\Tosha\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-03-21] (Google Inc.)
HKU\S-1-5-21-1306225438-342258371-4147660141-1000\...\Run: [Facebook Update] => C:\Users\Tosha\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-10] (Facebook Inc.)
HKU\S-1-5-21-1306225438-342258371-4147660141-1000\...\Run: [GoogleChromeAutoLaunch_43D5A6939F03DD04BB4E947A2213D7A7] => C:\Users\Tosha\AppData\Local\Google\Chrome\Application\chrome.exe [874136 2016-03-07] (Google Inc.)
HKU\S-1-5-21-1306225438-342258371-4147660141-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-1306225438-342258371-4147660141-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1306225438-342258371-4147660141-1000\...\Policies\system: [DisableChangePassword] 0
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-04-16] (EasyBits Software Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{AE871615-B54E-45E5-9021-2A4C55B898AF}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-1306225438-342258371-4147660141-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {6ADF5890-B68E-4664-B91D-374BBDA97046} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {6ADF5890-B68E-4664-B91D-374BBDA97046} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1306225438-342258371-4147660141-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-03-22] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-16] (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-03-22] (Google Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-04-16] (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-03-22] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-03-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1306225438-342258371-4147660141-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)

FireFox:
========
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-04-16] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-06-10] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-04-16] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-21] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin HKU\S-1-5-21-1306225438-342258371-4147660141-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Tosha\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1306225438-342258371-4147660141-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Tosha\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-21] (Google Inc.)
FF Plugin HKU\S-1-5-21-1306225438-342258371-4147660141-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Tosha\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-21] (Google Inc.)

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Tosha\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Tosha\AppData\Local\Google\Chrome\Application\49.0.2623.87\gcswf32.dll => No File
CHR Plugin: (Native Client) - C:\Users\Tosha\AppData\Local\Google\Chrome\Application\49.0.2623.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Tosha\AppData\Local\Google\Chrome\Application\49.0.2623.87\pdf.dll => No File
CHR Plugin: (registryAccess) - C:\Users\Tosha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaaooaijelonlmbcbjkocdnicdfmo\7.13.2.19441_0\background/registryAccess.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll => No File
CHR Profile: C:\Users\Tosha\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tosha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-21]
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - <no Path/update_url>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 UpdaterService; "C:\ProgramData\UpdaterService\wsupdsvc.exe" /SERVICE [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-23] (Malwarebytes)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-23 11:40 - 2016-03-23 11:40 - 00015664 _____ C:\Users\Tosha\Desktop\FRST.txt
2016-03-23 11:40 - 2016-03-23 11:40 - 00000000 ____D C:\FRST
2016-03-23 11:36 - 2016-03-23 11:36 - 02374144 _____ (Farbar) C:\Users\Tosha\Desktop\FRST64.exe
2016-03-23 10:36 - 2016-03-23 10:36 - 00262144 _____ C:\Windows\Minidump\032316-17175-01.dmp
2016-03-23 10:29 - 2016-03-23 10:30 - 00262144 _____ C:\Windows\Minidump\032316-35084-01.dmp
2016-03-23 10:28 - 2009-07-13 20:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\svchost.exe
2016-03-23 09:49 - 2016-03-23 09:49 - 00262144 _____ C:\Windows\Minidump\032316-27534-01.dmp
2016-03-23 09:48 - 2016-03-23 09:48 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-03-23 09:45 - 2016-03-23 09:45 - 00266288 _____ C:\Windows\Minidump\032316-29062-01.dmp
2016-03-23 09:30 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-23 09:30 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-23 09:30 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-23 09:30 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-23 09:30 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-23 09:30 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-23 09:30 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-03-23 09:30 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-23 09:30 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-23 09:30 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-23 09:30 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-23 09:30 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-23 09:30 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-23 09:30 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-23 08:36 - 2016-03-23 08:36 - 00002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2016-03-23 08:36 - 2016-03-23 08:36 - 00002120 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
2016-03-23 08:36 - 2016-03-23 08:36 - 00000000 ____D C:\Program Files (x86)\Belarc
2016-03-22 20:30 - 2016-03-22 20:30 - 00262144 _____ C:\Windows\Minidump\032216-25381-01.dmp
2016-03-22 20:20 - 2016-03-22 20:21 - 00262144 _____ C:\Windows\Minidump\032216-33789-01.dmp
2016-03-22 20:12 - 2016-03-22 20:12 - 00262144 _____ C:\Windows\Minidump\032216-28626-01.dmp
2016-03-22 20:08 - 2016-03-22 20:08 - 00262144 _____ C:\Windows\Minidump\032216-36473-01.dmp
2016-03-22 20:00 - 2016-03-22 20:01 - 00262144 _____ C:\Windows\Minidump\032216-33181-01.dmp
2016-03-22 18:13 - 2016-03-22 18:13 - 00000000 _____ C:\Users\Tosha\AppData\Local\{6734EE2F-386C-4302-8F55-9823C87DE5AF}
2016-03-22 18:11 - 2016-03-22 18:11 - 00262144 _____ C:\Windows\Minidump\032216-34725-01.dmp
2016-03-22 16:06 - 2016-03-22 16:06 - 00262144 _____ C:\Windows\Minidump\032216-34679-01.dmp
2016-03-22 15:29 - 2016-03-22 15:29 - 00262144 _____ C:\Windows\Minidump\032216-20248-01.dmp
2016-03-22 15:26 - 2016-03-22 15:26 - 00262144 _____ C:\Windows\Minidump\032216-20498-01.dmp
2016-03-22 14:49 - 2016-03-22 14:49 - 00262144 _____ C:\Windows\Minidump\032216-21512-01.dmp
2016-03-22 14:45 - 2016-03-22 14:45 - 00262144 _____ C:\Windows\Minidump\032216-21216-01.dmp
2016-03-22 13:42 - 2016-03-22 13:42 - 01995586 _____ C:\Users\Tosha\Documents\SysnativeFileCollectionApp.zip
2016-03-22 13:36 - 2016-03-22 13:38 - 00000000 ____D C:\Users\Tosha\Documents\SysnativeFileCollectionApp
2016-03-22 13:35 - 2016-03-22 13:36 - 00158720 _____ (Sysnative) C:\Users\Tosha\Downloads\SysnativeBSODCollectionApp.exe
2016-03-22 13:15 - 2016-03-22 13:15 - 00262144 _____ C:\Windows\Minidump\032216-19063-01.dmp
2016-03-22 12:31 - 2016-03-22 12:31 - 00262144 _____ C:\Windows\Minidump\032216-34445-01.dmp
2016-03-22 09:44 - 2016-03-22 09:44 - 01805141 _____ C:\Users\Tosha\Desktop\TOSHA-HP-Tue_03_22_2016__94047_13.zip
2016-03-22 09:40 - 2016-03-22 09:44 - 00000000 ____D C:\Users\Tosha\Desktop\SFdebugFiles
2016-03-22 09:19 - 2016-03-22 09:19 - 00262144 _____ C:\Windows\Minidump\032216-19141-01.dmp
2016-03-21 22:16 - 2016-03-21 22:16 - 00262144 _____ C:\Windows\Minidump\032116-18595-01.dmp
2016-03-21 21:29 - 2016-03-23 11:15 - 01129406 _____ C:\Windows\ntbtlog.txt
2016-03-21 21:29 - 2016-03-21 21:29 - 00262144 _____ C:\Windows\Minidump\032116-20716-01.dmp
2016-03-21 20:30 - 2016-03-21 20:30 - 00262144 _____ C:\Windows\Minidump\032116-35817-01.dmp
2016-03-21 20:26 - 2016-03-23 10:36 - 388753996 _____ C:\Windows\MEMORY.DMP
2016-03-21 20:26 - 2016-03-21 20:26 - 00262144 _____ C:\Windows\Minidump\032116-37206-01.dmp
2016-03-21 19:51 - 2016-03-22 15:53 - 00000975 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-03-21 19:51 - 2016-03-21 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-03-21 19:51 - 2016-03-21 19:51 - 00000000 ____D C:\Program Files\CCleaner
2016-03-21 17:22 - 2016-03-21 17:22 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-21 17:09 - 2016-03-21 20:31 - 00000000 ____D C:\ProgramData\Easybits Magic Desktop for HP
2016-03-21 15:59 - 2016-03-21 16:48 - 00000000 ____D C:\ProgramData\HitmanPro
2016-03-21 15:13 - 2016-03-23 10:17 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-21 15:13 - 2016-03-21 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-21 15:12 - 2016-03-21 15:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-21 15:12 - 2016-03-21 15:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-21 15:12 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-21 15:12 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-21 15:12 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-21 14:50 - 2016-03-21 14:50 - 00000000 __SHD C:\found.004
2016-03-21 14:38 - 2016-03-21 14:40 - 00000000 ____D C:\AdwCleaner

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-23 11:16 - 2009-07-14 00:13 - 00005388 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-23 10:36 - 2011-12-18 21:50 - 00000000 ____D C:\Windows\Minidump
2016-03-23 10:35 - 2011-12-14 14:19 - 00000410 _____ C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2016-03-23 10:35 - 2011-12-14 14:12 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-23 10:33 - 2009-07-13 23:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-23 10:33 - 2009-07-13 23:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-23 10:30 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-23 10:27 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\schemas
2016-03-23 09:31 - 2011-11-04 14:02 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{403A6F54-840C-4FED-B2B3-1BF518F62127}
2016-03-23 08:47 - 2011-12-14 14:12 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-23 08:42 - 2011-11-07 19:31 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1306225438-342258371-4147660141-1000UA.job
2016-03-23 08:24 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-03-22 09:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-03-21 21:00 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-03-21 20:10 - 2011-11-14 23:13 - 00000000 ____D C:\Users\Tosha\AppData\Local\CrashDumps
2016-03-21 20:10 - 2007-01-01 20:25 - 00000000 ____D C:\Windows\Panther
2016-03-21 19:15 - 2011-08-25 15:24 - 00000000 ____D C:\ProgramData\Norton
2016-03-21 19:09 - 2011-12-14 14:11 - 00000000 ____D C:\ProgramData\Yahoo!
2016-03-21 19:09 - 2011-12-14 14:10 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-03-21 18:38 - 2011-11-04 13:56 - 00000000 ____D C:\Users\Tosha
2016-03-21 18:34 - 2011-04-16 20:39 - 00000000 ____D C:\ProgramData\RoxioNow
2016-03-21 18:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-03-21 18:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-03-21 16:45 - 2011-11-07 19:32 - 00002334 _____ C:\Users\Tosha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-21 16:45 - 2011-11-07 19:32 - 00002326 _____ C:\Users\Tosha\Desktop\Google Chrome.lnk
2016-03-21 16:42 - 2011-12-14 14:12 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-21 16:42 - 2011-12-14 14:12 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-21 16:42 - 2011-11-07 19:31 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1306225438-342258371-4147660141-1000Core.job
2016-03-21 16:37 - 2011-11-07 19:31 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1306225438-342258371-4147660141-1000UA
2016-03-21 16:37 - 2011-11-07 19:31 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1306225438-342258371-4147660141-1000Core
2016-03-21 16:35 - 2011-12-14 14:12 - 00000000 ____D C:\Users\Tosha\AppData\Local\WeatherBug
2016-03-21 16:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\ModemLogs
2016-03-21 14:40 - 2011-12-14 14:10 - 00000000 ____D C:\Users\Tosha\AppData\LocalLow\Yahoo!
2016-03-21 14:10 - 2012-10-10 22:22 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1306225438-342258371-4147660141-1000UA.job

==================== Files in the root of some directories =======

2012-10-31 18:08 - 2012-10-31 18:08 - 0000000 _____ () C:\Users\Tosha\AppData\Roaming\Microsoft\1D4F.tmp
2016-03-22 18:13 - 2016-03-22 18:13 - 0000000 _____ () C:\Users\Tosha\AppData\Local\{6734EE2F-386C-4302-8F55-9823C87DE5AF}
2011-12-26 00:45 - 2011-12-26 00:45 - 0000000 _____ () C:\Users\Tosha\AppData\Local\{CCEAB74C-8D10-42B4-8441-8CBCD8A93695}
2012-01-07 01:55 - 2012-01-07 01:55 - 0000000 _____ () C:\ProgramData\bcf42c9ab636d423aee9663644977d40_c
C:\Windows\svchost.exe
ATTENTION ====> Check for partition/boot infection.

Some files in TEMP:
====================
C:\Users\Tosha\AppData\Local\Temp\ddvibukn.dll
C:\Users\Tosha\AppData\Local\Temp\fuqulqnc.dll
C:\Users\Tosha\AppData\Local\Temp\HitmanPro.exe
C:\Users\Tosha\AppData\Local\Temp\nnpbddsf.dll
C:\Users\Tosha\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-21 14:33

==================== End of FRST.txt ============================

 

 

 

 

Attached File  Addition.txt   26.3KB   2 downloads

Attached Files

  • Attached File  FRST.txt   27.48KB   3 downloads

Edited by larry-ark, 23 March 2016 - 12:09 PM.


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:42 AM

Posted 23 March 2016 - 04:01 PM

Hello larry-ark and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

 

 

I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 
Sincerely
:hello:

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 larry-ark

larry-ark
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 23 March 2016 - 04:35 PM

Hello Yilmaz thanks for the help. larry



#4 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:42 AM

Posted 23 March 2016 - 06:57 PM

Hi larry-ark,

Please unistall:
Bing Bar
Coupon Printer for Windows


And PC restart.

=======================================================

 

Step 1:
 FRST Script:
 Please download this attached Attached File  Fixlist.txt   6.07KB   13 downloads  and save it in the same directory as FRST

  • Close any open browsers or any other programs that are open
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:

Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 larry-ark

larry-ark
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 23 March 2016 - 07:28 PM

yilmaz I have only been able to run in safe mode I was unable to uninstall bing bar because the uninstall would not work. When I restart the pc it blue screens after a min of booting and just loops. so i run it in safe mode

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Tosha (2016-03-23 19:53:42) Run:1
Running from C:\Users\Tosha\Desktop
Loaded Profiles: Tosha (Available Profiles: Tosha)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
Task: {1C343B67-0533-4DAF-9924-F3324874CE6F} - \Test TimeTrigger -> No File <==== ATTENTION
Task: {55B7E0A3-7296-49D0-AD86-1A444307DCE8} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {B98C5B71-06E5-4DD5-A206-8864E0BA0602} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe
Task: {BD583D01-7C0E-41C4-A740-BE2C57B53BC2} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe
Task: C:\Windows\Tasks\HPCeeScheduleForTosha.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1306225438-342258371-4147660141-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1306225438-342258371-4147660141-1000\...\Policies\system: [DisableChangePassword] 0
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {6ADF5890-B68E-4664-B91D-374BBDA97046} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {6ADF5890-B68E-4664-B91D-374BBDA97046} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1306225438-342258371-4147660141-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1306225438-342258371-4147660141-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Shockwave Flash) - C:\Users\Tosha\AppData\Local\Google\Chrome\Application\49.0.2623.87\gcswf32.dll => No File
CHR Plugin: (Native Client) - C:\Users\Tosha\AppData\Local\Google\Chrome\Application\49.0.2623.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Tosha\AppData\Local\Google\Chrome\Application\49.0.2623.87\pdf.dll => No File
CHR Plugin: (registryAccess) - C:\Users\Tosha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaaooaijelonlmbcbjkocdnicdfmo\7.13.2.19441_0\background/registryAccess.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - <no Path/update_url>
C:\Windows\Minidump /s
2016-03-23 10:35 - 2011-12-14 14:19 - 00000410 _____ C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2016-03-23 10:35 - 2011-12-14 14:12 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-21 19:15 - 2011-08-25 15:24 - 00000000 ____D C:\ProgramData\Norton
2016-03-21 19:09 - 2011-12-14 14:11 - 00000000 ____D C:\ProgramData\Yahoo!
2016-03-21 19:09 - 2011-12-14 14:10 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-03-21 14:40 - 2011-12-14 14:10 - 00000000 ____D C:\Users\Tosha\AppData\LocalLow\Yahoo!
2016-03-21 14:10 - 2012-10-10 22:22 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1306225438-342258371-4147660141-1000UA.job
C:\Users\Tosha\AppData\Roaming\Microsoft\1D4F.tmp
2012-01-07 01:55 - 2012-01-07 01:55 - 0000000 _____ () C:\ProgramData\bcf42c9ab636d423aee9663644977d40_c
C:\Windows\svchost.exe
CMD: bootrec /FixMBR
ATTENTION ====> Check for partition/boot infection.
C:\Users\Tosha\AppData\Local\Temp\ddvibukn.dll
C:\Users\Tosha\AppData\Local\Temp\fuqulqnc.dll
C:\Users\Tosha\AppData\Local\Temp\HitmanPro.exe
C:\Users\Tosha\AppData\Local\Temp\nnpbddsf.dll
C:\Users\Tosha\AppData\Local\Temp\sqlite3.dll
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
end
Reboot:
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C343B67-0533-4DAF-9924-F3324874CE6F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C343B67-0533-4DAF-9924-F3324874CE6F}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{55B7E0A3-7296-49D0-AD86-1A444307DCE8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55B7E0A3-7296-49D0-AD86-1A444307DCE8}" => key removed successfully
C:\Windows\System32\Tasks\PC Optimizer Pro64 startups => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro64 startups" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B98C5B71-06E5-4DD5-A206-8864E0BA0602}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B98C5B71-06E5-4DD5-A206-8864E0BA0602}" => key removed successfully
C:\Windows\System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Symantec\Norton Error Processor 18.7.2.3" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD583D01-7C0E-41C4-A740-BE2C57B53BC2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD583D01-7C0E-41C4-A740-BE2C57B53BC2}" => key removed successfully
C:\Windows\System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Symantec\Norton Error Analyzer 18.7.2.3" => key removed successfully
C:\Windows\Tasks\HPCeeScheduleForTosha.job => moved successfully
C:\Windows\Tasks\PC Optimizer Pro64 startups.job => moved successfully
C:\Windows\system32\Drivers\etc\hosts => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value removed successfully
HKU\S-1-5-21-1306225438-342258371-4147660141-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => value removed successfully
HKU\S-1-5-21-1306225438-342258371-4147660141-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableChangePassword => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6ADF5890-B68E-4664-B91D-374BBDA97046}" => key removed successfully
HKCR\CLSID\{6ADF5890-B68E-4664-B91D-374BBDA97046} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6ADF5890-B68E-4664-B91D-374BBDA97046}" => key removed successfully
HKCR\Wow6432Node\CLSID\{6ADF5890-B68E-4664-B91D-374BBDA97046} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1306225438-342258371-4147660141-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => value removed successfully
"HKCR\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}" => key removed successfully
HKU\S-1-5-21-1306225438-342258371-4147660141-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Tosha\AppData\Local\Google\Chrome\Application\49.0.2623.87\gcswf32.dll => not found.
C:\Users\Tosha\AppData\Local\Google\Chrome\Application\49.0.2623.87\ppGoogleNaClPluginChrome.dll => not found.
C:\Users\Tosha\AppData\Local\Google\Chrome\Application\49.0.2623.87\pdf.dll => not found.
C:\Users\Tosha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaaooaijelonlmbcbjkocdnicdfmo\7.13.2.19441_0\background/registryAccess.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => not found.
C:\Windows\system32\Adobe\Director\np32dsw.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll => not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\idkknaphebegndgimgdpfnconcickdfn" => key removed successfully
"C:\Windows\Minidump /s" => not found.
"C:\Windows\Tasks\PC Optimizer Pro64 startups.job" => not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\ProgramData\Norton => moved successfully
C:\ProgramData\Yahoo! => moved successfully
C:\Program Files (x86)\Yahoo! => moved successfully
C:\Users\Tosha\AppData\LocalLow\Yahoo! => moved successfully
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1306225438-342258371-4147660141-1000UA.job => moved successfully
C:\Users\Tosha\AppData\Roaming\Microsoft\1D4F.tmp => moved successfully
C:\ProgramData\bcf42c9ab636d423aee9663644977d40_c => moved successfully
C:\Windows\svchost.exe => moved successfully

=========  bootrec /FixMBR =========

'bootrec' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========

ATTENTION ====> Check for partition/boot infection. => Error: No automatic fix found for this entry.
C:\Users\Tosha\AppData\Local\Temp\ddvibukn.dll => moved successfully
C:\Users\Tosha\AppData\Local\Temp\fuqulqnc.dll => moved successfully
C:\Users\Tosha\AppData\Local\Temp\HitmanPro.exe => moved successfully
C:\Users\Tosha\AppData\Local\Temp\nnpbddsf.dll => moved successfully
C:\Users\Tosha\AppData\Local\Temp\sqlite3.dll => moved successfully

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.

 

========= End of Reg: =========

========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.

 

========= End of Reg: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========  netsh winsock reset all =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========  netsh int ipv4 reset =========

Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

=========  netsh int ipv6 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

EmptyTemp: => 1.1 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 20:07:20 ====


Edited by larry-ark, 23 March 2016 - 08:22 PM.


#6 larry-ark

larry-ark
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 23 March 2016 - 08:36 PM

zemana will not run in safe mode so I am unable to do this.



#7 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:42 AM

Posted 24 March 2016 - 06:01 PM

Okay. Thank you.

 

Boot to Safemode with Networking or safemode

To Enter Safemode

  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
    this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
  • Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode
 
next....

  • Please download rkill (Courtesy of Bleepingcomputer.com).
  • There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
  • Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
  • Note: You only need to get one of the tools to run, not all of them.

1. rkill.exe

2. rkill.com

3. rkill.scr

4. WiNlOgOn.exe

5. uSeRiNiT.exe

 
next....

Please download Malwarebytes Anti-Malware to your desktop.

Scan with Malwarebytes Antimalware

  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.
  • If Malware or Potentially Unwanted Programs ''PUPs'' are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.

==================================================
Next, download ComboFix Save to the Desktop

  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 


Edited by olgun52, 24 March 2016 - 06:06 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 larry-ark

larry-ark
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 24 March 2016 - 08:15 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/24/2016
Scan Time: 7:48 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.03.24.06
Rootkit Database: v2016.03.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Tosha

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345964
Time Elapsed: 12 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
Trojan.Agent, C:\Windows\svchost.exe, 1764, , [059103887425f541e9b51743d72ca759]

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Agent, C:\Windows\svchost.exe, , [059103887425f541e9b51743d72ca759],

Physical Sectors: 3
Rootkit.Pihar.c.MBR, Physical Sector #13 on Drive #0, , [53343e92f0bca61cfa4e7b2c1f3cac06],
Rootkit.Pihar.c.MBR, Master Boot Record on Drive #0, , [30b850bc6320217cad7e61b69d3d9f58],
Forged physical sector, Physical Sector #976772624 on Drive #0, , [bf619eac0cdf3f68d496ea9344137e8b],

(end)



#9 larry-ark

larry-ark
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 24 March 2016 - 08:41 PM

ComboFix 16-03-19.01 - Tosha 03/24/2016  20:32:03.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3894.3253 [GMT -5:00]
Running from: c:\users\Tosha\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
(((((((((((((((((((((((((   Files Created from 2016-02-25 to 2016-03-25  )))))))))))))))))))))))))))))))
.
.
2016-03-25 01:36 . 2016-03-25 01:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-25 01:10 . 2016-03-25 01:10 79064 ----a-w- c:\windows\system32\drivers\esfbl.sys
2016-03-24 01:29 . 2016-03-24 01:29 -------- d-----w- c:\users\Tosha\AppData\Local\Zemana
2016-03-23 16:40 . 2016-03-24 01:11 -------- d-----w- C:\FRST
2016-03-23 14:07 . 2016-03-10 17:51 11249080 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D8D96D7-CA73-4C88-895B-ABA33179D4F1}\mpengine.dll
2016-03-23 13:36 . 2016-03-23 13:36 -------- d-----w- c:\program files (x86)\Belarc
2016-03-21 22:22 . 2016-03-21 22:22 -------- d-----w- c:\program files\Common Files\AV
2016-03-21 22:09 . 2016-03-22 01:31 -------- d-----w- c:\programdata\Easybits Magic Desktop for HP
2016-03-21 20:59 . 2016-03-21 21:48 -------- d-----w- c:\programdata\HitmanPro
2016-03-21 20:13 . 2016-03-25 00:48 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-03-21 20:12 . 2016-03-21 20:51 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-03-21 20:12 . 2016-03-21 20:12 -------- d-----w- c:\programdata\Malwarebytes
2016-03-21 20:12 . 2016-03-10 19:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-03-21 20:12 . 2016-03-10 19:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-03-21 20:12 . 2016-03-10 19:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-03-21 20:11 . 2016-03-21 20:11 -------- d-----w- c:\users\Tosha\AppData\Local\Programs
2016-03-21 19:50 . 2016-03-21 19:50 -------- d-----w- C:\found.004
2016-03-21 19:38 . 2016-03-21 19:40 -------- d-----w- C:\AdwCleaner
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-21 23:38 . 2010-06-24 18:33 24288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_43D5A6939F03DD04BB4E947A2213D7A7"="c:\users\Tosha\AppData\Local\Google\Chrome\Application\chrome.exe" [2016-03-08 874136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-18 318520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Magic Desktop for HP notification"="c:\programdata\Easybits Magic Desktop for HP\mdhpSUN.exe" [2016-03-22 1444880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" [2016-03-10 55264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
R2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
R2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R2 UpdaterService;WhiteSmoke Updater Service;c:\programdata\UpdaterService\wsupdsvc.exe;c:\programdata\UpdaterService\wsupdsvc.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1306225438-342258371-4147660141-1000Core.job
- c:\users\Tosha\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-11 03:22]
.
2016-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-14 21:41]
.
2016-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1306225438-342258371-4147660141-1000Core.job
- c:\users\Tosha\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-08 21:36]
.
2016-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1306225438-342258371-4147660141-1000UA.job
- c:\users\Tosha\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-08 21:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-21 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-21 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-21 418328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-15 1128448]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-MBAMSwissArmy
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
   7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
   eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{167D9323-F7CC-48F5-948A-6F012831A69F}"=hex:51,66,7a,6c,4c,1d,38,12,4d,90,6e,
   12,fe,b9,9b,0d,eb,9c,2c,41,2d,6f,e2,8b
"{5911488E-9D1E-40EC-8CBB-06B231CC153F}"=hex:51,66,7a,6c,4c,1d,38,12,e0,4b,02,
   5d,2c,d3,82,05,f3,ad,45,f2,34,92,51,2b
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
   06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{5AB7104A-B71F-49AD-9154-F7F8806AE848}"=hex:51,66,7a,6c,4c,1d,38,12,24,13,a4,
   5e,2d,f9,c3,0c,ee,42,b4,b8,85,34,ac,5c
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
   64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
   69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,
   6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}"=hex:51,66,7a,6c,4c,1d,38,12,ae,93,7e,
   f9,dc,a8,a8,0e,c6,e1,dd,93,1c,37,c4,13
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
   f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:be,a7,45,94,97,7d,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-03-24  20:38:50
ComboFix-quarantined-files.txt  2016-03-25 01:38
.
Pre-Run: 426,932,252,672 bytes free
Post-Run: 426,590,584,832 bytes free
.
- - End Of File - - 2F8F682758C17FD3F4959F1F836ECCD5
 



#10 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:42 AM

Posted 24 March 2016 - 09:18 PM

G'nite, see you tomorrow


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 larry-ark

larry-ark
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 24 March 2016 - 09:37 PM

Good night 



#12 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:42 AM

Posted 25 March 2016 - 05:37 PM

Hi again,

 

I do not see Rkill report .Please post.

=====================================

 

Step 1:

MalwareBytes Anti-Rootkit scan:

  • Close all the running processes
  • Be sure to temporarily disable all antivirus/anti-spyware softwares
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.

:step1: Download MalwareBytes Anti-Rootkit software from here to your desktop.

  • Right-click on Mbar 1.09.1.1004.exe and select Run As Administrator  to launch the application.

:step2: Open a folder with MBAR name on desktop.
:step3: The MBAR folder in the list you find.
:step4: Click once. :step5:  Now click the OK button. :step6: Click the OK button again.

Ashampoo_Snap_2015.05.21_21h16m53s_002__
 
:step7: Then Next and click on the Uptade button
:step8: Now click on the scan button

  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
  • Could not load protection driver'. Click 'OK'.
  • Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please  attach the two log files created by the tool within the folder from which it was run.
  • The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

Step 2:

RogueKiller scan:

  • Please download and run RogueKiller  32/64 bit to your desktop
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  • Click Scan to scan the system.
  • When the scan completes > Close out the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!
  • Post back the report which should be located on your desktop.

Step 3:
Run TDSSKiller by Kaspersky

  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply even if no threats are found.

-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 larry-ark

larry-ark
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 25 March 2016 - 06:51 PM

Hi   This pc is now staying running with no bsod loop so I am now able to be posting and running in normal windows mode ... thats a good thing.

 

 

 

Rkill 2.8.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/24/2016 07:38:38 PM in x64 mode. (Safe Mode)
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 03/24/2016 07:40:47 PM
Execution time: 0 hours(s), 2 minute(s), and 9 seconds(s)



#14 larry-ark

larry-ark
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 25 March 2016 - 08:56 PM

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.03.25.04
  rootkit: v2016.03.12.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tosha :: TOSHA-HP [administrator]

3/25/2016 7:38:48 PM
mbar-log-2016-03-25 (19-38-48).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 360046
Time elapsed: 49 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_24

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.127000 GHz
Memory total: 4083007488, free: 278024192

Downloaded database version: v2016.03.25.04
Downloaded database version: v2016.03.12.01
Downloaded database version: v2016.03.24.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     03/25/2016 19:37:49
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\difxapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\ole32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\shell32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\gdi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\psapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\imm32.dll
\Windows\System32\wininet.dll
\Windows\System32\nsi.dll
\Windows\System32\usp10.dll
\Windows\System32\Wldap32.dll
\Windows\System32\iertutil.dll
\Windows\System32\imagehlp.dll
\Windows\System32\oleaut32.dll
\Windows\System32\advapi32.dll
\Windows\System32\lpk.dll
\Windows\System32\sechost.dll
\Windows\System32\setupapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\msctf.dll
\Windows\System32\user32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\comdlg32.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2016.03.25.04
  rootkit: v2016.03.12.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8005131730, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005132040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005131730, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004f93050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: AF6BEC14

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 945358848
    Partition is bootable
    Partition file system is NTFS

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 945768448  Numsec = 30791680
    Partition is bootable
    Partition file system is NTFS

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-409600-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-945768448-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished



#15 larry-ark

larry-ark
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 25 March 2016 - 10:34 PM

RogueKiller V12.0.3.0 [Mar 21 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Tosha [Administrator]
Started from : C:\Users\Tosha\Desktop\RogueKiller.exe
Mode : Scan -- Date : 03/25/2016 21:27:21

¤¤¤ Processes : 1 ¤¤¤
[Proc.Injected] mdhpSUN.exe(3812) -- C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe[x] -> Found

¤¤¤ Registry : 3 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UpdaterService ("C:\ProgramData\UpdaterService\wsupdsvc.exe" /SERVICE) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UpdaterService ("C:\ProgramData\UpdaterService\wsupdsvc.exe" /SERVICE) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\UpdaterService ("C:\ProgramData\UpdaterService\wsupdsvc.exe" /SERVICE) -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> Found
[PUP][Folder] C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60} -> Found

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HM501II +++++
--- User ---
[MBR] 30b850bc6320217cad7e61b69d3d9f58
[BSP] 4e9ddcbabe3d494e60d0b632ff2e1179 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 461601 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 945768448 | Size: 15035 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


22:20:40.0642 0x13fc  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
22:20:58.0706 0x13fc  ============================================================
22:20:58.0706 0x13fc  Current date / time: 2016/03/25 22:20:58.0706
22:20:58.0706 0x13fc  SystemInfo:
22:20:58.0706 0x13fc 
22:20:58.0706 0x13fc  OS Version: 6.1.7601 ServicePack: 1.0
22:20:58.0706 0x13fc  Product type: Workstation
22:20:58.0706 0x13fc  ComputerName: TOSHA-HP
22:20:58.0706 0x13fc  UserName: Tosha
22:20:58.0706 0x13fc  Windows directory: C:\Windows
22:20:58.0706 0x13fc  System windows directory: C:\Windows
22:20:58.0706 0x13fc  Running under WOW64
22:20:58.0706 0x13fc  Processor architecture: Intel x64
22:20:58.0706 0x13fc  Number of processors: 2
22:20:58.0706 0x13fc  Page size: 0x1000
22:20:58.0706 0x13fc  Boot type: Normal boot
22:20:58.0706 0x13fc  ============================================================
22:20:58.0862 0x13fc  KLMD registered as C:\Windows\system32\drivers\18053427.sys
22:20:59.0128 0x13fc  System UUID: {C7A2572E-F046-712C-BCA3-7AB72B88A54E}
22:20:59.0658 0x13fc  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:20:59.0674 0x13fc  ============================================================
22:20:59.0674 0x13fc  \Device\Harddisk0\DR0:
22:20:59.0674 0x13fc  MBR partitions:
22:20:59.0674 0x13fc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
22:20:59.0674 0x13fc  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38590800
22:20:59.0674 0x13fc  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x385F4800, BlocksNum 0x1D5D800
22:20:59.0674 0x13fc  ============================================================
22:20:59.0689 0x13fc  C: <-> \Device\Harddisk0\DR0\Partition2
22:20:59.0736 0x13fc  D: <-> \Device\Harddisk0\DR0\Partition3
22:20:59.0752 0x13fc  ============================================================
22:20:59.0752 0x13fc  Initialize success
22:20:59.0752 0x13fc  ============================================================
22:21:04.0884 0x0df8  ============================================================
22:21:04.0884 0x0df8  Scan started
22:21:04.0884 0x0df8  Mode: Manual;
22:21:04.0884 0x0df8  ============================================================
22:21:04.0884 0x0df8  KSN ping started
22:21:39.0188 0x0df8  KSN ping finished: true
22:21:39.0703 0x0df8  ================ Scan system memory ========================
22:21:39.0703 0x0df8  System memory - ok
22:21:39.0703 0x0df8  ================ Scan services =============================
22:21:39.0859 0x0df8  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:21:39.0859 0x0df8  1394ohci - ok
22:21:39.0937 0x0df8  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:21:39.0953 0x0df8  ACPI - ok
22:21:40.0000 0x0df8  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:21:40.0000 0x0df8  AcpiPmi - ok
22:21:40.0062 0x0df8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:21:40.0078 0x0df8  adp94xx - ok
22:21:40.0140 0x0df8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:21:40.0140 0x0df8  adpahci - ok
22:21:40.0171 0x0df8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:21:40.0171 0x0df8  adpu320 - ok
22:21:40.0202 0x0df8  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:21:40.0202 0x0df8  AeLookupSvc - ok
22:21:40.0280 0x0df8  [ 1C7857B62DE5994A75B054A9FD4C3825, 83F963D7E636532B1AD30B1E727EC429317CA540F6EB3BB268FCC0B163B67767 ] AFD             C:\Windows\system32\drivers\afd.sys
22:21:40.0296 0x0df8  AFD - ok
22:21:40.0358 0x0df8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
22:21:40.0358 0x0df8  agp440 - ok
22:21:40.0390 0x0df8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
22:21:40.0390 0x0df8  ALG - ok
22:21:40.0452 0x0df8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:21:40.0452 0x0df8  aliide - ok
22:21:40.0468 0x0df8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
22:21:40.0468 0x0df8  amdide - ok
22:21:40.0530 0x0df8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:21:40.0530 0x0df8  AmdK8 - ok
22:21:40.0561 0x0df8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
22:21:40.0561 0x0df8  AmdPPM - ok
22:21:40.0608 0x0df8  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:21:40.0624 0x0df8  amdsata - ok
22:21:40.0686 0x0df8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
22:21:40.0686 0x0df8  amdsbs - ok
22:21:40.0717 0x0df8  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:21:40.0717 0x0df8  amdxata - ok
22:21:40.0780 0x0df8  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
22:21:40.0780 0x0df8  AppID - ok
22:21:40.0811 0x0df8  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:21:40.0811 0x0df8  AppIDSvc - ok
22:21:40.0858 0x0df8  [ 3977D4A871CA0D4F2ED1E7DB46829731, 2AF1C3225994769C3FD25CD7E9603964B035576F25B0B6D91545566E0722FFAA ] Appinfo         C:\Windows\System32\appinfo.dll
22:21:40.0858 0x0df8  Appinfo - ok
22:21:40.0951 0x0df8  [ D8E18021F91AD79CA8491CB5A5DA22D4, F44B5855BE8EF2D5FFED41E6E586071B0A90A8271FF79DF25F11C99C0B5481FF ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:21:40.0967 0x0df8  Apple Mobile Device - ok
22:21:41.0014 0x0df8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
22:21:41.0014 0x0df8  arc - ok
22:21:41.0045 0x0df8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:21:41.0045 0x0df8  arcsas - ok
22:21:41.0076 0x0df8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:21:41.0076 0x0df8  AsyncMac - ok
22:21:41.0123 0x0df8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
22:21:41.0123 0x0df8  atapi - ok
22:21:41.0185 0x0df8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:21:41.0216 0x0df8  AudioEndpointBuilder - ok
22:21:41.0232 0x0df8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:21:41.0248 0x0df8  AudioSrv - ok
22:21:41.0326 0x0df8  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:21:41.0326 0x0df8  AxInstSV - ok
22:21:41.0404 0x0df8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
22:21:41.0404 0x0df8  b06bdrv - ok
22:21:41.0435 0x0df8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:21:41.0435 0x0df8  b57nd60a - ok
22:21:41.0497 0x0df8  [ 93EE7D9C35AE7E9FFDA148D7805F1421, 9D88D5CC08F887B35A893FEC80D8CC4A9E4EAAF533E27D0F1B9CC36C171C92DA ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
22:21:41.0513 0x0df8  BBSvc - ok
22:21:41.0591 0x0df8  [ 9E84A931DBEE0292E38ED672F6293A99, 2945EAF0AC091709E0C5508B45EC343EDE507AC2B08A2D7D64F286D38424CBC4 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
22:21:41.0622 0x0df8  BCM43XX - ok
22:21:41.0669 0x0df8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:21:41.0669 0x0df8  BDESVC - ok
22:21:41.0700 0x0df8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:21:41.0700 0x0df8  Beep - ok
22:21:41.0778 0x0df8  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
22:21:41.0794 0x0df8  BFE - ok
22:21:41.0840 0x0df8  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
22:21:41.0872 0x0df8  BITS - ok
22:21:41.0934 0x0df8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
22:21:41.0934 0x0df8  blbdrive - ok
22:21:42.0012 0x0df8  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:21:42.0028 0x0df8  Bonjour Service - ok
22:21:42.0074 0x0df8  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:21:42.0074 0x0df8  bowser - ok
22:21:42.0121 0x0df8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
22:21:42.0121 0x0df8  BrFiltLo - ok
22:21:42.0137 0x0df8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
22:21:42.0137 0x0df8  BrFiltUp - ok
22:21:42.0215 0x0df8  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
22:21:42.0230 0x0df8  BridgeMP - ok
22:21:42.0246 0x0df8  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
22:21:42.0262 0x0df8  Browser - ok
22:21:42.0277 0x0df8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:21:42.0293 0x0df8  Brserid - ok
22:21:42.0308 0x0df8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:21:42.0308 0x0df8  BrSerWdm - ok
22:21:42.0340 0x0df8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:21:42.0340 0x0df8  BrUsbMdm - ok
22:21:42.0340 0x0df8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:21:42.0355 0x0df8  BrUsbSer - ok
22:21:42.0371 0x0df8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:21:42.0371 0x0df8  BTHMODEM - ok
22:21:42.0418 0x0df8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
22:21:42.0418 0x0df8  bthserv - ok
22:21:42.0449 0x0df8  catchme - ok
22:21:42.0464 0x0df8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:21:42.0464 0x0df8  cdfs - ok
22:21:42.0511 0x0df8  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:21:42.0511 0x0df8  cdrom - ok
22:21:42.0558 0x0df8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
22:21:42.0574 0x0df8  CertPropSvc - ok
22:21:42.0620 0x0df8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
22:21:42.0620 0x0df8  circlass - ok
22:21:42.0652 0x0df8  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
22:21:42.0667 0x0df8  CLFS - ok
22:21:42.0745 0x0df8  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:21:42.0745 0x0df8  clr_optimization_v2.0.50727_32 - ok
22:21:42.0792 0x0df8  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:21:42.0792 0x0df8  clr_optimization_v2.0.50727_64 - ok
22:21:42.0870 0x0df8  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:21:42.0870 0x0df8  clr_optimization_v4.0.30319_32 - ok
22:21:42.0917 0x0df8  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:21:42.0917 0x0df8  clr_optimization_v4.0.30319_64 - ok
22:21:42.0964 0x0df8  [ 50F92C943F18B070F166D019DFAB3D9A, A997EAFFC1598B1D0A9E1A4475F25418CA8AA6B703B53A71B1AF028E247C9950 ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
22:21:42.0964 0x0df8  clwvd - ok
22:21:43.0010 0x0df8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
22:21:43.0010 0x0df8  CmBatt - ok
22:21:43.0042 0x0df8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:21:43.0042 0x0df8  cmdide - ok
22:21:43.0088 0x0df8  [ 9AC4F97C2D3E93367E2148EA940CD2CD, 530E089E5CF868AECDB2B5548EBE76E0CA98FC74A72897292AB2485734402E3B ] CNG             C:\Windows\system32\Drivers\cng.sys
22:21:43.0088 0x0df8  CNG - ok
22:21:43.0151 0x0df8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
22:21:43.0151 0x0df8  Compbatt - ok
22:21:43.0198 0x0df8  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
22:21:43.0198 0x0df8  CompositeBus - ok
22:21:43.0213 0x0df8  COMSysApp - ok
22:21:43.0244 0x0df8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:21:43.0244 0x0df8  crcdisk - ok
22:21:43.0307 0x0df8  [ 9C01375BE382E834CC26D1B7EAF2C4FE, B1D1E36B91A3C3CD09428EE3403896F71390A2798323BB406B484D9DB064A219 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:21:43.0307 0x0df8  CryptSvc - ok
22:21:43.0416 0x0df8  [ 72794D112CBAFF3BC0C29BF7350D4741, 060C207F27306A3464FBCD8B08BDC97E34923ECA349933ECB059848BD08F41ED ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:21:43.0432 0x0df8  cvhsvc - ok
22:21:43.0478 0x0df8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:21:43.0494 0x0df8  DcomLaunch - ok
22:21:43.0525 0x0df8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
22:21:43.0525 0x0df8  defragsvc - ok
22:21:43.0588 0x0df8  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:21:43.0588 0x0df8  DfsC - ok
22:21:43.0634 0x0df8  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:21:43.0650 0x0df8  Dhcp - ok
22:21:43.0666 0x0df8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
22:21:43.0666 0x0df8  discache - ok
22:21:43.0712 0x0df8  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
22:21:43.0712 0x0df8  Disk - ok
22:21:43.0744 0x0df8  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:21:43.0759 0x0df8  Dnscache - ok
22:21:43.0775 0x0df8  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:21:43.0790 0x0df8  dot3svc - ok
22:21:43.0806 0x0df8  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
22:21:43.0806 0x0df8  DPS - ok
22:21:43.0868 0x0df8  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:21:43.0868 0x0df8  drmkaud - ok
22:21:43.0915 0x0df8  [ F5BEE30450E18E6B83A5012C100616FD, 44D0577D159FC2BDF4EAD1DC2C7FD14925D075225EF97608CAC52DEE405B08FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:21:43.0946 0x0df8  DXGKrnl - ok
22:21:44.0009 0x0df8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
22:21:44.0009 0x0df8  EapHost - ok
22:21:44.0134 0x0df8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
22:21:44.0305 0x0df8  ebdrv - ok
22:21:44.0336 0x0df8  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] EFS             C:\Windows\System32\lsass.exe
22:21:44.0336 0x0df8  EFS - ok
22:21:44.0414 0x0df8  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:21:44.0446 0x0df8  ehRecvr - ok
22:21:44.0461 0x0df8  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
22:21:44.0461 0x0df8  ehSched - ok
22:21:44.0524 0x0df8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:21:44.0539 0x0df8  elxstor - ok
22:21:44.0570 0x0df8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:21:44.0570 0x0df8  ErrDev - ok
22:21:44.0633 0x0df8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
22:21:44.0648 0x0df8  EventSystem - ok
22:21:44.0664 0x0df8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
22:21:44.0664 0x0df8  exfat - ok
22:21:44.0711 0x0df8  ezSharedSvc - ok
22:21:44.0742 0x0df8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:21:44.0742 0x0df8  fastfat - ok
22:21:44.0820 0x0df8  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
22:21:44.0836 0x0df8  Fax - ok
22:21:44.0851 0x0df8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
22:21:44.0851 0x0df8  fdc - ok
22:21:44.0898 0x0df8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
22:21:44.0898 0x0df8  fdPHost - ok
22:21:44.0914 0x0df8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:21:44.0914 0x0df8  FDResPub - ok
22:21:44.0945 0x0df8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:21:44.0945 0x0df8  FileInfo - ok
22:21:44.0960 0x0df8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:21:44.0960 0x0df8  Filetrace - ok
22:21:44.0976 0x0df8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
22:21:44.0976 0x0df8  flpydisk - ok
22:21:45.0023 0x0df8  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:21:45.0023 0x0df8  FltMgr - ok
22:21:45.0085 0x0df8  [ 5C4CB4086FB83115B153E47ADD961A0C, 0C3AB7D04BEB3A8FDE00B0C86E6FE064B1CEBB3E4DE1A29CD27830806FA300B3 ] FontCache       C:\Windows\system32\FntCache.dll
22:21:45.0116 0x0df8  FontCache - ok
22:21:45.0163 0x0df8  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:21:45.0179 0x0df8  FontCache3.0.0.0 - ok
22:21:45.0194 0x0df8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:21:45.0194 0x0df8  FsDepends - ok
22:21:45.0210 0x0df8  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:21:45.0226 0x0df8  Fs_Rec - ok
22:21:45.0257 0x0df8  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:21:45.0257 0x0df8  fvevol - ok
22:21:45.0319 0x0df8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:21:45.0319 0x0df8  gagp30kx - ok
22:21:45.0397 0x0df8  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
22:21:45.0413 0x0df8  GamesAppService - ok
22:21:45.0428 0x0df8  [ E403AACF8C7BB11375122D2464560311, 0427B8FFD999D256EA1A5135F218692959A7577CB32354D3087CF0FB4F0577DF ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:21:45.0428 0x0df8  GEARAspiWDM - ok
22:21:45.0475 0x0df8  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:21:45.0506 0x0df8  gpsvc - ok
22:21:45.0600 0x0df8  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:21:45.0600 0x0df8  gupdate - ok
22:21:45.0616 0x0df8  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:21:45.0631 0x0df8  gupdatem - ok
22:21:45.0662 0x0df8  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:21:45.0678 0x0df8  gusvc - ok
22:21:45.0694 0x0df8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:21:45.0694 0x0df8  hcw85cir - ok
22:21:45.0740 0x0df8  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:21:45.0740 0x0df8  HdAudAddService - ok
22:21:45.0787 0x0df8  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:21:45.0787 0x0df8  HDAudBus - ok
22:21:45.0818 0x0df8  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
22:21:45.0818 0x0df8  HECIx64 - ok
22:21:45.0850 0x0df8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
22:21:45.0850 0x0df8  HidBatt - ok
22:21:45.0865 0x0df8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:21:45.0865 0x0df8  HidBth - ok
22:21:45.0881 0x0df8  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:21:45.0881 0x0df8  HidIr - ok
22:21:45.0928 0x0df8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
22:21:45.0928 0x0df8  hidserv - ok
22:21:45.0959 0x0df8  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:21:45.0959 0x0df8  HidUsb - ok
22:21:45.0990 0x0df8  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:21:45.0990 0x0df8  hkmsvc - ok
22:21:46.0021 0x0df8  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:21:46.0037 0x0df8  HomeGroupListener - ok
22:21:46.0068 0x0df8  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:21:46.0068 0x0df8  HomeGroupProvider - ok
22:21:46.0162 0x0df8  [ 45A12CACB97B4F15858FCFD59355A1E9, E4D671F1E413D1C45CC797C93FC042FEC9B0AE9F7039C82E516A410AD49100AA ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
22:21:46.0162 0x0df8  HP Health Check Service - ok
22:21:46.0240 0x0df8  [ 6A181452D4E240B8ECC7614B9A19BDE9, 3E458A737DA597DF007D278E9D81F2BF259AB4B97A4C188CEDAEA1F144B1074F ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
22:21:46.0255 0x0df8  HPClientSvc - ok
22:21:46.0333 0x0df8  [ E040F0064D39F73BB4995D494F3DCBB8, F13369719673DC7E533931EDD07464E03146D9C226E8399A062CF9A70F5942A7 ] hpCMSrv         C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
22:21:46.0364 0x0df8  hpCMSrv - ok
22:21:46.0442 0x0df8  [ 18062DF0DCEB4ED88E03A8B161935722, 17F06672D454418D9C668094822E86D9FE1E84DAF56A449708B6A2AFD27FF4FE ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
22:21:46.0442 0x0df8  HPDrvMntSvc.exe - ok
22:21:46.0520 0x0df8  [ 7B1637E5E0476CE22E8D76AC1203205E, 0F087EADE0F49760450977104397D51567463A07ECE3475536885C673D289B04 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
22:21:46.0536 0x0df8  hpqwmiex - ok
22:21:46.0567 0x0df8  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:21:46.0567 0x0df8  HpSAMD - ok
22:21:46.0676 0x0df8  [ F630DD7564EBB7248A13B1CC774D9EA6, 53BDFDB7177606DCBB5098A417542F181487227FB73C5C93BE1275752D2C002A ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
22:21:46.0676 0x0df8  HPWMISVC - ok
22:21:46.0708 0x0df8  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:21:46.0723 0x0df8  HTTP - ok
22:21:46.0739 0x0df8  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:21:46.0754 0x0df8  hwpolicy - ok
22:21:46.0801 0x0df8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:21:46.0801 0x0df8  i8042prt - ok
22:21:46.0848 0x0df8  [ D469B77687E12FE43E344806740B624D, DFDD486FD040813BF4E5DDB504CF9E0BFBF6D4E540DDDA4829F9B675ACF63E89 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
22:21:46.0848 0x0df8  iaStor - ok
22:21:46.0926 0x0df8  [ 983FC69644DDF0486C8DFEA262948D1A, 329EC95117C31E61F6D22D79CFF339D70A70522710E7DC0CED06EC95E6D4B34F ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
22:21:46.0926 0x0df8  IAStorDataMgrSvc - ok
22:21:46.0988 0x0df8  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:21:46.0988 0x0df8  iaStorV - ok
22:21:47.0129 0x0df8  [ 3A0FF117B4ADC5ABE4D968E26A337158, 95F4EB09158DD9B4927F71F83BE3A10DDD99C131C28D9683A7CCBB8C30769AB8 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
22:21:47.0191 0x0df8  IconMan_R - ok
22:21:47.0254 0x0df8  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:21:47.0269 0x0df8  idsvc - ok
22:21:47.0737 0x0df8  [ 78527E6A4D78B1153925914C55872BEB, 3E8AE58CC3A3D0B74471CBE92C7B36182E3638FCB131FBB1F9B560914E4037A9 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
22:21:48.0158 0x0df8  igfx - ok
22:21:48.0221 0x0df8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:21:48.0221 0x0df8  iirsp - ok
22:21:48.0283 0x0df8  [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT          C:\Windows\System32\ikeext.dll
22:21:48.0299 0x0df8  IKEEXT - ok
22:21:48.0330 0x0df8  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
22:21:48.0330 0x0df8  Impcd - ok
22:21:48.0377 0x0df8  [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
22:21:48.0392 0x0df8  IntcDAud - ok
22:21:48.0392 0x0df8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:21:48.0392 0x0df8  intelide - ok
22:21:48.0439 0x0df8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:21:48.0439 0x0df8  intelppm - ok
22:21:48.0470 0x0df8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:21:48.0470 0x0df8  IPBusEnum - ok
22:21:48.0502 0x0df8  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:21:48.0502 0x0df8  IpFilterDriver - ok
22:21:48.0548 0x0df8  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:21:48.0564 0x0df8  iphlpsvc - ok
22:21:48.0595 0x0df8  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:21:48.0611 0x0df8  IPMIDRV - ok
22:21:48.0626 0x0df8  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:21:48.0626 0x0df8  IPNAT - ok
22:21:48.0704 0x0df8  [ 3C0D4B3E80FC4854CA325DD123CC4DED, 737583FED3AC701D7CF9E3FC8136857B0FEBB5D41C1FBD64749912983F8804FB ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:21:48.0736 0x0df8  iPod Service - ok
22:21:48.0782 0x0df8  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:21:48.0782 0x0df8  IRENUM - ok
22:21:48.0829 0x0df8  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:21:48.0829 0x0df8  isapnp - ok
22:21:48.0860 0x0df8  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:21:48.0876 0x0df8  iScsiPrt - ok
22:21:48.0892 0x0df8  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:21:48.0892 0x0df8  kbdclass - ok
22:21:48.0938 0x0df8  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:21:48.0938 0x0df8  kbdhid - ok
22:21:48.0954 0x0df8  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] KeyIso          C:\Windows\system32\lsass.exe
22:21:48.0954 0x0df8  KeyIso - ok
22:21:48.0985 0x0df8  [ 97A7070AEA4C058B6418519E869A63B4, 15345C2D6CA159BD498002974A0BD21CAB611124D85E3320248B47652AEF23C8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:21:48.0985 0x0df8  KSecDD - ok
22:21:49.0032 0x0df8  [ 26C43A7C2862447EC59DEDA188D1DA07, 5363BF87E650FE2010ACA9417D6920FF4ED752256FF47732882E9B2BA1ED154B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:21:49.0032 0x0df8  KSecPkg - ok
22:21:49.0063 0x0df8  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:21:49.0063 0x0df8  ksthunk - ok
22:21:49.0094 0x0df8  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:21:49.0110 0x0df8  KtmRm - ok
22:21:49.0157 0x0df8  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
22:21:49.0172 0x0df8  LanmanServer - ok
22:21:49.0219 0x0df8  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:21:49.0219 0x0df8  LanmanWorkstation - ok
22:21:49.0266 0x0df8  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:21:49.0266 0x0df8  lltdio - ok
22:21:49.0297 0x0df8  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:21:49.0297 0x0df8  lltdsvc - ok
22:21:49.0328 0x0df8  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:21:49.0328 0x0df8  lmhosts - ok
22:21:49.0406 0x0df8  [ 9D8B95C0EAE145C46BC4A727B23DA395, AC95291AEF6B6CA79BFF4CB48184FF251FF814EDACCE1467F5C860EE2C92D30A ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:21:49.0406 0x0df8  LMS - ok
22:21:49.0469 0x0df8  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:21:49.0469 0x0df8  LSI_FC - ok
22:21:49.0484 0x0df8  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:21:49.0484 0x0df8  LSI_SAS - ok
22:21:49.0516 0x0df8  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
22:21:49.0531 0x0df8  LSI_SAS2 - ok
22:21:49.0531 0x0df8  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:21:49.0547 0x0df8  LSI_SCSI - ok
22:21:49.0578 0x0df8  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
22:21:49.0578 0x0df8  luafv - ok
22:21:49.0625 0x0df8  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:21:49.0640 0x0df8  Mcx2Svc - ok
22:21:49.0656 0x0df8  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
22:21:49.0656 0x0df8  megasas - ok
22:21:49.0687 0x0df8  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
22:21:49.0687 0x0df8  MegaSR - ok
22:21:49.0734 0x0df8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
22:21:49.0734 0x0df8  MMCSS - ok
22:21:49.0750 0x0df8  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
22:21:49.0750 0x0df8  Modem - ok
22:21:49.0765 0x0df8  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:21:49.0765 0x0df8  monitor - ok
22:21:49.0796 0x0df8  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:21:49.0812 0x0df8  mouclass - ok
22:21:49.0890 0x0df8  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:21:49.0906 0x0df8  mouhid - ok
22:21:49.0921 0x0df8  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:21:49.0921 0x0df8  mountmgr - ok
22:21:49.0937 0x0df8  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:21:49.0937 0x0df8  mpio - ok
22:21:49.0952 0x0df8  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:21:49.0968 0x0df8  mpsdrv - ok
22:21:50.0015 0x0df8  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:21:50.0030 0x0df8  MpsSvc - ok
22:21:50.0062 0x0df8  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:21:50.0062 0x0df8  MRxDAV - ok
22:21:50.0093 0x0df8  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:21:50.0093 0x0df8  mrxsmb - ok
22:21:50.0124 0x0df8  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:21:50.0124 0x0df8  mrxsmb10 - ok
22:21:50.0155 0x0df8  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:21:50.0155 0x0df8  mrxsmb20 - ok
22:21:50.0171 0x0df8  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:21:50.0171 0x0df8  msahci - ok
22:21:50.0202 0x0df8  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:21:50.0202 0x0df8  msdsm - ok
22:21:50.0233 0x0df8  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
22:21:50.0233 0x0df8  MSDTC - ok
22:21:50.0296 0x0df8  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:21:50.0296 0x0df8  Msfs - ok
22:21:50.0327 0x0df8  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:21:50.0327 0x0df8  mshidkmdf - ok
22:21:50.0342 0x0df8  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:21:50.0342 0x0df8  msisadrv - ok
22:21:50.0405 0x0df8  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:21:50.0405 0x0df8  MSiSCSI - ok
22:21:50.0405 0x0df8  msiserver - ok
22:21:50.0452 0x0df8  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:21:50.0452 0x0df8  MSKSSRV - ok
22:21:50.0467 0x0df8  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:21:50.0467 0x0df8  MSPCLOCK - ok
22:21:50.0483 0x0df8  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:21:50.0483 0x0df8  MSPQM - ok
22:21:50.0514 0x0df8  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:21:50.0514 0x0df8  MsRPC - ok
22:21:50.0545 0x0df8  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
22:21:50.0545 0x0df8  mssmbios - ok
22:21:50.0576 0x0df8  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:21:50.0576 0x0df8  MSTEE - ok
22:21:50.0608 0x0df8  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
22:21:50.0608 0x0df8  MTConfig - ok
22:21:50.0608 0x0df8  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
22:21:50.0608 0x0df8  Mup - ok
22:21:50.0639 0x0df8  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
22:21:50.0654 0x0df8  napagent - ok
22:21:50.0717 0x0df8  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:21:50.0732 0x0df8  NativeWifiP - ok
22:21:50.0810 0x0df8  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:21:50.0826 0x0df8  NDIS - ok
22:21:50.0888 0x0df8  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:21:50.0888 0x0df8  NdisCap - ok
22:21:50.0920 0x0df8  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:21:50.0920 0x0df8  NdisTapi - ok
22:21:50.0966 0x0df8  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:21:50.0966 0x0df8  Ndisuio - ok
22:21:50.0966 0x0df8  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:21:50.0982 0x0df8  NdisWan - ok
22:21:50.0982 0x0df8  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:21:50.0982 0x0df8  NDProxy - ok
22:21:50.0982 0x0df8  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:21:50.0998 0x0df8  NetBIOS - ok
22:21:51.0013 0x0df8  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:21:51.0013 0x0df8  NetBT - ok
22:21:51.0029 0x0df8  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] Netlogon        C:\Windows\system32\lsass.exe
22:21:51.0029 0x0df8  Netlogon - ok
22:21:51.0091 0x0df8  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
22:21:51.0107 0x0df8  Netman - ok
22:21:51.0122 0x0df8  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
22:21:51.0138 0x0df8  netprofm - ok
22:21:51.0232 0x0df8  [ 24CF1304D899124336F67F88F3C15E21, B48FF3D4793A39BBC570F6E4840FD3CF5341C988DA9256EA292CA1E6B280163E ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
22:21:51.0263 0x0df8  netr28x - ok
22:21:51.0294 0x0df8  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:21:51.0310 0x0df8  NetTcpPortSharing - ok
22:21:51.0356 0x0df8  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:21:51.0356 0x0df8  nfrd960 - ok
22:21:51.0388 0x0df8  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:21:51.0403 0x0df8  NlaSvc - ok
22:21:51.0434 0x0df8  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:21:51.0434 0x0df8  Npfs - ok
22:21:51.0450 0x0df8  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
22:21:51.0450 0x0df8  nsi - ok
22:21:51.0466 0x0df8  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:21:51.0466 0x0df8  nsiproxy - ok
22:21:51.0559 0x0df8  [ E453ACF4E7D44E5530B5D5F2B9CA8563, 85EEBCBB3187A21282619A0264C10E9E52EFE4387F3425D3D279EF460DA3AD06 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:21:51.0590 0x0df8  Ntfs - ok
22:21:51.0622 0x0df8  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
22:21:51.0622 0x0df8  Null - ok
22:21:51.0637 0x0df8  [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
22:21:51.0653 0x0df8  NVENETFD - ok
22:21:51.0684 0x0df8  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:21:51.0700 0x0df8  nvraid - ok
22:21:51.0715 0x0df8  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:21:51.0715 0x0df8  nvstor - ok
22:21:51.0731 0x0df8  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:21:51.0746 0x0df8  nv_agp - ok
22:21:51.0762 0x0df8  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:21:51.0762 0x0df8  ohci1394 - ok
22:21:51.0824 0x0df8  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:21:51.0824 0x0df8  ose - ok
22:21:52.0043 0x0df8  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:21:52.0230 0x0df8  osppsvc - ok
22:21:52.0277 0x0df8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:21:52.0292 0x0df8  p2pimsvc - ok
22:21:52.0308 0x0df8  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
22:21:52.0324 0x0df8  p2psvc - ok
22:21:52.0355 0x0df8  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
22:21:52.0355 0x0df8  Parport - ok
22:21:52.0386 0x0df8  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:21:52.0386 0x0df8  partmgr - ok
22:21:52.0402 0x0df8  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:21:52.0417 0x0df8  PcaSvc - ok
22:21:52.0433 0x0df8  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
22:21:52.0448 0x0df8  pci - ok
22:21:52.0464 0x0df8  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
22:21:52.0464 0x0df8  pciide - ok
22:21:52.0511 0x0df8  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:21:52.0511 0x0df8  pcmcia - ok
22:21:52.0542 0x0df8  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:21:52.0542 0x0df8  pcw - ok
22:21:52.0573 0x0df8  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:21:52.0589 0x0df8  PEAUTH - ok
22:21:52.0651 0x0df8  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:21:52.0651 0x0df8  PerfHost - ok
22:21:52.0729 0x0df8  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
22:21:52.0776 0x0df8  pla - ok
22:21:52.0838 0x0df8  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:21:52.0838 0x0df8  PlugPlay - ok
22:21:52.0854 0x0df8  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:21:52.0854 0x0df8  PNRPAutoReg - ok
22:21:52.0885 0x0df8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:21:52.0885 0x0df8  PNRPsvc - ok
22:21:52.0916 0x0df8  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:21:52.0932 0x0df8  PolicyAgent - ok
22:21:52.0963 0x0df8  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
22:21:52.0979 0x0df8  Power - ok
22:21:53.0026 0x0df8  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:21:53.0026 0x0df8  PptpMiniport - ok
22:21:53.0041 0x0df8  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
22:21:53.0057 0x0df8  Processor - ok
22:21:53.0104 0x0df8  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:21:53.0119 0x0df8  ProfSvc - ok
22:21:53.0119 0x0df8  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] ProtectedStorage C:\Windows\system32\lsass.exe
22:21:53.0119 0x0df8  ProtectedStorage - ok
22:21:53.0150 0x0df8  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:21:53.0166 0x0df8  Psched - ok
22:21:53.0228 0x0df8  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:21:53.0275 0x0df8  ql2300 - ok
22:21:53.0291 0x0df8  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:21:53.0291 0x0df8  ql40xx - ok
22:21:53.0322 0x0df8  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
22:21:53.0338 0x0df8  QWAVE - ok
22:21:53.0353 0x0df8  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:21:53.0353 0x0df8  QWAVEdrv - ok
22:21:53.0369 0x0df8  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:21:53.0369 0x0df8  RasAcd - ok
22:21:53.0416 0x0df8  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:21:53.0416 0x0df8  RasAgileVpn - ok
22:21:53.0431 0x0df8  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
22:21:53.0431 0x0df8  RasAuto - ok
22:21:53.0462 0x0df8  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:21:53.0462 0x0df8  Rasl2tp - ok
22:21:53.0478 0x0df8  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
22:21:53.0494 0x0df8  RasMan - ok
22:21:53.0509 0x0df8  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:21:53.0509 0x0df8  RasPppoe - ok
22:21:53.0525 0x0df8  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:21:53.0525 0x0df8  RasSstp - ok
22:21:53.0556 0x0df8  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:21:53.0572 0x0df8  rdbss - ok
22:21:53.0572 0x0df8  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
22:21:53.0572 0x0df8  rdpbus - ok
22:21:53.0587 0x0df8  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:21:53.0587 0x0df8  RDPCDD - ok
22:21:53.0634 0x0df8  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:21:53.0634 0x0df8  RDPENCDD - ok
22:21:53.0665 0x0df8  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:21:53.0665 0x0df8  RDPREFMP - ok
22:21:53.0696 0x0df8  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:21:53.0696 0x0df8  RDPWD - ok
22:21:53.0728 0x0df8  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:21:53.0743 0x0df8  rdyboost - ok
22:21:53.0774 0x0df8  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:21:53.0774 0x0df8  RemoteAccess - ok
22:21:53.0790 0x0df8  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:21:53.0806 0x0df8  RemoteRegistry - ok
22:21:53.0884 0x0df8  [ 085D18C71AB2611A3D61528132B6501E, 2AD2DD88EBD8C498E3043CDAA37E83C69F7FE2FD6B65524F631527555B80C112 ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
22:21:53.0899 0x0df8  RoxioNow Service - ok
22:21:53.0946 0x0df8  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:21:53.0946 0x0df8  RpcEptMapper - ok
22:21:53.0962 0x0df8  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
22:21:53.0962 0x0df8  RpcLocator - ok
22:21:54.0008 0x0df8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
22:21:54.0008 0x0df8  RpcSs - ok
22:21:54.0071 0x0df8  [ 546D7F426776090B90EF5F195B6AE662, E67598E1CA5F98184DD7380E7AFD65C18C99EDC3326909EBFF2A61F95C3A027D ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
22:21:54.0086 0x0df8  RSPCIESTOR - ok
22:21:54.0149 0x0df8  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:21:54.0149 0x0df8  rspndr - ok
22:21:54.0196 0x0df8  [ 3372196F61AF48503656EF6AA3E92D1B, 47816E28E9DE9F9698A47D7C7782D2F9E62D51A7BC92F91F2B23F818C61F2020 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
22:21:54.0211 0x0df8  RTL8167 - ok
22:21:54.0227 0x0df8  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] SamSs           C:\Windows\system32\lsass.exe
22:21:54.0227 0x0df8  SamSs - ok
22:21:54.0258 0x0df8  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:21:54.0258 0x0df8  sbp2port - ok
22:21:54.0289 0x0df8  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:21:54.0289 0x0df8  SCardSvr - ok
22:21:54.0305 0x0df8  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:21:54.0305 0x0df8  scfilter - ok
22:21:54.0367 0x0df8  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
22:21:54.0398 0x0df8  Schedule - ok
22:21:54.0430 0x0df8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:21:54.0430 0x0df8  SCPolicySvc - ok
22:21:54.0476 0x0df8  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
22:21:54.0492 0x0df8  sdbus - ok
22:21:54.0508 0x0df8  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:21:54.0523 0x0df8  SDRSVC - ok
22:21:54.0570 0x0df8  [ CC781378E7EDA615D2CDCA3B17829FA4, 137BF83A2A3D69335AD031B8D73473526F782CB8917A34B3CD92F923E7660F2A ] SeaPort         C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
22:21:54.0570 0x0df8  SeaPort - ok
22:21:54.0617 0x0df8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:21:54.0617 0x0df8  secdrv - ok
22:21:54.0632 0x0df8  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
22:21:54.0632 0x0df8  seclogon - ok
22:21:54.0648 0x0df8  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
22:21:54.0664 0x0df8  SENS - ok
22:21:54.0710 0x0df8  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:21:54.0710 0x0df8  SensrSvc - ok
22:21:54.0726 0x0df8  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
22:21:54.0726 0x0df8  Serenum - ok
22:21:54.0773 0x0df8  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
22:21:54.0773 0x0df8  Serial - ok
22:21:54.0804 0x0df8  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:21:54.0804 0x0df8  sermouse - ok
22:21:54.0835 0x0df8  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
22:21:54.0835 0x0df8  SessionEnv - ok
22:21:54.0866 0x0df8  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:21:54.0866 0x0df8  sffdisk - ok
22:21:54.0882 0x0df8  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:21:54.0882 0x0df8  sffp_mmc - ok
22:21:54.0898 0x0df8  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:21:54.0913 0x0df8  sffp_sd - ok
22:21:54.0929 0x0df8  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:21:54.0929 0x0df8  sfloppy - ok
22:21:55.0007 0x0df8  [ C6CC9297BD53E5229653303E556AA539, 921E21EDED244FEE15B56564B97C97785F45AB862C1012BFA0B96B121DC90076 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
22:21:55.0022 0x0df8  Sftfs - ok
22:21:55.0100 0x0df8  [ 13693B6354DD6E72DC5131DA7D764B90, 447EFDA7CFB1F62EA316219D996406C8DC374097DB903F362D6E945227D8BB2D ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:21:55.0116 0x0df8  sftlist - ok
22:21:55.0147 0x0df8  [ 390AA7BC52CEE43F6790CDEA1E776703, 0D008289E4B14EF56D5233B7C8C789A36503FBAA8896660776557D6F08808FA7 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:21:55.0147 0x0df8  Sftplay - ok
22:21:55.0163 0x0df8  [ 617E29A0B0A2807466560D4C4E338D3E, 5E95D38DB9A6776EB4A15A952FA7949831D6F660EED8C3E79BD09D102BAC5D67 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:21:55.0163 0x0df8  Sftredir - ok
22:21:55.0178 0x0df8  [ 8F571F016FA1976F445147E9E6C8AE9B, 527AB960F2E08F598D1B953BDA4EA749831DD3C765DA278044B8AB22365F02B5 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
22:21:55.0178 0x0df8  Sftvol - ok
22:21:55.0210 0x0df8  [ C3CDDD18F43D44AB713CF8C4916F7696, 38093295825AFDD08D7E32CC4EF2A6C447F6D6E3C6F7EA5554C25E7C3F16FC92 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:21:55.0210 0x0df8  sftvsa - ok
22:21:55.0241 0x0df8  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:21:55.0256 0x0df8  SharedAccess - ok
22:21:55.0288 0x0df8  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:21:55.0288 0x0df8  ShellHWDetection - ok
22:21:55.0334 0x0df8  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
22:21:55.0334 0x0df8  SiSRaid2 - ok
22:21:55.0350 0x0df8  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:21:55.0350 0x0df8  SiSRaid4 - ok
22:21:55.0397 0x0df8  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:21:55.0397 0x0df8  Smb - ok
22:21:55.0444 0x0df8  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:21:55.0444 0x0df8  SNMPTRAP - ok
22:21:55.0459 0x0df8  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:21:55.0459 0x0df8  spldr - ok
22:21:55.0490 0x0df8  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
22:21:55.0506 0x0df8  Spooler - ok
22:21:55.0662 0x0df8  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
22:21:55.0818 0x0df8  sppsvc - ok
22:21:55.0849 0x0df8  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:21:55.0849 0x0df8  sppuinotify - ok
22:21:55.0896 0x0df8  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:21:55.0912 0x0df8  srv - ok
22:21:55.0958 0x0df8  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:21:55.0958 0x0df8  srv2 - ok
22:21:56.0021 0x0df8  [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
22:21:56.0021 0x0df8  SrvHsfHDA - ok
22:21:56.0083 0x0df8  [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
22:21:56.0130 0x0df8  SrvHsfV92 - ok
22:21:56.0161 0x0df8  [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
22:21:56.0177 0x0df8  SrvHsfWinac - ok
22:21:56.0208 0x0df8  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:21:56.0208 0x0df8  srvnet - ok
22:21:56.0255 0x0df8  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:21:56.0270 0x0df8  SSDPSRV - ok
22:21:56.0286 0x0df8  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:21:56.0286 0x0df8  SstpSvc - ok
22:21:56.0380 0x0df8  [ 54DE4331FBCFABCDFDA5C845F856D848, C355C08ABCDCCF11592AB2D6E5F6DEA528AE3CA50756AD1F45B7A0DD2A5CF051 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
22:21:56.0395 0x0df8  STacSV - ok
22:21:56.0411 0x0df8  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
22:21:56.0411 0x0df8  stexstor - ok
22:21:56.0458 0x0df8  [ 400EBAC444D0622CB0F7FBA23B234B82, CC186C0A142C6BC6079B6F10FB82A6D7E873100A000D46FF0068F9FBEE60220D ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
22:21:56.0473 0x0df8  STHDA - ok
22:21:56.0520 0x0df8  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
22:21:56.0536 0x0df8  stisvc - ok
22:21:56.0567 0x0df8  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
22:21:56.0567 0x0df8  swenum - ok
22:21:56.0598 0x0df8  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
22:21:56.0614 0x0df8  swprv - ok
22:21:56.0707 0x0df8  [ 08425CD92972C6430F350A9697F4A553, F6DAA0EB637232BEA34B73AB1E59F55A6602F209A10529D486B8134AA002762D ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
22:21:56.0738 0x0df8  SynTP - ok
22:21:56.0832 0x0df8  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
22:21:56.0879 0x0df8  SysMain - ok
22:21:56.0910 0x0df8  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:21:56.0910 0x0df8  TabletInputService - ok
22:21:56.0941 0x0df8  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:21:56.0941 0x0df8  TapiSrv - ok
22:21:56.0972 0x0df8  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
22:21:56.0972 0x0df8  TBS - ok
22:21:57.0082 0x0df8  [ 37608401DFDB388CAF66917F6B2D6FB0, 3E8A594CB84D94C4AFEB5B5657D2DEEECBAF64BB6AD16510BCDDFDE07F099056 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:21:57.0128 0x0df8  Tcpip - ok
22:21:57.0206 0x0df8  [ 37608401DFDB388CAF66917F6B2D6FB0, 3E8A594CB84D94C4AFEB5B5657D2DEEECBAF64BB6AD16510BCDDFDE07F099056 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:21:57.0253 0x0df8  TCPIP6 - ok
22:21:57.0284 0x0df8  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:21:57.0284 0x0df8  tcpipreg - ok
22:21:57.0316 0x0df8  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:21:57.0316 0x0df8  TDPIPE - ok
22:21:57.0347 0x0df8  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:21:57.0347 0x0df8  TDTCP - ok
22:21:57.0394 0x0df8  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:21:57.0394 0x0df8  tdx - ok
22:21:57.0425 0x0df8  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
22:21:57.0425 0x0df8  TermDD - ok
22:21:57.0472 0x0df8  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
22:21:57.0487 0x0df8  TermService - ok
22:21:57.0503 0x0df8  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
22:21:57.0503 0x0df8  Themes - ok
22:21:57.0518 0x0df8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
22:21:57.0534 0x0df8  THREADORDER - ok
22:21:57.0550 0x0df8  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
22:21:57.0550 0x0df8  TrkWks - ok
22:21:57.0628 0x0df8  [ 0C997B061E3C66BD9E927C1288EB1CC7, 3807E9A1BC159B9E8FC0C7CAAD10D7213FF8ED8AD1CEA9EA552B093C81BF624B ] TrueSight       C:\Windows\System32\drivers\TrueSight.sys
22:21:57.0628 0x0df8  TrueSight - ok
22:21:57.0690 0x0df8  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:21:57.0706 0x0df8  TrustedInstaller - ok
22:21:57.0721 0x0df8  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:21:57.0721 0x0df8  tssecsrv - ok
22:21:57.0737 0x0df8  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:21:57.0752 0x0df8  TsUsbFlt - ok
22:21:57.0784 0x0df8  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
22:21:57.0784 0x0df8  TsUsbGD - ok
22:21:57.0799 0x0df8  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:21:57.0799 0x0df8  tunnel - ok
22:21:57.0846 0x0df8  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:21:57.0846 0x0df8  uagp35 - ok
22:21:57.0862 0x0df8  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:21:57.0877 0x0df8  udfs - ok
22:21:57.0908 0x0df8  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:21:57.0908 0x0df8  UI0Detect - ok
22:21:57.0924 0x0df8  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:21:57.0924 0x0df8  uliagpkx - ok
22:21:57.0971 0x0df8  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:21:57.0971 0x0df8  umbus - ok
22:21:58.0002 0x0df8  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
22:21:58.0002 0x0df8  UmPass - ok
22:21:58.0158 0x0df8  [ 0B0B9F55B12767A755932C26B5FED715, B9DEA81177410F1829D140EBF77BCD7396BC5B48373E3533798F98B7195A57EC ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
22:21:58.0236 0x0df8  UNS - ok
22:21:58.0267 0x0df8  UpdaterService - ok
22:21:58.0314 0x0df8  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
22:21:58.0330 0x0df8  upnphost - ok
22:21:58.0376 0x0df8  [ AA33FC47ED58C34E6E9261E4F850B7EB, C6388127CAA695434ABFB6C59A53C8544E67E414012DE5F21B36D035BB1BACC8 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
22:21:58.0376 0x0df8  USBAAPL64 - ok
22:21:58.0392 0x0df8  [ 6F1A3157A1C89435352CEB543CDB359C, 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:21:58.0408 0x0df8  usbccgp - ok
22:21:58.0423 0x0df8  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:21:58.0439 0x0df8  usbcir - ok
22:21:58.0470 0x0df8  [ C025055FE7B87701EB042095DF1A2D7B, D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
22:21:58.0470 0x0df8  usbehci - ok
22:21:58.0486 0x0df8  [ 287C6C9410B111B68B52CA298F7B8C24, 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:21:58.0501 0x0df8  usbhub - ok
22:21:58.0517 0x0df8  [ 9840FC418B4CBD632D3D0A667A725C31, 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:21:58.0517 0x0df8  usbohci - ok
22:21:58.0564 0x0df8  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:21:58.0564 0x0df8  usbprint - ok
22:21:58.0595 0x0df8  [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
22:21:58.0595 0x0df8  usbscan - ok
22:21:58.0626 0x0df8  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:21:58.0626 0x0df8  USBSTOR - ok
22:21:58.0642 0x0df8  [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:21:58.0642 0x0df8  usbuhci - ok
22:21:58.0673 0x0df8  [ 454800C2BC7F3927CE030141EE4F4C50, 10901E62DAA70657C499AD590DECCCA6E46FDDF4A193B2F19279E1B8ED7B1E44 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
22:21:58.0688 0x0df8  usbvideo - ok
22:21:58.0704 0x0df8  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
22:21:58.0704 0x0df8  UxSms - ok
22:21:58.0720 0x0df8  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] VaultSvc        C:\Windows\system32\lsass.exe
22:21:58.0720 0x0df8  VaultSvc - ok
22:21:58.0751 0x0df8  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:21:58.0751 0x0df8  vdrvroot - ok
22:21:58.0782 0x0df8  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
22:21:58.0798 0x0df8  vds - ok
22:21:58.0844 0x0df8  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:21:58.0844 0x0df8  vga - ok
22:21:58.0844 0x0df8  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:21:58.0860 0x0df8  VgaSave - ok
22:21:58.0891 0x0df8  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:21:58.0907 0x0df8  vhdmp - ok
22:21:58.0922 0x0df8  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:21:58.0922 0x0df8  viaide - ok
22:21:58.0938 0x0df8  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:21:58.0954 0x0df8  volmgr - ok
22:21:58.0985 0x0df8  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:21:58.0985 0x0df8  volmgrx - ok
22:21:59.0016 0x0df8  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:21:59.0032 0x0df8  volsnap - ok
22:21:59.0078 0x0df8  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:21:59.0078 0x0df8  vsmraid - ok
22:21:59.0141 0x0df8  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
22:21:59.0188 0x0df8  VSS - ok
22:21:59.0219 0x0df8  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:21:59.0219 0x0df8  vwifibus - ok
22:21:59.0234 0x0df8  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:21:59.0234 0x0df8  vwififlt - ok
22:21:59.0281 0x0df8  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
22:21:59.0281 0x0df8  W32Time - ok
22:21:59.0297 0x0df8  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:21:59.0297 0x0df8  WacomPen - ok
22:21:59.0359 0x0df8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:21:59.0359 0x0df8  WANARP - ok
22:21:59.0359 0x0df8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:21:59.0359 0x0df8  Wanarpv6 - ok
22:21:59.0437 0x0df8  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
22:21:59.0468 0x0df8  WatAdminSvc - ok
22:21:59.0546 0x0df8  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
22:21:59.0578 0x0df8  wbengine - ok
22:21:59.0609 0x0df8  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:21:59.0609 0x0df8  WbioSrvc - ok
22:21:59.0640 0x0df8  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:21:59.0640 0x0df8  wcncsvc - ok
22:21:59.0671 0x0df8  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:21:59.0671 0x0df8  WcsPlugInService - ok
22:21:59.0687 0x0df8  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
22:21:59.0687 0x0df8  Wd - ok
22:21:59.0749 0x0df8  [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:21:59.0765 0x0df8  Wdf01000 - ok
22:21:59.0780 0x0df8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:21:59.0780 0x0df8  WdiServiceHost - ok
22:21:59.0796 0x0df8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:21:59.0796 0x0df8  WdiSystemHost - ok
22:21:59.0827 0x0df8  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\Windows\System32\webclnt.dll
22:21:59.0827 0x0df8  WebClient - ok
22:21:59.0858 0x0df8  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:21:59.0858 0x0df8  Wecsvc - ok
22:21:59.0890 0x0df8  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:21:59.0890 0x0df8  wercplsupport - ok
22:21:59.0936 0x0df8  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:21:59.0936 0x0df8  WerSvc - ok
22:21:59.0999 0x0df8  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:21:59.0999 0x0df8  WfpLwf - ok
22:22:00.0014 0x0df8  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:22:00.0014 0x0df8  WIMMount - ok
22:22:00.0046 0x0df8  WinDefend - ok
22:22:00.0046 0x0df8  WinHttpAutoProxySvc - ok
22:22:00.0108 0x0df8  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:22:00.0124 0x0df8  Winmgmt - ok
22:22:00.0217 0x0df8  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
22:22:00.0280 0x0df8  WinRM - ok
22:22:00.0326 0x0df8  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:22:00.0326 0x0df8  WinUsb - ok
22:22:00.0373 0x0df8  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:22:00.0404 0x0df8  Wlansvc - ok
22:22:00.0498 0x0df8  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:22:00.0498 0x0df8  wlcrasvc - ok
22:22:00.0623 0x0df8  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:22:00.0685 0x0df8  wlidsvc - ok
22:22:00.0701 0x0df8  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:22:00.0701 0x0df8  WmiAcpi - ok
22:22:00.0732 0x0df8  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:22:00.0732 0x0df8  wmiApSrv - ok
22:22:00.0763 0x0df8  WMPNetworkSvc - ok
22:22:00.0779 0x0df8  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:22:00.0794 0x0df8  WPCSvc - ok
22:22:00.0810 0x0df8  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:22:00.0826 0x0df8  WPDBusEnum - ok
22:22:00.0841 0x0df8  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:22:00.0841 0x0df8  ws2ifsl - ok
22:22:00.0888 0x0df8  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
22:22:00.0888 0x0df8  wscsvc - ok
22:22:00.0888 0x0df8  WSearch - ok
22:22:00.0997 0x0df8  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:22:01.0075 0x0df8  wuauserv - ok
22:22:01.0106 0x0df8  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:22:01.0106 0x0df8  WudfPf - ok
22:22:01.0153 0x0df8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:22:01.0169 0x0df8  WUDFRd - ok
22:22:01.0184 0x0df8  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:22:01.0184 0x0df8  wudfsvc - ok
22:22:01.0216 0x0df8  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:22:01.0216 0x0df8  WwanSvc - ok
22:22:01.0247 0x0df8  ================ Scan global ===============================
22:22:01.0278 0x0df8  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
22:22:01.0325 0x0df8  [ 9E479C2B605C25DA4971ABA36250FAEF, 1D1D5CE908A6B17CDFA257A46121D7C938B56277B0F5256FBA29DF93352EAA3D ] C:\Windows\system32\winsrv.dll
22:22:01.0340 0x0df8  [ 9E479C2B605C25DA4971ABA36250FAEF, 1D1D5CE908A6B17CDFA257A46121D7C938B56277B0F5256FBA29DF93352EAA3D ] C:\Windows\system32\winsrv.dll
22:22:01.0372 0x0df8  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
22:22:01.0403 0x0df8  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
22:22:01.0418 0x0df8  [ Global ] - ok
22:22:01.0418 0x0df8  ================ Scan MBR ==================================
22:22:01.0434 0x0df8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:22:01.0606 0x0df8  \Device\Harddisk0\DR0 - ok
22:22:01.0621 0x0df8  ================ Scan VBR ==================================
22:22:01.0621 0x0df8  [ 515441019537BCDAEC0A6910ABDAE581 ] \Device\Harddisk0\DR0\Partition1
22:22:01.0621 0x0df8  \Device\Harddisk0\DR0\Partition1 - ok
22:22:01.0621 0x0df8  [ 8A92412319096EFA19C2303AC662498C ] \Device\Harddisk0\DR0\Partition2
22:22:01.0621 0x0df8  \Device\Harddisk0\DR0\Partition2 - ok
22:22:01.0621 0x0df8  [ 0826D5D20C7ECA647E4A1D21236A9FC7 ] \Device\Harddisk0\DR0\Partition3
22:22:01.0621 0x0df8  \Device\Harddisk0\DR0\Partition3 - ok
22:22:01.0621 0x0df8  ================ Scan generic autorun ======================
22:22:01.0652 0x0df8  [ 17EE5358F3494992548ACB1F09070F9F, 4F65D212F3209C25203C056DE38143551FED5C144757C0E36E0FBD594DA83043 ] C:\Windows\system32\igfxtray.exe
22:22:01.0652 0x0df8  IgfxTray - ok
22:22:01.0684 0x0df8  [ 935EC70C6BBBF422AEDA6EDCBF9519F5, 5F03D06E7443EBC85FC18E36A026EA2D916C2CE390502551D11F01090506ED1A ] C:\Windows\system32\hkcmd.exe
22:22:01.0699 0x0df8  HotKeysCmds - ok
22:22:01.0730 0x0df8  [ D7C4C5765DDE141E140C884176D89E73, B5AED1F5A95A6E0C91F05EED0E83C50EB49339BFE54262FF25F2CC56C8AC86F4 ] C:\Windows\system32\igfxpers.exe
22:22:01.0730 0x0df8  Persistence - ok
22:22:01.0746 0x0df8  SynTPEnh - ok
22:22:01.0808 0x0df8  [ 15DE7F748C7F632275603ABC0D5139B6, 90B1F8C40519038A4927858FD0A807C7F9D6D7157FBF16B3786581AD8E7AF1B0 ] C:\Program Files\IDT\WDM\sttray64.exe
22:22:01.0840 0x0df8  SysTrayApp - ok
22:22:01.0886 0x0df8  [ 41D1214B86A06FD29423A797EBDA17E4, ABC79107DDD5890C54B844CD5C69747121083DA69A77C02068D2B9C349FB1614 ] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
22:22:01.0886 0x0df8  IAStorIcon - ok
22:22:01.0964 0x0df8  [ E8A16EF3D77F38CC49A381F4C721716E, CB3DD116433072A19C2E386AD0F553BF4A3516090B0CD44F94135877CCE2387F ] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
22:22:01.0964 0x0df8  HPConnectionManager - ok
22:22:02.0027 0x0df8  [ D59ABED205F424BD4C52419479930BE9, AA8BF8BB2F6FAB97C51D116DE84A93A029C35745594E7CEC40911C21D8A308D2 ] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
22:22:02.0042 0x0df8  HP Quick Launch - ok
22:22:02.0105 0x0df8  [ E97140424C378ACBD47DF493A6AB7235, 00F26F670AD6B03C465C4FC834DC993B551B8A8E73B603FE7B9CFFA893094A3D ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
22:22:02.0105 0x0df8  Adobe Reader Speed Launcher - ok
22:22:02.0183 0x0df8  [ BAD6BEA0DE1F69C82BDB74378CE0C20A, ADA84B75173E9D03C180B527E31475ACA16CB19532C3EDA11357BD37049927E3 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
22:22:02.0198 0x0df8  Adobe ARM - ok
22:22:02.0261 0x0df8  [ 30D7BB258A97BDA7C7E2EC63C23554AA, 83DFD5B0D0A2A53052F3E20809813B4D07185B12A734B5B5CD267CF04479EC36 ] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
22:22:02.0261 0x0df8  Easybits Recovery - ok
22:22:02.0292 0x0df8  [ 7DA09CA48751B9E0B67C90C337D4B387, 204A46BCCBB6FEC0F57328CDB35C1E0234C9F981D41ABBBFC3AFE55D3C429011 ] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
22:22:02.0308 0x0df8  HPOSD - ok
22:22:02.0354 0x0df8  [ 2E5212A0BFB98FE0167C92C76C87AFE3, 8C8ACD175A626453878154AF48760D99979C6D2836BC4816575B347C668D4F9E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
22:22:02.0354 0x0df8  SunJavaUpdateSched - ok
22:22:02.0401 0x0df8  [ F7DD2D785280DB73DC9060F80361BEFB, 7AF1114FFA46290DC77CC5D562034287A0E617BD4747F58E65CDF70244C402CB ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
22:22:02.0401 0x0df8  APSDaemon - ok
22:22:02.0479 0x0df8  [ D743372A621ED03A274539A88EEB3450, 77DA06B83CD4F732888DBE2EB13C347CB0F82C822027D104F8D7D429676757C8 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
22:22:02.0479 0x0df8  iTunesHelper - ok
22:22:02.0542 0x0df8  [ D658AB1B55127D18DCFBCAC8CAAEA522, 9FB818F3899542CB7F1B979644423A66842D98D1762B1C38AE04AEE23320DA8E ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
22:22:02.0542 0x0df8  HP Software Update - ok
22:22:02.0698 0x0df8  [ 1F628583C0F01E214AE45C8791B55010, 9544F1241F802D5F75D19D07886E8A93E6280F6E87415E6E0A0C1F420A433763 ] C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
22:22:02.0729 0x0df8  Magic Desktop for HP notification - ok
22:22:02.0978 0x0df8  [ C8A299BB91912D446F19EA4BD4D135C7, 9F056A426034AF0FCC9F5CE64E920F4A871EC2C9894FA959556D4D0B69479885 ] C:\Users\Tosha\AppData\Local\Google\Chrome\Application\chrome.exe
22:22:02.0994 0x0df8  GoogleChromeAutoLaunch_43D5A6939F03DD04BB4E947A2213D7A7 - ok
22:22:03.0010 0x0df8  Waiting for KSN requests completion. In queue: 46
22:22:04.0024 0x0df8  Waiting for KSN requests completion. In queue: 46
22:22:05.0038 0x0df8  Waiting for KSN requests completion. In queue: 46
22:22:06.0098 0x0df8  Win FW state via NFP2: enabled ( trusted )
22:22:08.0766 0x0df8  ============================================================
22:22:08.0766 0x0df8  Scan finished
22:22:08.0766 0x0df8  ============================================================
22:22:08.0766 0x03f8  Detected object count: 0
22:22:08.0766 0x03f8  Actual detected object count: 0
22:28:38.0354 0x0774  Deinitialize success

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users