Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mobic worm and Gen-risk ware trojan


  • Please log in to reply
11 replies to this topic

#1 Ravenlaughing

Ravenlaughing

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico
  • Local time:06:22 PM

Posted 23 May 2017 - 09:38 PM

Hello,
I'm working on my mom's computer running Windows 7 Professional. She had an issue with all of her.exe files were opening as windows media files. Talked to MS support and he was going to remotely access the computer but we couldn't make it happen. He suggested I was dealing with malware.

While searching for the problem online, I found this forum. Read on some other sites as well and formulated a plan.

I tried opening rkill in safe mode from a disk. Opened as windows media player. Tried opening with Internet Explorer. Has to "save as" and rename as a .COM file.

I ran rkill. Then ran SuperAntiSpyware. Found Mobic wrom and Gen-riskware trojan. I also found some mind spark and other toolbar crapware.

Next I ran Malware Bytes. Found only minor junk. I did have to rename both SAS and MBAM as .COM files to get them to operate. I scanned her external hard drive with another machine. Found some adware/toolbar junk in old backup files.

I made several attempts at doing a system restore with recent restore point points, but kept getting a general unspecified error message. It said anti virus programs could be the cause. Disabled them and uninstalled SAS and MBAM. Still no luck. I turned the machine of for a couple of days and now getting back to it. Apparently her computer hasn't been backed up in awhile. Most recent backup available is from May 2016. I really don't want to go back that far. I did move all files (docs,music,pic,etc) from the c drive to her external hard drive

Today I booted in safe mode with networking. Ran Fixexe, ran rkill, reinstalled SAS and MBAM. Updated and ran both. SAS found Web Steroids adware and removed. MBAM found nothing.

This one is above my head. Any help will be greatly appreciated. Can it possibly be fixed without a whole new windows install?

Sorry for any typos as I'm writing this on my tablet and my fat fingers don't always work well.

Thanks.

BC AdBot (Login to Remove)

 


#2 Ravenlaughing

Ravenlaughing
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico
  • Local time:06:22 PM

Posted 23 May 2017 - 09:41 PM

I should mention that .exe files are all opening with Internet explorer.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:22 PM

Posted 09 June 2017 - 10:36 AM

Hi, Do these also.

]MiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP conf[iguration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
SXvL3ZF.pngTDSSKiller
  • Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
And finally I'd like us to scan your machine with ESET OnlineScan:
  • It is recommended to turn off your antivirus program. Click on the E5rfZI9.png button to see which antivirus is currently enabled:
c4VVzVO.png
  • Turn off your antivirus program. See here how to do this.
  • Check the option beside: Enable detection of potentially unwanted applications.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Scan archives
Enable Anti-Stealth Technology
  • Click on the Change button and select only Operating memory, Autostart locations and drive C:\ to be scanned.
yKulboi.jpg
  • Push the dtoGjAL.png button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
8L8IBHJ.png
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
imxEgHt.png
  • Push thecRhRYZ8.png button and save the file to your desktop using a unique name, such as ESETScan.txt. Include the contents of this report in your next reply.
  • Push the 9IjfdXq.png button.
  • Check the box beside RHzfZB1.png to uninstall the application when closed.
  • Push Vc3btaC.png and the close the application clicking the X in upper right corner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Ravenlaughing

Ravenlaughing
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico
  • Local time:06:22 PM

Posted 23 June 2017 - 08:36 PM

Thanks for your reply. I have finally found some time to work on this. Here are the logs you have requested.
 
Mini Tool Box:
 
MiniToolBox by Farbar  Version: 17-06-2016
Ran by Suzanne (administrator) on 23-06-2017 at 16:55:42
Running from "C:\Users\Suzanne\Documents"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Model: To Be Filled By O.E.M. Manufacturer: To Be Filled By O.E.M.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Suzanne-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Home
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
   Physical Address. . . . . . . . . : D0-27-88-01-38-33
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::447c:4b4d:7dd5:457d%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.106(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, June 23, 2017 4:20:38 PM
   Lease Expires . . . . . . . . . . : Saturday, June 24, 2017 4:20:38 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 248522632
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-7B-B3-27-D0-27-88-01-38-33
   DNS Servers . . . . . . . . . . . : 192.168.0.1
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.Home:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 11:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:2416:3d49:bbbd:abfa(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::2416:3d49:bbbd:abfa%12(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  Comtrend.Home
Address:  192.168.0.1
 
DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Addresses:  74.125.21.101
 74.125.21.139
 74.125.21.113
 74.125.21.138
 74.125.21.100
 74.125.21.102
 
 
Pinging google.com [74.125.21.100] with 32 bytes of data:
Reply from 74.125.21.100: bytes=32 time=116ms TTL=43
Reply from 74.125.21.100: bytes=32 time=115ms TTL=43
 
Ping statistics for 74.125.21.100:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 115ms, Maximum = 116ms, Average = 115ms
Server:  Comtrend.Home
Address:  192.168.0.1
 
DNS request timed out.
    timeout was 2 seconds.
Name:    yahoo.com
Addresses:  206.190.36.45
 98.138.253.109
 98.139.180.149
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=100ms TTL=51
Reply from 206.190.36.45: bytes=32 time=91ms TTL=51
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 91ms, Maximum = 100ms, Average = 95ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...d0 27 88 01 38 33 ......Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.106     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.106    276
    192.168.1.106  255.255.255.255         On-link     192.168.1.106    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.106    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.106    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.106    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:9d38:953c:2416:3d49:bbbd:abfa/128
                                    On-link
 11    276 fe80::/64                On-link
 12    306 fe80::/64                On-link
 12    306 fe80::2416:3d49:bbbd:abfa/128
                                    On-link
 11    276 fe80::447c:4b4d:7dd5:457d/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/23/2017 04:32:24 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.
 
Error: (06/23/2017 04:32:24 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.
 
Error: (06/23/2017 04:16:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/02/2017 12:14:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/23/2017 07:24:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/23/2017 07:03:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/20/2017 07:45:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/20/2017 07:31:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18666, time stamp: 0x58f30f27
Faulting module name: IEFRAME.dll, version: 11.0.9600.18666, time stamp: 0x58f314b8
Exception code: 0xc0000005
Fault offset: 0x0014377c
Faulting process id: 0xddc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (05/20/2017 07:29:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/20/2017 07:21:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: WDSmartWare.com, version: 1.6.0.16, time stamp: 0x4f96d55e
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23796, time stamp: 0x59029714
Exception code: 0xe0434352
Fault offset: 0x000000000001a06d
Faulting process id: 0x498
Faulting application start time: 0xWDSmartWare.com0
Faulting application path: WDSmartWare.com1
Faulting module path: WDSmartWare.com2
Report Id: WDSmartWare.com3
 
 
System errors:
=============
Error: (06/23/2017 04:15:25 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.243.990.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.10.209.00
 
Source Path: 4.10.209.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (06/23/2017 04:15:25 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.243.990.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.10.209.00
 
Source Path: 4.10.209.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (06/23/2017 04:15:25 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.243.990.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.10.209.00
 
Source Path: 4.10.209.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (06/23/2017 04:14:59 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AFS
SASDIFSV
SASKUTIL
 
Error: (06/02/2017 12:57:27 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.243.990.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.10.209.00
 
Source Path: 4.10.209.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (06/02/2017 12:57:27 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.243.990.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.10.209.00
 
Source Path: 4.10.209.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (06/02/2017 12:57:27 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.243.990.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.10.209.00
 
Source Path: 4.10.209.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (06/02/2017 12:43:14 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.243.990.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.10.209.00
 
Source Path: 4.10.209.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (06/02/2017 12:43:14 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.243.990.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.10.209.00
 
Source Path: 4.10.209.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (06/02/2017 12:43:14 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.243.990.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.10.209.00
 
Source Path: 4.10.209.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
 
Microsoft Office Sessions:
=========================
Error: (06/23/2017 04:32:24 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (06/23/2017 04:32:24 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (06/23/2017 04:16:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/02/2017 12:14:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/23/2017 07:24:37 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/23/2017 07:03:45 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/20/2017 07:45:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/20/2017 07:31:37 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1866658f30f27IEFRAME.dll11.0.9600.1866658f314b8c00000050014377cddc01d2d1d1fb1e3f9fC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\IEFRAME.dll3ae722dd-3dc5-11e7-b800-d02788013833
 
Error: (05/20/2017 07:29:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/20/2017 07:21:57 PM) (Source: Application Error)(User: )
Description: WDSmartWare.com1.6.0.164f96d55eKERNELBASE.dll6.1.7601.2379659029714e0434352000000000001a06d49801d2d1d09a8d52f4C:\Users\Suzanne\Documents\WDSmartWare.comC:\Windows\system32\KERNELBASE.dlle1354f1b-3dc3-11e7-9ed9-c63067af5ee5
 
 
=========================== Installed Programs ============================
 
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.01.513.58212 - ABBYY) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 5.4.0.1779 - Amazon Services LLC)
APC PowerChute Personal Edition (HKLM-x32\...\{5A0C892E-FD1C-4203-941E-0956AED20A6A}) (Version: 1.5 - American Power Conversion Corporation)
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon PowerShot A4000 IS and A3400 IS and A2400 IS and A2300 and A1300 and A810 Camera User Guide (HKLM-x32\...\CameraUserGuide-PSA4000ISandA3400ISandA2400ISandA2300andA1300andA810) (Version: 1.0.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.7.0.11 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.0.6 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11222.0 - Cisco Consumer Products LLC)
Create and Print Greeting Cards 1.0 (HKLM-x32\...\{84B1561B-4DE3-4FA8-8A08-805E553171EC}) (Version: 1.0.12 - AmericanGreetings.com)
DailyWellnessGuide Internet Explorer Toolbar (HKLM-x32\...\DailyWellnessGuide_80bar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network)
Dropbox (HKLM-x32\...\Dropbox) (Version: 26.4.24 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 845 Series Printer Uninstall (HKLM\...\EPSON WorkForce 845 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP Photo and Imaging 1.2 - Photosmart Cameras (HKLM-x32\...\{40E2B324-F584-439E-9CBF-63A59F6303AF}) (Version: 2.0.0000 - {&Tahoma8}Hewlett-Packard)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
LTCM Client (HKLM-x32\...\LTCM Client) (Version:  - Leader Technologies Inc.)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 97, Professional Edition (HKLM-x32\...\Office8.0) (Version:  - )
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
My Scrap Nook Toolbar (HKLM-x32\...\MyScrapNook_12bar Uninstall) (Version:  - Mindspark Interactive Network)
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
WD SmartWare (HKLM\...\{49B1B217-27B1-42D8-A0A5-7ED0CD0D9508}) (Version: 1.6.0.25 - Western Digital)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
Works Suite OS Pack (HKLM-x32\...\{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}) (Version: 1.0.0.0000 - Microsoft Corporation) Hidden
Works Synchronization (HKLM-x32\...\{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}) (Version: 1.0.0.0000 - Your Company Name) Hidden
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 63%
Total physical RAM: 3839.18 MB
Available physical RAM: 1420.43 MB
Total Virtual: 7676.54 MB
Available Virtual: 5511.32 MB
 
========================= Partitions: =====================================
 
2 Drive c: () (Fixed) (Total:465.66 GB) (Free:398.19 GB) NTFS
3 Drive d: (May 19 2017) (CDROM) (Total:0.69 GB) (Free:0.56 GB) UDF
 
========================= Users: ========================================
 
User accounts for \\SUZANNE-PC
 
Administrator            Guest                    Suzanne                  
 
 
**** End of log ****
------------------------------------------------------------------------------------------------------------------
 
TDSS Killer:
 
17:00:27.0479 0x0fbc  TDSS rootkit removing tool 3.1.0.15 Apr 18 2017 11:34:02
17:00:35.0219 0x0fbc  ============================================================
17:00:35.0219 0x0fbc  Current date / time: 2017/06/23 17:00:35.0219
17:00:35.0219 0x0fbc  SystemInfo:
17:00:35.0219 0x0fbc  
17:00:35.0219 0x0fbc  OS Version: 6.1.7601 ServicePack: 1.0
17:00:35.0219 0x0fbc  Product type: Workstation
17:00:35.0219 0x0fbc  ComputerName: SUZANNE-PC
17:00:35.0219 0x0fbc  UserName: Suzanne
17:00:35.0219 0x0fbc  Windows directory: C:\Windows
17:00:35.0219 0x0fbc  System windows directory: C:\Windows
17:00:35.0219 0x0fbc  Running under WOW64
17:00:35.0219 0x0fbc  Processor architecture: Intel x64
17:00:35.0219 0x0fbc  Number of processors: 2
17:00:35.0219 0x0fbc  Page size: 0x1000
17:00:35.0219 0x0fbc  Boot type: Normal boot
17:00:35.0219 0x0fbc  CodeIntegrityOptions = 0x00000001
17:00:35.0219 0x0fbc  ============================================================
17:00:38.0619 0x0fbc  KLMD registered as C:\Windows\system32\drivers\72926239.sys
17:00:38.0619 0x0fbc  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.23796, osProperties = 0x1
17:00:38.0822 0x0fbc  System UUID: {0176509D-BDC2-3C75-3AE6-2DE9C2D82983}
17:00:39.0290 0x0fbc  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
17:00:39.0306 0x0fbc  ============================================================
17:00:39.0306 0x0fbc  \Device\Harddisk0\DR0:
17:00:39.0306 0x0fbc  MBR partitions:
17:00:39.0306 0x0fbc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:00:39.0306 0x0fbc  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353030
17:00:39.0306 0x0fbc  ============================================================
17:00:39.0337 0x0fbc  C: <-> \Device\Harddisk0\DR0\Partition2
17:00:39.0353 0x0fbc  ============================================================
17:00:39.0353 0x0fbc  Initialize success
17:00:39.0353 0x0fbc  ============================================================
17:01:00.0375 0x1a7c  ============================================================
17:01:00.0375 0x1a7c  Scan started
17:01:00.0375 0x1a7c  Mode: Manual; 
17:01:00.0375 0x1a7c  ============================================================
17:01:00.0375 0x1a7c  KSN ping started
17:01:01.0092 0x1a7c  KSN ping finished: true
17:01:07.0972 0x1a7c  ================ Scan system memory ========================
17:01:07.0972 0x1a7c  System memory - ok
17:01:07.0972 0x1a7c  ================ Scan services =============================
17:01:11.0732 0x1a7c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:01:11.0747 0x1a7c  1394ohci - ok
17:01:12.0168 0x1a7c  [ B33CF4DE909A5B30F526D82053A63C8E, ABF5BB962C038E545C18B96E686E072D780C907096C7BB341297AF31D3703ABD ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
17:01:12.0200 0x1a7c  ABBYY.Licensing.FineReader.Sprint.9.0 - ok
17:01:12.0324 0x1a7c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:01:12.0356 0x1a7c  ACPI - ok
17:01:12.0356 0x1a7c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:01:12.0371 0x1a7c  AcpiPmi - ok
17:01:12.0480 0x1a7c  [ 671133C0AC2D8B40B7574F69059653E9, A36CC49A0C829A5C4D6CF273791071213F5FFB57DC7022D523CFB731374FF63C ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:01:12.0496 0x1a7c  AdobeARMservice - ok
17:01:14.0930 0x1a7c  [ 7EB7A3B01751889C6459C51A74CC87FA, 088EF5CA10D439905822A3DFFEFD2D3416198F10EAAF8C235771CDB3DF86E82C ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:01:14.0945 0x1a7c  AdobeFlashPlayerUpdateSvc - ok
17:01:15.0117 0x1a7c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:01:15.0148 0x1a7c  adp94xx - ok
17:01:15.0242 0x1a7c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:01:15.0257 0x1a7c  adpahci - ok
17:01:15.0304 0x1a7c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:01:15.0320 0x1a7c  adpu320 - ok
17:01:15.0429 0x1a7c  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:01:15.0460 0x1a7c  AeLookupSvc - ok
17:01:15.0834 0x1a7c  [ 0DC2A9882540DEA4A55B08785E09D8FC, 69B15724B0034F9915AACE109A6C596D6AF2DA350FC18C9A0CD98C81CB7EDEE3 ] AFD             C:\Windows\system32\drivers\afd.sys
17:01:15.0866 0x1a7c  AFD - ok
17:01:15.0866 0x1a7c  AFS - ok
17:01:15.0928 0x1a7c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
17:01:15.0959 0x1a7c  agp440 - ok
17:01:16.0037 0x1a7c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
17:01:16.0053 0x1a7c  ALG - ok
17:01:16.0115 0x1a7c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:01:16.0146 0x1a7c  aliide - ok
17:01:16.0193 0x1a7c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
17:01:16.0209 0x1a7c  amdide - ok
17:01:16.0240 0x1a7c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:01:16.0271 0x1a7c  AmdK8 - ok
17:01:16.0412 0x1a7c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:01:16.0412 0x1a7c  AmdPPM - ok
17:01:16.0443 0x1a7c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:01:16.0458 0x1a7c  amdsata - ok
17:01:16.0474 0x1a7c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
17:01:16.0474 0x1a7c  amdsbs - ok
17:01:16.0490 0x1a7c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:01:16.0521 0x1a7c  amdxata - ok
17:01:16.0692 0x1a7c  [ 29DEB59DE57EA97553B1566F04B39D11, E1A27C875770C75AE764379743A6D776A379EFE1A753848A48E87E891EF56483 ] APC UPS Service C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
17:01:16.0708 0x1a7c  APC UPS Service - ok
17:01:16.0786 0x1a7c  [ 00D77B30CA9CB1D7793AC952549331A0, 73EF665E1C70B8E66C879203291B28736C928AC5621C8FF79F5CA21DD2E9E159 ] AppID           C:\Windows\system32\drivers\appid.sys
17:01:16.0786 0x1a7c  AppID - ok
17:01:16.0848 0x1a7c  [ 3756F12C129CE5292D633FCD1F7D467E, 0889514E2D6EEC929434BF570BD9B4C26D5715F65A762F1B9F5A2DFFA305018B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:01:16.0848 0x1a7c  AppIDSvc - ok
17:01:16.0926 0x1a7c  [ DE23E052E557580674785CDF45B613F3, A955ADC6CC7D816BA7CE1065F911E7A3295A1908C22BE0A3C506C38CFEE8DE0D ] Appinfo         C:\Windows\System32\appinfo.dll
17:01:16.0942 0x1a7c  Appinfo - ok
17:01:17.0348 0x1a7c  [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:01:17.0363 0x1a7c  Apple Mobile Device Service - ok
17:01:17.0457 0x1a7c  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
17:01:17.0488 0x1a7c  AppMgmt - ok
17:01:17.0535 0x1a7c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
17:01:17.0566 0x1a7c  arc - ok
17:01:17.0582 0x1a7c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:01:17.0597 0x1a7c  arcsas - ok
17:01:18.0237 0x1a7c  [ 92C120176C43C62AFE107B5D945CE6EC, E3BA1200BD04167589D7AF29F6550F3242DB321DDCD6890D645A2053CC78C7E6 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:01:18.0237 0x1a7c  aspnet_state - ok
17:01:18.0362 0x1a7c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:01:18.0377 0x1a7c  AsyncMac - ok
17:01:18.0424 0x1a7c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
17:01:18.0424 0x1a7c  atapi - ok
17:01:19.0376 0x1a7c  [ 3EFD964D52221360AF0673CD61C2F4F5, 76D636CAF2E4FEDAAC6B0D958865A901340CF836EE4FCE59F1D5291E3BEC9F1E ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
17:01:19.0563 0x1a7c  atikmdag - ok
17:01:19.0703 0x1a7c  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:01:19.0734 0x1a7c  AudioEndpointBuilder - ok
17:01:19.0766 0x1a7c  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:01:19.0766 0x1a7c  AudioSrv - ok
17:01:19.0797 0x1a7c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:01:19.0797 0x1a7c  AxInstSV - ok
17:01:19.0937 0x1a7c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
17:01:19.0953 0x1a7c  b06bdrv - ok
17:01:20.0015 0x1a7c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:01:20.0031 0x1a7c  b57nd60a - ok
17:01:20.0109 0x1a7c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:01:20.0124 0x1a7c  BDESVC - ok
17:01:20.0249 0x1a7c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:01:20.0249 0x1a7c  Beep - ok
17:01:20.0296 0x1a7c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
17:01:20.0312 0x1a7c  BFE - ok
17:01:20.0390 0x1a7c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
17:01:20.0421 0x1a7c  BITS - ok
17:01:20.0530 0x1a7c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:01:20.0546 0x1a7c  blbdrive - ok
17:01:20.0733 0x1a7c  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:01:20.0748 0x1a7c  Bonjour Service - ok
17:01:20.0873 0x1a7c  [ ABA3984C822E4D3F889699912D85D6C5, 2251FA135CC290DA13DAE4743F393C7CC9E6A737C054707CB8D72C369D1FFACB ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:01:20.0873 0x1a7c  bowser - ok
17:01:20.0951 0x1a7c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
17:01:20.0967 0x1a7c  BrFiltLo - ok
17:01:21.0014 0x1a7c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
17:01:21.0045 0x1a7c  BrFiltUp - ok
17:01:21.0123 0x1a7c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
17:01:21.0138 0x1a7c  Browser - ok
17:01:21.0201 0x1a7c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:01:21.0216 0x1a7c  Brserid - ok
17:01:21.0248 0x1a7c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:01:21.0263 0x1a7c  BrSerWdm - ok
17:01:21.0279 0x1a7c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:01:21.0310 0x1a7c  BrUsbMdm - ok
17:01:21.0326 0x1a7c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:01:21.0357 0x1a7c  BrUsbSer - ok
17:01:21.0388 0x1a7c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:01:21.0404 0x1a7c  BTHMODEM - ok
17:01:21.0450 0x1a7c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
17:01:21.0482 0x1a7c  bthserv - ok
17:01:21.0622 0x1a7c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:01:21.0638 0x1a7c  cdfs - ok
17:01:21.0653 0x1a7c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:01:21.0684 0x1a7c  cdrom - ok
17:01:21.0747 0x1a7c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
17:01:21.0762 0x1a7c  CertPropSvc - ok
17:01:21.0778 0x1a7c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
17:01:21.0809 0x1a7c  circlass - ok
17:01:21.0981 0x1a7c  [ 3D67C27DD17B254D7915FA16A5AE3573, 5B3A6C6A7F940C06362775DAF13CEADA37C7AA84A509458A57C23B4369970A90 ] CLFS            C:\Windows\system32\CLFS.sys
17:01:21.0997 0x1a7c  CLFS - ok
17:01:22.0121 0x1a7c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:01:22.0137 0x1a7c  clr_optimization_v2.0.50727_32 - ok
17:01:22.0543 0x1a7c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:01:22.0543 0x1a7c  clr_optimization_v2.0.50727_64 - ok
17:01:22.0964 0x1a7c  [ 1A3D6CABDC37B34D85059185272DBB2F, C7FAB62EC4D9947ADAD0E065D4CDAF8D6EA2AF9FD0C3A1F1A676276825808FD8 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:01:22.0979 0x1a7c  clr_optimization_v4.0.30319_32 - ok
17:01:23.0011 0x1a7c  [ 59B44C95D56A9BB269B1D4A3F25468C2, 462799657FA493866A14F0D36D5D92C95E8886E6AC5F199D069E6938425A9218 ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:01:23.0011 0x1a7c  clr_optimization_v4.0.30319_64 - ok
17:01:23.0026 0x1a7c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
17:01:23.0026 0x1a7c  CmBatt - ok
17:01:23.0042 0x1a7c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:01:23.0042 0x1a7c  cmdide - ok
17:01:23.0213 0x1a7c  [ A98CED39AD91B445E2E442A9BD67E8B4, B4189DEEF1C0EE22AE983119047B1A40FFDD8F3E163DFFABD7C2706231B0B1B0 ] CNG             C:\Windows\system32\Drivers\cng.sys
17:01:23.0229 0x1a7c  CNG - ok
17:01:23.0260 0x1a7c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:01:23.0260 0x1a7c  Compbatt - ok
17:01:23.0291 0x1a7c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
17:01:23.0291 0x1a7c  CompositeBus - ok
17:01:23.0291 0x1a7c  COMSysApp - ok
17:01:23.0323 0x1a7c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:01:23.0323 0x1a7c  crcdisk - ok
17:01:23.0385 0x1a7c  [ 48FEDBE324F1EA9417BA1D62AE863011, 2C3D84F0842237A3BF2838DDB4126807977EB36588FA669B1E6671077584EF18 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:01:23.0401 0x1a7c  CryptSvc - ok
17:01:23.0635 0x1a7c  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
17:01:23.0650 0x1a7c  CSC - ok
17:01:23.0744 0x1a7c  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
17:01:23.0775 0x1a7c  CscService - ok
17:01:23.0993 0x1a7c  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdate        C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
17:01:23.0993 0x1a7c  dbupdate - ok
17:01:24.0009 0x1a7c  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdatem       C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
17:01:24.0009 0x1a7c  dbupdatem - ok
17:01:24.0040 0x1a7c  dbx - ok
17:01:24.0087 0x1a7c  [ B359E82E64CDA4FD0429A18C196623F0, 037C28DB8BBAC5FB455F007B692B9619B124BF07BC77326370FEFC39413BAAB1 ] DbxSvc          C:\Windows\system32\DbxSvc.exe
17:01:24.0087 0x1a7c  DbxSvc - ok
17:01:24.0134 0x1a7c  [ 5E9F8D029D9B03110D835CBFC058068B, 038FDF99C643C8102026BA26A75899A56E91AD0C239DF71AA5443FD35C718C78 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:01:24.0149 0x1a7c  DcomLaunch - ok
17:01:24.0181 0x1a7c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
17:01:24.0196 0x1a7c  defragsvc - ok
17:01:24.0337 0x1a7c  [ 9B38580063D281A99E68EF5813022A5F, D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DA ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:01:24.0352 0x1a7c  DfsC - ok
17:01:24.0399 0x1a7c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:01:24.0415 0x1a7c  Dhcp - ok
17:01:24.0789 0x1a7c  [ EE9954237F15BE4DD9304D12E4D305ED, F295C9BAF20F0E669B673AFCC16B4969EE31B6A3808980DAB93D9B0F167DA3C0 ] DiagTrack       C:\Windows\system32\diagtrack.dll
17:01:24.0836 0x1a7c  DiagTrack - ok
17:01:24.0945 0x1a7c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
17:01:24.0961 0x1a7c  discache - ok
17:01:24.0992 0x1a7c  [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk            C:\Windows\system32\drivers\disk.sys
17:01:24.0992 0x1a7c  Disk - ok
17:01:25.0023 0x1a7c  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
17:01:25.0023 0x1a7c  dmvsc - ok
17:01:25.0085 0x1a7c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:01:25.0101 0x1a7c  Dnscache - ok
17:01:25.0179 0x1a7c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:01:25.0195 0x1a7c  dot3svc - ok
17:01:25.0226 0x1a7c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
17:01:25.0226 0x1a7c  DPS - ok
17:01:25.0241 0x1a7c  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:01:25.0241 0x1a7c  drmkaud - ok
17:01:25.0304 0x1a7c  [ 30545EF2A1E3EF79450AED5DF80F5884, A7109F481680237481E28C17088D7608EB39C49513BD0AF3F1E9E63E17F250C1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:01:25.0335 0x1a7c  DXGKrnl - ok
17:01:25.0382 0x1a7c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
17:01:25.0382 0x1a7c  EapHost - ok
17:01:25.0507 0x1a7c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
17:01:25.0631 0x1a7c  ebdrv - ok
17:01:25.0678 0x1a7c  [ 7404CDF0B904C6B8AA36C1D167D9F286, 3194BF2EC8078E1EE5FAC0F1C35463629DB106B84D309052F47D0DD39595287E ] EFS             C:\Windows\System32\lsass.exe
17:01:25.0678 0x1a7c  EFS - ok
17:01:25.0881 0x1a7c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:01:25.0897 0x1a7c  ehRecvr - ok
17:01:25.0928 0x1a7c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
17:01:25.0928 0x1a7c  ehSched - ok
17:01:25.0975 0x1a7c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:01:25.0990 0x1a7c  elxstor - ok
17:01:26.0068 0x1a7c  [ AAE4EE282D5E46CF38C5DA85E0666916, 712F647C5989F7185D33B5975751836B18BDEAE4B0FB7B2750284B5B7CEDF69E ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
17:01:26.0115 0x1a7c  EpsonCustomerParticipation - ok
17:01:26.0146 0x1a7c  [ DFEB7EE15BA8BA03E722C375F7E6A379, 6B73561E91D699576FD28AE36FB194443E3807C3696B435224B9D60808803344 ] EPSON_PM_RPCV4_05 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
17:01:26.0146 0x1a7c  EPSON_PM_RPCV4_05 - ok
17:01:26.0162 0x1a7c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:01:26.0162 0x1a7c  ErrDev - ok
17:01:26.0287 0x1a7c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
17:01:26.0302 0x1a7c  EventSystem - ok
17:01:26.0333 0x1a7c  [ 7E45F8B117419ABA3BB26579F6E70324, 03FE86519860153E1BE571F10ACC9BA58FFB5A661C5C3EBDF3B77973BCD96C84 ] exfat           C:\Windows\system32\drivers\exfat.sys
17:01:26.0349 0x1a7c  exfat - ok
17:01:26.0380 0x1a7c  [ 6EDFA237D25433C03F42FBFDB16BDD24, A30F89A40F7AFC475D3C2D3591FB9AFC06AE3FEBC915FDCB24ED77946FBA4E2C ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:01:26.0380 0x1a7c  fastfat - ok
17:01:26.0458 0x1a7c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
17:01:26.0474 0x1a7c  Fax - ok
17:01:26.0505 0x1a7c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:01:26.0505 0x1a7c  fdc - ok
17:01:26.0521 0x1a7c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
17:01:26.0521 0x1a7c  fdPHost - ok
17:01:26.0536 0x1a7c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:01:26.0536 0x1a7c  FDResPub - ok
17:01:26.0552 0x1a7c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:01:26.0552 0x1a7c  FileInfo - ok
17:01:26.0567 0x1a7c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:01:26.0567 0x1a7c  Filetrace - ok
17:01:26.0614 0x1a7c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:01:26.0614 0x1a7c  flpydisk - ok
17:01:26.0630 0x1a7c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:01:26.0645 0x1a7c  FltMgr - ok
17:01:26.0723 0x1a7c  [ CF0108CBA6D1860563BA20E3D74C6646, 737B5E89A858D7E3AEC8BF660AA4FCC56501A69468EA143531286016AF7C0B33 ] FontCache       C:\Windows\system32\FntCache.dll
17:01:26.0739 0x1a7c  FontCache - ok
17:01:26.0817 0x1a7c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:01:26.0817 0x1a7c  FontCache3.0.0.0 - ok
17:01:26.0879 0x1a7c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:01:26.0895 0x1a7c  FsDepends - ok
17:01:26.0926 0x1a7c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:01:26.0926 0x1a7c  Fs_Rec - ok
17:01:26.0973 0x1a7c  [ F16370F37CCA72ED2C21C230333C2C11, F8CA56AE1FA3A45EBEBA2536063B9141803DE3E61EE4D9999DCC941A6B3B7869 ] FTDIBUS         C:\Windows\system32\drivers\ftdibus.sys
17:01:26.0989 0x1a7c  FTDIBUS - ok
17:01:27.0020 0x1a7c  [ 787BBE2466C36B2E36B4A41BB788E2A2, A8B2480CBD350B7B89C0801C1F8C6B1504F964CE0B627B76885A682164060DA3 ] FTSER2K         C:\Windows\system32\drivers\ftser2k.sys
17:01:27.0020 0x1a7c  FTSER2K - ok
17:01:27.0067 0x1a7c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:01:27.0082 0x1a7c  fvevol - ok
17:01:27.0113 0x1a7c  FXDrv32 - ok
17:01:27.0145 0x1a7c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:01:27.0145 0x1a7c  gagp30kx - ok
17:01:27.0176 0x1a7c  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:01:27.0191 0x1a7c  GEARAspiWDM - ok
17:01:27.0269 0x1a7c  [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc           C:\Windows\System32\gpsvc.dll
17:01:27.0285 0x1a7c  gpsvc - ok
17:01:27.0363 0x1a7c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:01:27.0363 0x1a7c  gupdate - ok
17:01:27.0379 0x1a7c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:01:27.0379 0x1a7c  gupdatem - ok
17:01:27.0410 0x1a7c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:01:27.0441 0x1a7c  hcw85cir - ok
17:01:27.0472 0x1a7c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:01:27.0488 0x1a7c  HdAudAddService - ok
17:01:27.0519 0x1a7c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:01:27.0535 0x1a7c  HDAudBus - ok
17:01:27.0566 0x1a7c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:01:27.0566 0x1a7c  HidBatt - ok
17:01:27.0581 0x1a7c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:01:27.0581 0x1a7c  HidBth - ok
17:01:27.0628 0x1a7c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
17:01:27.0628 0x1a7c  HidIr - ok
17:01:27.0659 0x1a7c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
17:01:27.0659 0x1a7c  hidserv - ok
17:01:27.0691 0x1a7c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:01:27.0691 0x1a7c  HidUsb - ok
17:01:27.0737 0x1a7c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:01:27.0925 0x1a7c  hkmsvc - ok
17:01:28.0034 0x1a7c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:01:28.0034 0x1a7c  HomeGroupListener - ok
17:01:28.0221 0x1a7c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:01:28.0268 0x1a7c  HomeGroupProvider - ok
17:01:28.0346 0x1a7c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:01:28.0377 0x1a7c  HpSAMD - ok
17:01:28.0517 0x1a7c  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:01:28.0564 0x1a7c  HTTP - ok
17:01:28.0595 0x1a7c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:01:28.0595 0x1a7c  hwpolicy - ok
17:01:28.0611 0x1a7c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:01:28.0611 0x1a7c  i8042prt - ok
17:01:28.0658 0x1a7c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:01:28.0673 0x1a7c  iaStorV - ok
17:01:28.0798 0x1a7c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:01:28.0829 0x1a7c  idsvc - ok
17:01:28.0829 0x1a7c  IEEtwCollectorService - ok
17:01:28.0892 0x1a7c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:01:28.0907 0x1a7c  iirsp - ok
17:01:29.0063 0x1a7c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
17:01:29.0095 0x1a7c  IKEEXT - ok
17:01:29.0126 0x1a7c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:01:29.0126 0x1a7c  intelide - ok
17:01:29.0141 0x1a7c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
17:01:29.0141 0x1a7c  intelppm - ok
17:01:29.0173 0x1a7c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:01:29.0173 0x1a7c  IPBusEnum - ok
17:01:29.0219 0x1a7c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:01:29.0219 0x1a7c  IpFilterDriver - ok
17:01:29.0297 0x1a7c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:01:29.0313 0x1a7c  iphlpsvc - ok
17:01:29.0360 0x1a7c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:01:29.0360 0x1a7c  IPMIDRV - ok
17:01:29.0407 0x1a7c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:01:29.0422 0x1a7c  IPNAT - ok
17:01:29.0563 0x1a7c  [ 87F8EDF63C97BF0BF21359A3D8ABF0C7, BAAAE1DE50EBD1BCE46F33C5F3A7F3C39F61AB21416D78DAA7F8A19F38F67269 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:01:29.0594 0x1a7c  iPod Service - ok
17:01:29.0609 0x1a7c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:01:29.0625 0x1a7c  IRENUM - ok
17:01:29.0656 0x1a7c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:01:29.0672 0x1a7c  isapnp - ok
17:01:29.0719 0x1a7c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:01:29.0734 0x1a7c  iScsiPrt - ok
17:01:29.0734 0x1a7c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:01:29.0750 0x1a7c  kbdclass - ok
17:01:29.0781 0x1a7c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:01:29.0781 0x1a7c  kbdhid - ok
17:01:29.0812 0x1a7c  [ 7404CDF0B904C6B8AA36C1D167D9F286, 3194BF2EC8078E1EE5FAC0F1C35463629DB106B84D309052F47D0DD39595287E ] KeyIso          C:\Windows\system32\lsass.exe
17:01:29.0812 0x1a7c  KeyIso - ok
17:01:29.0859 0x1a7c  [ 15682ED7B70B186C9C2BE6CA423D8E74, 02C6D35271D01925A2D9069589D75F7341988B8AFC1AC0A43401A5C63A959E37 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:01:29.0859 0x1a7c  KSecDD - ok
17:01:29.0890 0x1a7c  [ 945F4DA63A76EB2725C070BF3A86B5A5, EB778A52FCD2FCF98CFC0E7363F25B4CCE778C79E7308DF47C3D1AC92A791ED0 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:01:29.0890 0x1a7c  KSecPkg - ok
17:01:29.0937 0x1a7c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:01:29.0937 0x1a7c  ksthunk - ok
17:01:30.0015 0x1a7c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:01:30.0031 0x1a7c  KtmRm - ok
17:01:30.0062 0x1a7c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:01:30.0077 0x1a7c  LanmanServer - ok
17:01:30.0109 0x1a7c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:01:30.0124 0x1a7c  LanmanWorkstation - ok
17:01:30.0155 0x1a7c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:01:30.0155 0x1a7c  lltdio - ok
17:01:30.0187 0x1a7c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:01:30.0202 0x1a7c  lltdsvc - ok
17:01:30.0233 0x1a7c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:01:30.0249 0x1a7c  lmhosts - ok
17:01:30.0265 0x1a7c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:01:30.0280 0x1a7c  LSI_FC - ok
17:01:30.0311 0x1a7c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:01:30.0327 0x1a7c  LSI_SAS - ok
17:01:30.0358 0x1a7c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
17:01:30.0374 0x1a7c  LSI_SAS2 - ok
17:01:30.0389 0x1a7c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:01:30.0405 0x1a7c  LSI_SCSI - ok
17:01:30.0467 0x1a7c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
17:01:30.0483 0x1a7c  luafv - ok
17:01:30.0561 0x1a7c  [ B2085E335F2B57077B0CBADB6F1245CD, 69C81753B2ABAE8C89CEDADFCB73FB332E5FCD555576959AD412BF036EC9E343 ] lvpopf64        C:\Windows\system32\DRIVERS\lvpopf64.sys
17:01:30.0561 0x1a7c  lvpopf64 - ok
17:01:30.0592 0x1a7c  LVPr2M64 - ok
17:01:30.0655 0x1a7c  [ 986C1CB787A007BAA5F74E7D316D7246, 8846D5FF09A669816F57C98507FBCBE60F770B22BC784269765E46B36EE38D9D ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
17:01:30.0670 0x1a7c  LVRS64 - ok
17:01:31.0013 0x1a7c  [ 5747BC465ABEA2858C5D037252AED84E, 1D62E05ED1D3265FEFDD02C8653B2901B05994091F1D417632E2FBF053C5D451 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
17:01:31.0201 0x1a7c  LVUVC64 - ok
17:01:31.0247 0x1a7c  [ 4EA73F071D96F376DB3AB9EF81273B28, 683C362F9B7A0BEC7BA4C1231405FB312EAA9A21260976C084ABA8CA035E6136 ] MBAMChameleon   C:\Windows\system32\drivers\MBAMChameleon.sys
17:01:31.0263 0x1a7c  MBAMChameleon - ok
17:01:31.0747 0x1a7c  [ D76E56108E6482905D3FAEA0649919E4, E10285889570A01E544B027F4A17BA7242E5E3EF93D20A19B05091DB237C6DD1 ] MBAMService     C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
17:01:31.0887 0x1a7c  MBAMService - ok
17:01:31.0965 0x1a7c  [ 913F4230E29E312D1B4B02E2BAC67C87, 5C772DA7F2454CAFEA981E18ABCE717FE0D065EE996FB758817F3EF775B0AC14 ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
17:01:31.0965 0x1a7c  MBAMSwissArmy - ok
17:01:32.0012 0x1a7c  [ D2E49FBBFCDB16584C6E457B2888E453, 84FF4329EE7D2BD5187FB2F44E10D94F02CD99D58EFCD1C9BA14596DE001B29F ] MBAMWebProtection C:\Windows\system32\drivers\mwac.sys
17:01:32.0027 0x1a7c  MBAMWebProtection - ok
17:01:32.0059 0x1a7c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:01:32.0059 0x1a7c  Mcx2Svc - ok
17:01:32.0090 0x1a7c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
17:01:32.0090 0x1a7c  megasas - ok
17:01:32.0105 0x1a7c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
17:01:32.0121 0x1a7c  MegaSR - ok
17:01:32.0168 0x1a7c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
17:01:32.0183 0x1a7c  MMCSS - ok
17:01:32.0199 0x1a7c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
17:01:32.0215 0x1a7c  Modem - ok
17:01:32.0246 0x1a7c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:01:32.0246 0x1a7c  monitor - ok
17:01:32.0277 0x1a7c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:01:32.0277 0x1a7c  mouclass - ok
17:01:32.0293 0x1a7c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:01:32.0293 0x1a7c  mouhid - ok
17:01:32.0339 0x1a7c  [ 8ADB5445B29941CB41AF2846FD5C93C7, 689582430FE29EC0845B1DB841D3CC49D5D09DE264586E3999EEFE616986D12B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:01:32.0339 0x1a7c  mountmgr - ok
17:01:32.0386 0x1a7c  [ 3665AB2F67F4024F5F3F80335ED5322A, BE3DC246F176E00D7611A7E16FBC22615199F49EBCB4C90B0C107294E592BF8D ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
17:01:32.0402 0x1a7c  MpFilter - ok
17:01:32.0449 0x1a7c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:01:32.0449 0x1a7c  mpio - ok
17:01:32.0480 0x1a7c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:01:32.0495 0x1a7c  mpsdrv - ok
17:01:32.0527 0x1a7c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:01:32.0558 0x1a7c  MpsSvc - ok
17:01:32.0620 0x1a7c  [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:01:32.0620 0x1a7c  MRxDAV - ok
17:01:32.0651 0x1a7c  [ 054F780A442DB96F9FE10501B35E75CA, 72DF4BCEB6E14745CBEBF29B1F2882EC05C2952CED233E038105721494C984A4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:01:32.0667 0x1a7c  mrxsmb - ok
17:01:32.0698 0x1a7c  [ A1EAC982807B3179DD92235B6B709C0A, 8AD2652391B40D94E0FC4C9132630A7122679EF05B67328E4467043A45CD2737 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:01:32.0714 0x1a7c  mrxsmb10 - ok
17:01:32.0745 0x1a7c  [ E6B504F163094F2DB84F7D34A893FA00, 389413D7A4188DE226FD5ED996355C93BC90B7F460E31F5991B8714CE701CCC8 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:01:32.0745 0x1a7c  mrxsmb20 - ok
17:01:32.0776 0x1a7c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:01:32.0776 0x1a7c  msahci - ok
17:01:32.0807 0x1a7c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:01:32.0807 0x1a7c  msdsm - ok
17:01:32.0839 0x1a7c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
17:01:32.0839 0x1a7c  MSDTC - ok
17:01:32.0870 0x1a7c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:01:32.0870 0x1a7c  Msfs - ok
17:01:32.0885 0x1a7c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:01:32.0885 0x1a7c  mshidkmdf - ok
17:01:32.0917 0x1a7c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:01:32.0917 0x1a7c  msisadrv - ok
17:01:32.0948 0x1a7c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:01:32.0995 0x1a7c  MSiSCSI - ok
17:01:33.0026 0x1a7c  msiserver - ok
17:01:33.0041 0x1a7c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:01:33.0073 0x1a7c  MSKSSRV - ok
17:01:33.0229 0x1a7c  [ 5ADED2C1239D7BD798E2C4EF9EAA1FA3, 6A462DAC110015F3E59610202714120C557674019A0196680B72031C50D7C474 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:01:33.0229 0x1a7c  MsMpSvc - ok
17:01:33.0244 0x1a7c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:01:33.0244 0x1a7c  MSPCLOCK - ok
17:01:33.0244 0x1a7c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:01:33.0260 0x1a7c  MSPQM - ok
17:01:33.0275 0x1a7c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:01:33.0291 0x1a7c  MsRPC - ok
17:01:33.0369 0x1a7c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:01:33.0369 0x1a7c  mssmbios - ok
17:01:33.0385 0x1a7c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:01:33.0385 0x1a7c  MSTEE - ok
17:01:33.0400 0x1a7c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
17:01:33.0400 0x1a7c  MTConfig - ok
17:01:33.0416 0x1a7c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
17:01:33.0416 0x1a7c  Mup - ok
17:01:33.0447 0x1a7c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
17:01:33.0463 0x1a7c  napagent - ok
17:01:33.0494 0x1a7c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:01:33.0494 0x1a7c  NativeWifiP - ok
17:01:33.0665 0x1a7c  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:01:33.0681 0x1a7c  NDIS - ok
17:01:33.0712 0x1a7c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:01:33.0712 0x1a7c  NdisCap - ok
17:01:33.0728 0x1a7c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:01:33.0743 0x1a7c  NdisTapi - ok
17:01:33.0759 0x1a7c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:01:33.0759 0x1a7c  Ndisuio - ok
17:01:33.0775 0x1a7c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:01:33.0775 0x1a7c  NdisWan - ok
17:01:33.0806 0x1a7c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:01:33.0806 0x1a7c  NDProxy - ok
17:01:33.0821 0x1a7c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:01:33.0821 0x1a7c  NetBIOS - ok
17:01:33.0868 0x1a7c  [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:01:33.0884 0x1a7c  NetBT - ok
17:01:33.0884 0x1a7c  [ 7404CDF0B904C6B8AA36C1D167D9F286, 3194BF2EC8078E1EE5FAC0F1C35463629DB106B84D309052F47D0DD39595287E ] Netlogon        C:\Windows\system32\lsass.exe
17:01:33.0884 0x1a7c  Netlogon - ok
17:01:33.0962 0x1a7c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
17:01:33.0977 0x1a7c  Netman - ok
17:01:34.0009 0x1a7c  [ 0A84CDBA132359052C017888C2DFC8E6, C1B0524171E8E2BF2209747D4129018A38F8AC7737670B362CE9F691D57E8C07 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:01:34.0009 0x1a7c  NetMsmqActivator - ok
17:01:34.0024 0x1a7c  [ 0A84CDBA132359052C017888C2DFC8E6, C1B0524171E8E2BF2209747D4129018A38F8AC7737670B362CE9F691D57E8C07 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:01:34.0024 0x1a7c  NetPipeActivator - ok
17:01:34.0071 0x1a7c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
17:01:34.0102 0x1a7c  netprofm - ok
17:01:34.0102 0x1a7c  [ 0A84CDBA132359052C017888C2DFC8E6, C1B0524171E8E2BF2209747D4129018A38F8AC7737670B362CE9F691D57E8C07 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:01:34.0102 0x1a7c  NetTcpActivator - ok
17:01:34.0118 0x1a7c  [ 0A84CDBA132359052C017888C2DFC8E6, C1B0524171E8E2BF2209747D4129018A38F8AC7737670B362CE9F691D57E8C07 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:01:34.0118 0x1a7c  NetTcpPortSharing - ok
17:01:34.0165 0x1a7c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:01:34.0165 0x1a7c  nfrd960 - ok
17:01:34.0211 0x1a7c  [ CE5F6E635FE4506AE6F2D6EB87425128, 3DB5ECF7CD2F2C3C010AA40CE57F1B3856E284BBA359FBC41A1B340E3180FD5F ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:01:34.0211 0x1a7c  NisDrv - ok
17:01:34.0258 0x1a7c  [ D630B510E1E3FF6BA12B705F47F115D9, 05D76065D5D9A82E53EA18CD2D0184338681A7BBD3CD5D6C44D1FA5CB1C63640 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
17:01:34.0274 0x1a7c  NisSrv - ok
17:01:34.0289 0x1a7c  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:01:34.0305 0x1a7c  NlaSvc - ok
17:01:34.0336 0x1a7c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:01:34.0336 0x1a7c  Npfs - ok
17:01:34.0352 0x1a7c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
17:01:34.0352 0x1a7c  nsi - ok
17:01:34.0383 0x1a7c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:01:34.0383 0x1a7c  nsiproxy - ok
17:01:34.0477 0x1a7c  [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:01:34.0570 0x1a7c  Ntfs - ok
17:01:34.0601 0x1a7c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
17:01:34.0617 0x1a7c  Null - ok
17:01:34.0633 0x1a7c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:01:34.0633 0x1a7c  nvraid - ok
17:01:34.0664 0x1a7c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:01:34.0664 0x1a7c  nvstor - ok
17:01:34.0679 0x1a7c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:01:34.0679 0x1a7c  nv_agp - ok
17:01:34.0695 0x1a7c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:01:34.0711 0x1a7c  ohci1394 - ok
17:01:34.0726 0x1a7c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:01:34.0742 0x1a7c  p2pimsvc - ok
17:01:34.0789 0x1a7c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
17:01:34.0804 0x1a7c  p2psvc - ok
17:01:34.0820 0x1a7c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:01:34.0835 0x1a7c  Parport - ok
17:01:34.0867 0x1a7c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:01:34.0882 0x1a7c  partmgr - ok
17:01:34.0913 0x1a7c  [ 3CD83692C43D87088E85E3C916146FFB, 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCF ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:01:34.0929 0x1a7c  PcaSvc - ok
17:01:34.0960 0x1a7c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
17:01:34.0960 0x1a7c  pci - ok
17:01:34.0976 0x1a7c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
17:01:34.0991 0x1a7c  pciide - ok
17:01:35.0007 0x1a7c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:01:35.0007 0x1a7c  pcmcia - ok
17:01:35.0023 0x1a7c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:01:35.0023 0x1a7c  pcw - ok
17:01:35.0054 0x1a7c  [ EA4D67448BE493D543F1730D6CD04694, 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CA ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:01:35.0069 0x1a7c  PEAUTH - ok
17:01:35.0147 0x1a7c  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
17:01:35.0210 0x1a7c  PeerDistSvc - ok
17:01:35.0319 0x1a7c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:01:35.0319 0x1a7c  PerfHost - ok
17:01:35.0428 0x1a7c  [ BC5F8C5C7ACCD0B884FCB8B67616F537, 5C99E9D7E7095CED52B1F5F4A569E54F124602C573DD2B25731E0D57FDA22A27 ] pla             C:\Windows\system32\pla.dll
17:01:35.0491 0x1a7c  pla - ok
17:01:35.0553 0x1a7c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:01:35.0584 0x1a7c  PlugPlay - ok
17:01:35.0615 0x1a7c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:01:35.0615 0x1a7c  PNRPAutoReg - ok
17:01:35.0647 0x1a7c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:01:35.0647 0x1a7c  PNRPsvc - ok
17:01:35.0693 0x1a7c  [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:01:35.0725 0x1a7c  PolicyAgent - ok
17:01:35.0771 0x1a7c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
17:01:35.0787 0x1a7c  Power - ok
17:01:35.0803 0x1a7c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:01:35.0803 0x1a7c  PptpMiniport - ok
17:01:35.0834 0x1a7c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
17:01:35.0834 0x1a7c  Processor - ok
17:01:35.0881 0x1a7c  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:01:35.0881 0x1a7c  ProfSvc - ok
17:01:35.0896 0x1a7c  [ 7404CDF0B904C6B8AA36C1D167D9F286, 3194BF2EC8078E1EE5FAC0F1C35463629DB106B84D309052F47D0DD39595287E ] ProtectedStorage C:\Windows\system32\lsass.exe
17:01:35.0896 0x1a7c  ProtectedStorage - ok
17:01:35.0912 0x1a7c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:01:35.0927 0x1a7c  Psched - ok
17:01:35.0974 0x1a7c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:01:36.0083 0x1a7c  ql2300 - ok
17:01:36.0115 0x1a7c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:01:36.0130 0x1a7c  ql40xx - ok
17:01:36.0161 0x1a7c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
17:01:36.0177 0x1a7c  QWAVE - ok
17:01:36.0193 0x1a7c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:01:36.0193 0x1a7c  QWAVEdrv - ok
17:01:36.0208 0x1a7c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:01:36.0208 0x1a7c  RasAcd - ok
17:01:36.0239 0x1a7c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:01:36.0239 0x1a7c  RasAgileVpn - ok
17:01:36.0239 0x1a7c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
17:01:36.0255 0x1a7c  RasAuto - ok
17:01:36.0286 0x1a7c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:01:36.0286 0x1a7c  Rasl2tp - ok
17:01:36.0302 0x1a7c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
17:01:36.0317 0x1a7c  RasMan - ok
17:01:36.0380 0x1a7c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:01:36.0395 0x1a7c  RasPppoe - ok
17:01:36.0411 0x1a7c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:01:36.0411 0x1a7c  RasSstp - ok
17:01:36.0442 0x1a7c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:01:36.0442 0x1a7c  rdbss - ok
17:01:36.0458 0x1a7c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:01:36.0458 0x1a7c  rdpbus - ok
17:01:36.0473 0x1a7c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:01:36.0473 0x1a7c  RDPCDD - ok
17:01:36.0505 0x1a7c  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
17:01:36.0520 0x1a7c  RDPDR - ok
17:01:36.0536 0x1a7c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:01:36.0536 0x1a7c  RDPENCDD - ok
17:01:36.0551 0x1a7c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:01:36.0551 0x1a7c  RDPREFMP - ok
17:01:36.0583 0x1a7c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:01:36.0583 0x1a7c  RDPWD - ok
17:01:36.0614 0x1a7c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:01:36.0614 0x1a7c  rdyboost - ok
17:01:36.0645 0x1a7c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:01:36.0661 0x1a7c  RemoteAccess - ok
17:01:36.0676 0x1a7c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:01:36.0692 0x1a7c  RemoteRegistry - ok
17:01:36.0707 0x1a7c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:01:36.0707 0x1a7c  RpcEptMapper - ok
17:01:36.0739 0x1a7c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
17:01:36.0739 0x1a7c  RpcLocator - ok
17:01:36.0785 0x1a7c  [ 5E9F8D029D9B03110D835CBFC058068B, 038FDF99C643C8102026BA26A75899A56E91AD0C239DF71AA5443FD35C718C78 ] RpcSs           C:\Windows\system32\rpcss.dll
17:01:36.0801 0x1a7c  RpcSs - ok
17:01:36.0832 0x1a7c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:01:36.0832 0x1a7c  rspndr - ok
17:01:36.0863 0x1a7c  [ ABCB5A38A0D85BDF69B7877E1AD1EED5, 44DF1A92E8FA53677A04C46088B0AD49F1F6A090820BE550A514C4FBFD91444D ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
17:01:36.0863 0x1a7c  RTL8167 - ok
17:01:36.0895 0x1a7c  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
17:01:36.0895 0x1a7c  s3cap - ok
17:01:36.0910 0x1a7c  [ 7404CDF0B904C6B8AA36C1D167D9F286, 3194BF2EC8078E1EE5FAC0F1C35463629DB106B84D309052F47D0DD39595287E ] SamSs           C:\Windows\system32\lsass.exe
17:01:36.0910 0x1a7c  SamSs - ok
17:01:36.0957 0x1a7c  SASDIFSV - ok
17:01:36.0973 0x1a7c  SASKUTIL - ok
17:01:37.0004 0x1a7c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:01:37.0004 0x1a7c  sbp2port - ok
17:01:37.0035 0x1a7c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:01:37.0051 0x1a7c  SCardSvr - ok
17:01:37.0066 0x1a7c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:01:37.0066 0x1a7c  scfilter - ok
17:01:37.0129 0x1a7c  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
17:01:37.0144 0x1a7c  Schedule - ok
17:01:37.0191 0x1a7c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:01:37.0191 0x1a7c  SCPolicySvc - ok
17:01:37.0207 0x1a7c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:01:37.0207 0x1a7c  SDRSVC - ok
17:01:37.0238 0x1a7c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:01:37.0238 0x1a7c  secdrv - ok
17:01:37.0269 0x1a7c  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
17:01:37.0269 0x1a7c  seclogon - ok
17:01:37.0285 0x1a7c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
17:01:37.0285 0x1a7c  SENS - ok
17:01:37.0300 0x1a7c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:01:37.0300 0x1a7c  SensrSvc - ok
17:01:37.0316 0x1a7c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:01:37.0316 0x1a7c  Serenum - ok
17:01:37.0331 0x1a7c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:01:37.0347 0x1a7c  Serial - ok
17:01:37.0363 0x1a7c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:01:37.0363 0x1a7c  sermouse - ok
17:01:37.0394 0x1a7c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
17:01:37.0394 0x1a7c  SessionEnv - ok
17:01:37.0409 0x1a7c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:01:37.0409 0x1a7c  sffdisk - ok
17:01:37.0425 0x1a7c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:01:37.0425 0x1a7c  sffp_mmc - ok
17:01:37.0441 0x1a7c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:01:37.0441 0x1a7c  sffp_sd - ok
17:01:37.0456 0x1a7c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:01:37.0456 0x1a7c  sfloppy - ok
17:01:37.0503 0x1a7c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:01:37.0519 0x1a7c  SharedAccess - ok
17:01:37.0597 0x1a7c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:01:37.0612 0x1a7c  ShellHWDetection - ok
17:01:37.0675 0x1a7c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
17:01:37.0690 0x1a7c  SiSRaid2 - ok
17:01:37.0721 0x1a7c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:01:37.0721 0x1a7c  SiSRaid4 - ok
17:01:37.0737 0x1a7c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:01:37.0737 0x1a7c  Smb - ok
17:01:37.0799 0x1a7c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:01:37.0815 0x1a7c  SNMPTRAP - ok
17:01:37.0846 0x1a7c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:01:37.0846 0x1a7c  spldr - ok
17:01:37.0877 0x1a7c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
17:01:37.0893 0x1a7c  Spooler - ok
17:01:38.0158 0x1a7c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
17:01:38.0330 0x1a7c  sppsvc - ok
17:01:38.0361 0x1a7c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:01:38.0361 0x1a7c  sppuinotify - ok
17:01:38.0470 0x1a7c  [ 546C81F238F084A393EC54114741A0A8, AA223A2A8E8503CBDB0CE6A70620B372E0591070F9FF7D8532A93B54EF7B7E51 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:01:38.0486 0x1a7c  srv - ok
17:01:38.0533 0x1a7c  [ 431D2B06E8F93EAEC53E8FA37FCFF2F1, 4CB94D250E9D2646FCE7284D4D3CED1BB02E4D79AD33A414D16EF794195868CA ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:01:38.0564 0x1a7c  srv2 - ok
17:01:38.0642 0x1a7c  [ 42EDAB3E3E8E25C7093674936C2DB4BD, B2D5E006B748F24F0FF2CEFFC3D056F3D50E8A818BDFF4231C87C022A25F44ED ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:01:38.0657 0x1a7c  srvnet - ok
17:01:38.0720 0x1a7c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:01:38.0735 0x1a7c  SSDPSRV - ok
17:01:38.0767 0x1a7c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:01:38.0782 0x1a7c  SstpSvc - ok
17:01:38.0813 0x1a7c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
17:01:38.0829 0x1a7c  stexstor - ok
17:01:38.0860 0x1a7c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
17:01:38.0891 0x1a7c  stisvc - ok
17:01:38.0938 0x1a7c  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
17:01:38.0954 0x1a7c  storflt - ok
17:01:38.0985 0x1a7c  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
17:01:38.0985 0x1a7c  StorSvc - ok
17:01:39.0001 0x1a7c  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
17:01:39.0016 0x1a7c  storvsc - ok
17:01:39.0032 0x1a7c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:01:39.0032 0x1a7c  swenum - ok
17:01:39.0063 0x1a7c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
17:01:39.0079 0x1a7c  swprv - ok
17:01:39.0157 0x1a7c  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
17:01:39.0219 0x1a7c  SysMain - ok
17:01:39.0235 0x1a7c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:01:39.0250 0x1a7c  TabletInputService - ok
17:01:39.0281 0x1a7c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:01:39.0297 0x1a7c  TapiSrv - ok
17:01:39.0437 0x1a7c  [ 351A21ED3971ADD558956FF3EB0F6FED, 44C3A5452F120E9D29FB9840E811CF0C1D7D8F675ED1B2E501C746A4CC0BF8A7 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:01:39.0531 0x1a7c  Tcpip - ok
17:01:39.0656 0x1a7c  [ 351A21ED3971ADD558956FF3EB0F6FED, 44C3A5452F120E9D29FB9840E811CF0C1D7D8F675ED1B2E501C746A4CC0BF8A7 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:01:39.0687 0x1a7c  TCPIP6 - ok
17:01:39.0781 0x1a7c  [ 7FE5586314EE7D6AA8483264A089E5AF, 4E3EA68713A45C22F1B9A1AA125E15D06D0C5E637B815537431ADFB6D7563879 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:01:39.0796 0x1a7c  tcpipreg - ok
17:01:39.0827 0x1a7c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:01:39.0843 0x1a7c  TDPIPE - ok
17:01:39.0859 0x1a7c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:01:39.0859 0x1a7c  TDTCP - ok
17:01:39.0905 0x1a7c  [ EC75A942C32F7F405659D86156DCE4C5, 01EA22B0F8ADD1674E3DE785F5ABC3C0F0DAE42E69CD9EEADDDCDDD4C652CBFD ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:01:39.0921 0x1a7c  tdx - ok
17:01:39.0952 0x1a7c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:01:39.0968 0x1a7c  TermDD - ok
17:01:40.0015 0x1a7c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
17:01:40.0030 0x1a7c  TermService - ok
17:01:40.0077 0x1a7c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
17:01:40.0093 0x1a7c  Themes - ok
17:01:40.0108 0x1a7c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
17:01:40.0108 0x1a7c  THREADORDER - ok
17:01:40.0139 0x1a7c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
17:01:40.0139 0x1a7c  TrkWks - ok
17:01:40.0249 0x1a7c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:01:40.0280 0x1a7c  TrustedInstaller - ok
17:01:40.0311 0x1a7c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:01:40.0311 0x1a7c  tssecsrv - ok
17:01:40.0358 0x1a7c  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:01:40.0358 0x1a7c  TsUsbFlt - ok
17:01:40.0389 0x1a7c  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
17:01:40.0389 0x1a7c  TsUsbGD - ok
17:01:40.0405 0x1a7c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:01:40.0420 0x1a7c  tunnel - ok
17:01:40.0436 0x1a7c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:01:40.0436 0x1a7c  uagp35 - ok
17:01:40.0451 0x1a7c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:01:40.0483 0x1a7c  udfs - ok
17:01:40.0514 0x1a7c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:01:40.0514 0x1a7c  UI0Detect - ok
17:01:40.0529 0x1a7c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:01:40.0529 0x1a7c  uliagpkx - ok
17:01:40.0561 0x1a7c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:01:40.0561 0x1a7c  umbus - ok
17:01:40.0576 0x1a7c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
17:01:40.0576 0x1a7c  UmPass - ok
17:01:40.0639 0x1a7c  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
17:01:40.0654 0x1a7c  UmRdpService - ok
17:01:40.0701 0x1a7c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
17:01:40.0717 0x1a7c  upnphost - ok
17:01:40.0763 0x1a7c  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
17:01:40.0779 0x1a7c  usbaudio - ok
17:01:40.0826 0x1a7c  [ 28B81917A195B67617AF7DCF4DFE5736, 40A4D2AAE1BDE5ABA8708ED150396E913C566ECD5CDA40D6C6DB256F1B9FD4A9 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:01:40.0826 0x1a7c  usbccgp - ok
17:01:40.0873 0x1a7c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:01:40.0873 0x1a7c  usbcir - ok
17:01:40.0904 0x1a7c  [ B626F048318DAE65A3317F0592BE592C, 284D8FFE1D35F852EFDA182A72288AC3A10D6ED825FE2CC5812497D3FE291AF1 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
17:01:40.0904 0x1a7c  usbehci - ok
17:01:40.0966 0x1a7c  [ 390109E8E05BA00375DCB1ED64DC60AF, B8628502590B423BEFB6F7C8C69FAD0667AD0746FF6B444EE02016E8E1052B78 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
17:01:40.0982 0x1a7c  usbhub - ok
17:01:41.0013 0x1a7c  [ B4DF0F4C1D9D25DFE1DAD1D8670F1D4F, 4317C2DEDC639527B53864BAEC46CBE022D298C0503E29E1072DD1C851D92BFC ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:01:41.0013 0x1a7c  usbohci - ok
17:01:41.0029 0x1a7c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:01:41.0044 0x1a7c  usbprint - ok
17:01:41.0107 0x1a7c  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:01:41.0107 0x1a7c  usbscan - ok
17:01:41.0138 0x1a7c  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:01:41.0153 0x1a7c  USBSTOR - ok
17:01:41.0216 0x1a7c  [ CFEAAF96E666E3DCBD8F6DFF516784AE, 006218A3DB5851790CC0A7F3DCD7B3AF82F624DA679296DE507AFD36C5468317 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:01:41.0231 0x1a7c  usbuhci - ok
17:01:41.0278 0x1a7c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
17:01:41.0278 0x1a7c  UxSms - ok
17:01:41.0309 0x1a7c  [ 7404CDF0B904C6B8AA36C1D167D9F286, 3194BF2EC8078E1EE5FAC0F1C35463629DB106B84D309052F47D0DD39595287E ] VaultSvc        C:\Windows\system32\lsass.exe
17:01:41.0309 0x1a7c  VaultSvc - ok
17:01:41.0341 0x1a7c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:01:41.0356 0x1a7c  vdrvroot - ok
17:01:41.0403 0x1a7c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
17:01:41.0434 0x1a7c  vds - ok
17:01:41.0465 0x1a7c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:01:41.0465 0x1a7c  vga - ok
17:01:41.0481 0x1a7c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:01:41.0497 0x1a7c  VgaSave - ok
17:01:41.0512 0x1a7c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:01:41.0528 0x1a7c  vhdmp - ok
17:01:41.0575 0x1a7c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:01:41.0590 0x1a7c  viaide - ok
17:01:41.0637 0x1a7c  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
17:01:41.0668 0x1a7c  vmbus - ok
17:01:41.0699 0x1a7c  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
17:01:41.0699 0x1a7c  VMBusHID - ok
17:01:41.0731 0x1a7c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:01:41.0746 0x1a7c  volmgr - ok
17:01:41.0777 0x1a7c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:01:41.0793 0x1a7c  volmgrx - ok
17:01:41.0840 0x1a7c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:01:41.0855 0x1a7c  volsnap - ok
17:01:41.0887 0x1a7c  [ B4A73CA4EF9A02B9738CEA9AD5FE5917, B6A8086189FE2F1C3FE5B3F484FBA3DB2E5E1836F3154D30090F136C27D16166 ] vpcbus          C:\Windows\system32\DRIVERS\vpchbus.sys
17:01:41.0887 0x1a7c  vpcbus - ok
17:01:41.0933 0x1a7c  [ E675FB2B48C54F09895482E2253B289C, 68BBFBF2356C849722E429CA753CC309A3CCE8CF00EBDBBD2695ECD292324DF2 ] vpcnfltr        C:\Windows\system32\DRIVERS\vpcnfltr.sys
17:01:41.0949 0x1a7c  vpcnfltr - ok
17:01:41.0980 0x1a7c  [ 5FB42082B0D19A0268705F1DD343DF20, 62F8EEE6A507CE6A8BD638020118D71B78332F79BA82654AB702AE46B04767D9 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
17:01:41.0996 0x1a7c  vpcusb - ok
17:01:42.0043 0x1a7c  [ 63F4E10873BEB4124028C6D1A66B0968, 57088A18CC4BD5A31F40E7118A5DDAA1731A06B91D3870471FBEA705B38E0A57 ] vpcuxd          C:\Windows\system32\DRIVERS\vpcuxd.sys
17:01:42.0043 0x1a7c  vpcuxd - ok
17:01:42.0105 0x1a7c  [ 207B6539799CC1C112661A9B620DD233, 6B915CC7F77C867516D94865D7BF2E5C815402EF0A4488C3EB2FEF7CFA6C98F6 ] vpcvmm          C:\Windows\system32\drivers\vpcvmm.sys
17:01:42.0152 0x1a7c  vpcvmm - ok
17:01:42.0199 0x1a7c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:01:42.0230 0x1a7c  vsmraid - ok
17:01:42.0292 0x1a7c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
17:01:42.0355 0x1a7c  VSS - ok
17:01:42.0401 0x1a7c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
17:01:42.0401 0x1a7c  vwifibus - ok
17:01:42.0417 0x1a7c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
17:01:42.0433 0x1a7c  W32Time - ok
17:01:42.0511 0x1a7c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:01:42.0511 0x1a7c  WacomPen - ok
17:01:42.0542 0x1a7c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:01:42.0542 0x1a7c  WANARP - ok
17:01:42.0542 0x1a7c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:01:42.0542 0x1a7c  Wanarpv6 - ok
17:01:42.0620 0x1a7c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
17:01:42.0651 0x1a7c  WatAdminSvc - ok
17:01:42.0869 0x1a7c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
17:01:42.0947 0x1a7c  wbengine - ok
17:01:42.0979 0x1a7c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:01:42.0979 0x1a7c  WbioSrvc - ok
17:01:43.0010 0x1a7c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:01:43.0025 0x1a7c  wcncsvc - ok
17:01:43.0057 0x1a7c  [ BC00873272B3771CCDA38336AF2B4D4B, 3E412DEC5F172B4C5FD5C227CD790EE56B90A00A8B538704E8F973D230BE2289 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:01:43.0057 0x1a7c  WcsPlugInService - ok
17:01:43.0088 0x1a7c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
17:01:43.0103 0x1a7c  Wd - ok
17:01:43.0353 0x1a7c  [ 6A1AEF46AC445EF4013E494BAC9D66C2, 08C38F74C98E95993F0EB65C90070409DD6F6150CFCC80125BEF2F3377305BAB ] WDBackup        C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
17:01:43.0447 0x1a7c  WDBackup - ok
17:01:43.0478 0x1a7c  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
17:01:43.0493 0x1a7c  WDC_SAM - ok
17:01:43.0540 0x1a7c  [ 46DA6F2C6B084069EC9C4A1C79BFE8C7, 535041CD9B113E17087594FD69ED904CE8A60CD0B314D39F3EC622592A46C217 ] WDDriveService  C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
17:01:43.0571 0x1a7c  WDDriveService - ok
17:01:43.0727 0x1a7c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:01:43.0759 0x1a7c  Wdf01000 - ok
17:01:43.0790 0x1a7c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:01:43.0790 0x1a7c  WdiServiceHost - ok
17:01:43.0805 0x1a7c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:01:43.0805 0x1a7c  WdiSystemHost - ok
17:01:43.0961 0x1a7c  [ B1C9682B3AC27567BDBA4DEDAFB6FA79, 618898295EF45FF9441B7906654A4B28E27A2D3B55C3CE3B23CC51F3671E2669 ] WDRulesService  C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
17:01:43.0993 0x1a7c  WDRulesService - ok
17:01:44.0039 0x1a7c  [ EE841B6D1F2B9508D3ABAE52AC05A94F, F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8 ] WebClient       C:\Windows\System32\webclnt.dll
17:01:44.0055 0x1a7c  WebClient - ok
17:01:44.0133 0x1a7c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:01:44.0149 0x1a7c  Wecsvc - ok
17:01:44.0164 0x1a7c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:01:44.0180 0x1a7c  wercplsupport - ok
17:01:44.0211 0x1a7c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:01:44.0227 0x1a7c  WerSvc - ok
17:01:44.0242 0x1a7c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:01:44.0242 0x1a7c  WfpLwf - ok
17:01:44.0289 0x1a7c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:01:44.0305 0x1a7c  WIMMount - ok
17:01:44.0336 0x1a7c  WinDefend - ok
17:01:44.0351 0x1a7c  WinHttpAutoProxySvc - ok
17:01:44.0507 0x1a7c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:01:44.0539 0x1a7c  Winmgmt - ok
17:01:44.0617 0x1a7c  [ EBDA1B0F15CB9B2CBCC6C94824E4E054, C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06 ] WinRM           C:\Windows\system32\WsmSvc.dll
17:01:44.0679 0x1a7c  WinRM - ok
17:01:44.0710 0x1a7c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:01:44.0726 0x1a7c  WinUsb - ok
17:01:44.0773 0x1a7c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:01:44.0804 0x1a7c  Wlansvc - ok
17:01:44.0835 0x1a7c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:01:44.0835 0x1a7c  WmiAcpi - ok
17:01:44.0866 0x1a7c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:01:44.0882 0x1a7c  wmiApSrv - ok
17:01:44.0897 0x1a7c  WMPNetworkSvc - ok
17:01:44.0913 0x1a7c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:01:44.0913 0x1a7c  WPCSvc - ok
17:01:44.0913 0x1a7c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:01:44.0929 0x1a7c  WPDBusEnum - ok
17:01:44.0960 0x1a7c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:01:44.0960 0x1a7c  ws2ifsl - ok
17:01:44.0975 0x1a7c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
17:01:44.0975 0x1a7c  wscsvc - ok
17:01:44.0975 0x1a7c  WSearch - ok
17:01:45.0397 0x1a7c  [ F24A345C584EC2EFC49F9F375EBDA2A5, 85FBB211CA2320363B5503E06AC23C6A89007D3777D696DF6D7ADB2369965ECD ] wuauserv        C:\Windows\system32\wuaueng.dll
17:01:45.0475 0x1a7c  wuauserv - ok
17:01:45.0506 0x1a7c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:01:45.0506 0x1a7c  WudfPf - ok
17:01:45.0568 0x1a7c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:01:45.0584 0x1a7c  WUDFRd - ok
17:01:45.0615 0x1a7c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:01:45.0615 0x1a7c  wudfsvc - ok
17:01:45.0631 0x1a7c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:01:45.0646 0x1a7c  WwanSvc - ok
17:01:45.0646 0x1a7c  ================ Scan global ===============================
17:01:45.0693 0x1a7c  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
17:01:45.0771 0x1a7c  [ C635B3578DBAFB1E03497C0D2F2418A5, 697454B3EC86078F0C37C258BDEDA8E2798BB574B0C11E652D4A0141E827174C ] C:\Windows\system32\winsrv.dll
17:01:45.0802 0x1a7c  [ C635B3578DBAFB1E03497C0D2F2418A5, 697454B3EC86078F0C37C258BDEDA8E2798BB574B0C11E652D4A0141E827174C ] C:\Windows\system32\winsrv.dll
17:01:45.0849 0x1a7c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
17:01:45.0943 0x1a7c  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
17:01:45.0958 0x1a7c  [ Global ] - ok
17:01:45.0958 0x1a7c  ================ Scan MBR ==================================
17:01:46.0005 0x1a7c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:01:46.0723 0x1a7c  \Device\Harddisk0\DR0 - ok
17:01:46.0723 0x1a7c  ================ Scan VBR ==================================
17:01:46.0738 0x1a7c  [ 8002F7E4750B975CFFBF51BD1A3A522B ] \Device\Harddisk0\DR0\Partition1
17:01:46.0738 0x1a7c  \Device\Harddisk0\DR0\Partition1 - ok
17:01:46.0754 0x1a7c  [ FF8B07D4A3489911343C41BD01010761 ] \Device\Harddisk0\DR0\Partition2
17:01:46.0754 0x1a7c  \Device\Harddisk0\DR0\Partition2 - ok
17:01:46.0754 0x1a7c  ================ Scan generic autorun ======================
17:01:46.0894 0x1a7c  [ 7A727248EBC065BD2BB94A9B2892D190, B1E12ED3D07963EF0FA09B3ECD8AC3FBD316733D968A99C958DF7026B1BDFD99 ] C:\Program Files\Microsoft Security Client\msseces.exe
17:01:46.0941 0x1a7c  MSC - ok
17:01:47.0019 0x1a7c  [ FF0FAB199882C00D6DC54CA035865C49, BF4D65D96F8DC0057042C2A4B70106D156B0D13C75839935BC9051089363C495 ] C:\Program Files\iTunes\iTunesHelper.exe
17:01:47.0035 0x1a7c  iTunesHelper - ok
17:01:47.0081 0x1a7c  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
17:01:47.0081 0x1a7c  Logitech Download Assistant - ok
17:01:47.0378 0x1a7c  [ 5602FF42444B4991E69C62E493BDAEC4, 7AE46CA0CD1E1C091B31EE4A691C26823E0F1AB1CA6B1C29E6C662BF7E28A996 ] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
17:01:47.0487 0x1a7c  Malwarebytes TrayApp - ok
17:01:47.0908 0x1a7c  [ 66624969EC697242ADD3F191A4788FAA, 3C649FFE3C928818BD026D50A6F14902BE280B3BEEA0007214E9C1813770428E ] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
17:01:48.0049 0x1a7c  WD Quick View - ok
17:01:48.0142 0x1a7c  [ 2C4F1951B91DDBC58E15C565196BAC00, BA787E0509C60FD9850DBD02359C26F65C9E13C2388D82E866B2045F40C853EE ] C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
17:01:48.0142 0x1a7c  Share-to-Web Namespace Daemon - ok
17:01:48.0220 0x1a7c  [ D3AC38E80E928CC61A22650E04423BB8, 8DB324E5BCC2A721EB0C48F0F3ECC21E49D6172A3BF8ACC55244C08FAEB3101C ] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
17:01:48.0267 0x1a7c  EEventManager - ok
17:01:48.0423 0x1a7c  [ 7FA30B0DE75D61B4E8E8734B2BB6CA6C, C545C83A6F7B6CDFA2C0393553AE3CCCE6FCC11CCB4026470D414B06EC679581 ] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
17:01:48.0485 0x1a7c  FUFAXRCV - ok
17:01:48.0501 0x1a7c  [ E476F00C910C1A96978FB30859E10919, 3F0DDF6DC7DB346BFB8AD9DD76F53143415FEED620A49B35A16168606A1942B4 ] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
17:01:48.0517 0x1a7c  FUFAXSTM - ok
17:01:48.0610 0x1a7c  [ E30B5056C874308F22CF155CE3BAE3D2, 004EE5D751C29EE7CBF2ABF4A2D22699DB1A227A5F2258833747B775B04D4635 ] C:\Program Files (x86)\LTCM Client\ltcmClient.exe
17:01:48.0688 0x1a7c  LTCM Client - ok
17:01:49.0359 0x1a7c  [ 95733652E827BFA23099AD0A8255E7E1, 30C40B8847D4A44BD99529A1827C5EE721EF721C300B91E6F6F8649E188D0C10 ] C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
17:01:49.0421 0x1a7c  Dropbox - ok
17:01:49.0577 0x1a7c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
17:01:49.0640 0x1a7c  Sidebar - ok
17:01:49.0687 0x1a7c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
17:01:49.0702 0x1a7c  mctadmin - ok
17:01:49.0733 0x1a7c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
17:01:49.0749 0x1a7c  Sidebar - ok
17:01:49.0765 0x1a7c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
17:01:49.0765 0x1a7c  mctadmin - ok
17:01:50.0279 0x1a7c  [ FF43A73B3207CD4346F8C8A829D7F13A, 79931A42D1663D4CF4B5230D1D421C85DF080A49C41B575B323ACA0E0FBF55F1 ] C:\Users\Suzanne\AppData\Local\Amazon Music\Amazon Music Helper.exe
17:01:50.0404 0x1a7c  Amazon Music - ok
17:01:50.0451 0x1a7c  ISUSPM - ok
17:01:50.0451 0x1a7c  Waiting for KSN requests completion. In queue: 98
17:01:51.0496 0x1a7c  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.10.209.0 ), 0x60000 ( disabled : updated )
17:01:51.0527 0x1a7c  Win FW state via NFP2: enabled ( trusted )
17:01:52.0229 0x1a7c  ============================================================
17:01:52.0229 0x1a7c  Scan finished
17:01:52.0229 0x1a7c  ============================================================
17:01:52.0229 0x130c  Detected object count: 0
17:01:52.0229 0x130c  Actual detected object count: 0
-------------------------------------------------------------------------------------------------------------------------------
 
ADwCleaner
 
# AdwCleaner v6.047 - Logfile created 23/06/2017 at 17:18:53
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-23.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Suzanne - SUZANNE-PC
# Running from : C:\Users\Suzanne\Documents\AdwCleaner.com
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\Suzanne\AppData\Local\slimware utilities inc
Folder Found:  C:\Users\Suzanne\AppData\Local\Downloaded Installers
Folder Found:  C:\Users\Suzanne\AppData\Local\SlimWare Utilities Inc
Folder Found:  C:\Users\Suzanne\AppData\LocalLow\iac
Folder Found:  C:\Users\Suzanne\AppData\LocalLow\Toolbar4
Folder Found:  C:\Users\Suzanne\AppData\LocalLow\Yahoo! Companion
Folder Found:  C:\Users\Suzanne\AppData\LocalLow\Yahoo!\Companion
Folder Found:  C:\Users\Suzanne\AppData\LocalLow\IAC
Folder Found:  C:\Users\Suzanne\AppData\Roaming\Yahoo!\Companion
Folder Found:  C:\ProgramData\slimware utilities inc
Folder Found:  C:\ProgramData\Yahoo! Companion
Folder Found:  C:\ProgramData\SlimWare Utilities Inc
Folder Found:  C:\ProgramData\Application Data\slimware utilities inc
Folder Found:  C:\ProgramData\Application Data\Yahoo! Companion
Folder Found:  C:\ProgramData\Application Data\SlimWare Utilities Inc
Folder Found:  C:\Program Files (x86)\Coupons
Folder Found:  C:\Program Files (x86)\PC Cleaner
Folder Found:  C:\Program Files (x86)\RegClean Pro
Folder Found:  C:\Program Files (x86)\Systweak Support Dock
Folder Found:  C:\Program Files (x86)\Yahoo!\Companion
Folder Found:  C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion
Folder Found:  C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion
Folder Found:  C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbdfnhblopmjjmghkgflplloabcclbmj
 
 
***** [ Files ] *****
 
File Found:  C:\Program Files (x86)\Yahoo!\Common\unyt.exe
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DailyWellnessGuide_80bar Uninstall Firefox
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DailyWellnessGuide_80bar Uninstall Internet Explorer
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyScrapNook_12bar Uninstall
Key Found:  HKU\S-1-5-21-2382962764-943361143-2409107413-1000\Software\Classes\ShopAtHomeHelper.CookiesManager
Key Found:  HKU\S-1-5-21-2382962764-943361143-2409107413-1000\Software\Classes\ShopAtHomeHelper.CookiesManager.1
Key Found:  HKU\S-1-5-21-2382962764-943361143-2409107413-1000\Software\Classes\ShopAtHomeHelper.hxxpHandle302
Key Found:  HKU\S-1-5-21-2382962764-943361143-2409107413-1000\Software\Classes\ShopAtHomeHelper.hxxpHandle302.1
Key Found:  HKU\S-1-5-21-2382962764-943361143-2409107413-1000\Software\Classes\ShopAtHomeHelper.PostUrlWorker
Key Found:  HKU\S-1-5-21-2382962764-943361143-2409107413-1000\Software\Classes\ShopAtHomeHelper.PostUrlWorker.1
Key Found:  HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager
Key Found:  HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager.1
Key Found:  HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302
Key Found:  HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302.1
Key Found:  HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker
Key Found:  HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker.1
Key Found:  HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found:  HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found:  HKLM\SOFTWARE\Classes\Sample.BrowserHandler
Key Found:  HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
Key Found:  HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
Key Found:  HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
Key Found:  HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found:  HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found:  HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found:  HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found:  HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found:  HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found:  HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found:  HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found:  HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found:  HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found:  HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found:  HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found:  HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found:  HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found:  HKLM\SOFTWARE\Classes\yt.CacheLoader
Key Found:  HKLM\SOFTWARE\Classes\yt.CacheLoader.1
Key Found:  HKLM\SOFTWARE\Classes\yt.Clickstream
Key Found:  HKLM\SOFTWARE\Classes\yt.Clickstream.1
Key Found:  HKLM\SOFTWARE\Classes\yt.YTBMButton
Key Found:  HKLM\SOFTWARE\Classes\yt.YTBMButton.1
Key Found:  HKLM\SOFTWARE\Classes\yt.YTHelper
Key Found:  HKLM\SOFTWARE\Classes\yt.YTHelper.2
Key Found:  HKLM\SOFTWARE\Classes\yt.YTNavAssistPlugin
Key Found:  HKLM\SOFTWARE\Classes\yt.YTNavAssistPlugin.1
Key Found:  HKLM\SOFTWARE\Classes\yt.YToolbarBand
Key Found:  HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
Key Found:  HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant
Key Found:  HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant.1
Key Found:  HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant
Key Found:  HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1
Key Found:  HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
Key Found:  HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
Key Found:  HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant
Key Found:  HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1
Key Found:  HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
Key Found:  HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
Key Found:  HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant
Key Found:  HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1
Key Found:  HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
Key Found:  HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
Key Found:  HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
Key Found:  HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
Key Found:  [x64] HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager
Key Found:  [x64] HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager.1
Key Found:  [x64] HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302
Key Found:  [x64] HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302.1
Key Found:  [x64] HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker
Key Found:  [x64] HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found:  [x64] HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\Sample.BrowserHandler
Key Found:  [x64] HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
Key Found:  [x64] HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found:  [x64] HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found:  [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\yt.CacheLoader
Key Found:  [x64] HKLM\SOFTWARE\Classes\yt.CacheLoader.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\yt.Clickstream
Key Found:  [x64] HKLM\SOFTWARE\Classes\yt.Clickstream.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\yt.YTBMButton
Key Found:  [x64] HKLM\SOFTWARE\Classes\yt.YTBMButton.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\yt.YTHelper
Key Found:  [x64] HKLM\SOFTWARE\Classes\yt.YTHelper.2
Key Found:  [x64] HKLM\SOFTWARE\Classes\yt.YTNavAssistPlugin
Key Found:  [x64] HKLM\SOFTWARE\Classes\yt.YTNavAssistPlugin.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\yt.YToolbarBand
Key Found:  [x64] HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant
Key Found:  [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant
Key Found:  [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
Key Found:  [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant
Key Found:  [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
Key Found:  [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant
Key Found:  [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
Key Found:  [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
Key Found:  [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
Key Found:  HKU\S-1-5-21-2382962764-943361143-2409107413-1000\Software\Classes\TypeLib\{B944FF5E-EC87-4E1E-8C49-2FF3BC573997}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{3C16E079-E4C7-493C-BE9F-E0F2BB0B7430}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{7DB8B625-DBF0-4491-B544-5A06F7B17BB4}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{8E74A0AE-F0ED-47ED-A940-A8E99687646B}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{9DE77B51-89F6-468E-9402-16050382E950}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Key Found:  HKCU\Software\Classes\TypeLib\{B944FF5E-EC87-4E1E-8C49-2FF3BC573997}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Found:  HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found:  HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Found:  HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found:  HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25D62E1A-BD8B-4E6E-B7CC-1E0EE04A4622}
Key Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Value Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found:  HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]
Key Found:  HKU\.DEFAULT\Software\Yahoo\Companion
Key Found:  HKU\S-1-5-21-2382962764-943361143-2409107413-1000\Software\Conduit
Key Found:  HKU\S-1-5-21-2382962764-943361143-2409107413-1000\Software\Yahoo\Companion
Key Found:  HKU\S-1-5-21-2382962764-943361143-2409107413-1000\Software\Yahoo\YFriendsBar
Key Found:  HKU\S-1-5-21-2382962764-943361143-2409107413-1000\Software\AppDataLow\Software\Yahoo\Companion
Key Found:  HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2382962764-943361143-2409107413-1000\Software\Yahoo\Companion
Key Found:  HKU\S-1-5-18\Software\Yahoo\Companion
Key Found:  HKCU\Software\Conduit
Key Found:  HKCU\Software\Yahoo\Companion
Key Found:  HKCU\Software\Yahoo\YFriendsBar
Key Found:  HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found:  HKLM\SOFTWARE\Conduit
Key Found:  HKLM\SOFTWARE\InstallIQ
Key Found:  HKLM\SOFTWARE\SlimWare Utilities Inc
Key Found:  HKLM\SOFTWARE\Yahoo\Companion
Key Found:  HKLM\SOFTWARE\systweak
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2382962764-943361143-2409107413-1000\Software\Yahoo\Companion
Key Found:  [x64] HKCU\Software\Conduit
Key Found:  [x64] HKCU\Software\Yahoo\Companion
Key Found:  [x64] HKCU\Software\Yahoo\YFriendsBar
Key Found:  [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found:  HKU\S-1-5-21-2382962764-943361143-2409107413-1000\Software\Microsoft\Internet Explorer\SearchScopes\{75050740-BC9A-4CCD-8E2D-7C2855AF2F0F}
Key Found:  HKU\S-1-5-21-2382962764-943361143-2409107413-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{75050740-BC9A-4CCD-8E2D-7C2855AF2F0F}
Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{75050740-BC9A-4CCD-8E2D-7C2855AF2F0F}
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
Key Found:  HKCU\Software\Classes\AppID\ShopAtHomeHelper.EXE
Key Found:  HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found:  HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found:  HKLM\SOFTWARE\Classes\AppID\yt.DLL
Key Found:  HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Web data] - conduit.search
Chrome pref Found:  [C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - bbdfnhblopmjjmghkgflplloabcclbmj
 
[!] You may need to disable the Chrome synchronization from your Google account in order to fully remove the malicious preferences. Please consult this Google help: https://support.google.com/chrome/answer/3097271?hl=en [!]
 
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [20687 Bytes] - [23/06/2017 17:18:53]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20761 Bytes] ##########
 
----------------------------------------------------------------------------------------------------------------------
 
Junk Removal Tool
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Professional x64 
Ran by Suzanne (Administrator) on Fri 06/23/2017 at 17:27:25.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 27 
 
Successfully deleted: C:\ProgramData\slimware utilities inc (Folder) 
Successfully deleted: C:\Users\Suzanne\AppData\Local\downloaded installers (Folder) 
Successfully deleted: C:\Users\Suzanne\AppData\Local\slimware utilities inc (Folder) 
Successfully deleted: C:\Users\Suzanne\Appdata\LocalLow\iac (Folder) 
Successfully deleted: C:\Users\Suzanne\Appdata\LocalLow\Toolbar4 (Folder) 
Successfully deleted: C:\Program Files (x86)\coupons (Folder) 
Successfully deleted: C:\Program Files (x86)\regclean pro (Folder) 
Successfully deleted: C:\Users\Suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VZD4UX6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4SE24N6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLEX0LGV (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N707NWGT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R5VPZL72 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TMK1PB59 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VZD4UX6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4SE24N6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLEX0LGV (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N707NWGT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R5VPZL72 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TMK1PB59 (Temporary Internet Files Folder) 
 
 
 
Registry: 7 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{75050740-BC9A-4CCD-8E2D-7C2855AF2F0F} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65f159fb-5f5e-46f4-b45d-ccfa236d2073} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7320e42c-584c-4d2a-97b9-9bc404fd4e53} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65f159fb-5f5e-46f4-b45d-ccfa236d2073} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7320e42c-584c-4d2a-97b9-9bc404fd4e53} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/23/2017 at 17:29:48.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----------------------------------------------------------------------------------------------------------------------------------------
 
ESET Scanner
 
This scan did not find any malicious files and thus didn't give me an option to create a text file.
 
-------------------------------------------------------------------------------------------------------------------------------------------
 
I had to save each of these downloads as .COM files to be able to run them.
 
I look forward to your next reply. Also I do have the original Windows 7 install disc with product key if that helps in the restoration. 
 
Thanks.


#5 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:22 PM

Posted 23 June 2017 - 10:29 PM

When the system is determined to be clean, the default file type associations will need to be  restored.

 

See this tutorial on VistaForums (works for Windows 7 as well)...

 

https://www.vistax64.com/tutorials/233243-default-file-type-associations-restore.html

 

Even though it says for Vista only, Shawn Brink, who is the owner of both forums, has recommended it on SevenForums for Windows 7...

 

https://www.sevenforums.com/general-discussion/23291-all-exe-file-opens-windows-media-centre.html

 

Post #3.

 

Following best practices, always backup the registry first before making any changes.

 

Registry Backup from Tweaking.com is hosted on the Bleeping Computer download site.

 

Creating a restore point is always recommended before making changes to a system.


Edited by jwoods301, 23 June 2017 - 10:31 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:22 PM

Posted 24 June 2017 - 09:24 AM

OK, Look in Control Panel and Uninstall Adobe and Superantispyware if there, remove what ADWCleaner found...

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Ravenlaughing

Ravenlaughing
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico
  • Local time:06:22 PM

Posted 24 June 2017 - 07:55 PM

@Boopme

 

I removed Adobe (Both Acrobat Reader and Flash) and SuperAntiSpyware.

I then ran AdwCleaner as instructed. Here is the cleaning log.

 

# AdwCleaner v6.047 - Logfile created 24/06/2017 at 18:46:56
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-23.1 [Local]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Suzanne - SUZANNE-PC
# Running from : C:\Users\Suzanne\Documents\AdwCleaner.com
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\Suzanne\AppData\LocalLow\Yahoo! Companion
[-] Folder deleted: C:\Users\Suzanne\AppData\LocalLow\Yahoo!\Companion
[-] Folder deleted: C:\Users\Suzanne\AppData\Roaming\Yahoo!\Companion
[-] Folder deleted: C:\ProgramData\Yahoo! Companion
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Yahoo! Companion
[-] Folder deleted: C:\Program Files (x86)\PC Cleaner
[-] Folder deleted: C:\Program Files (x86)\Systweak Support Dock
[-] Folder deleted: C:\Program Files (x86)\Yahoo!\Companion
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion
[-] Folder deleted: C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbdfnhblopmjjmghkgflplloabcclbmj
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Program Files (x86)\Yahoo!\Common\unyt.exe
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DailyWellnessGuide_80bar Uninstall Firefox
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DailyWellnessGuide_80bar Uninstall Internet Explorer
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyScrapNook_12bar Uninstall
[-] Key deleted: HKU\S-1-5-21-2382962764-943361143-2409107413-1000\Software\Classes\ShopAtHomeHelper.CookiesManager
[-] Key deleted: HKU\S-1-5-21-2382962764-943361143-2409107413-1000\Software\Classes\ShopAtHomeHelper.CookiesManager.1
[-] Key deleted: HKU\S-1-5-21-2382962764-943361143-2409107413-1000\Software\Classes\ShopAtHomeHelper.hxxpHandle302
[-] Key deleted: HKU\S-1-5-21-2382962764-943361143-2409107413-1000\Software\Classes\ShopAtHomeHelper.hxxpHandle302.1
[-] Key deleted: HKU\S-1-5-21-2382962764-943361143-2409107413-1000\Software\Classes\ShopAtHomeHelper.PostUrlWorker
[-] Key deleted: HKU\S-1-5-21-2382962764-943361143-2409107413-1000\Software\Classes\ShopAtHomeHelper.PostUrlWorker.1
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager.1
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302.1
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
[-] Key deleted: HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.BrowserHandler
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
[-] Key deleted: HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
[-] Key deleted: HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbRequest
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbTask
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.CacheLoader
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.Clickstream
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.Clickstream.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTBMButton
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTBMButton.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTHelper
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTHelper.2
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTNavAssistPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTNavAssistPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YToolbarBand
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant
[-] Key deleted: HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[-] Key deleted: HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager.1
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302.1
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.BrowserHandler
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbRequest
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbTask
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.CacheLoader
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.Clickstream
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.Clickstream.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTBMButton
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTBMButton.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTHelper
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTHelper.2
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTNavAssistPlugin
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YTNavAssistPlugin.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YToolbarBand
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[-] Key deleted: HKU\S-1-5-21-2382962764-943361143-2409107413-1000\Software\Classes\TypeLib\{B944FF5E-EC87-4E1E-8C49-2FF3BC573997}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3C16E079-E4C7-493C-BE9F-E0F2BB0B7430}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{7DB8B625-DBF0-4491-B544-5A06F7B17BB4}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8E74A0AE-F0ED-47ED-A940-A8E99687646B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9DE77B51-89F6-468E-9402-16050382E950}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
[#] Key deleted on reboot: HKCU\Software\Classes\TypeLib\{B944FF5E-EC87-4E1E-8C49-2FF3BC573997}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25D62E1A-BD8B-4E6E-B7CC-1E0EE04A4622}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]
[-] Key deleted: HKU\.DEFAULT\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-2382962764-943361143-2409107413-1000\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-2382962764-943361143-2409107413-1000\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-2382962764-943361143-2409107413-1000\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\S-1-5-21-2382962764-943361143-2409107413-1000\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2382962764-943361143-2409107413-1000\Software\Yahoo\Companion
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Conduit
[-] Key deleted: HKLM\SOFTWARE\InstallIQ
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\systweak
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2382962764-943361143-2409107413-1000\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Conduit
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKCU\Software\Classes\AppID\ShopAtHomeHelper.EXE
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\yt.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: conduit.search
[-] [C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: bbdfnhblopmjjmghkgflplloabcclbmj
[-] [C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: ask.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [20931 Bytes] - [24/06/2017 18:46:56]
C:\AdwCleaner\AdwCleaner[S0].txt - [21085 Bytes] - [23/06/2017 17:18:53]
C:\AdwCleaner\AdwCleaner[S1].txt - [19797 Bytes] - [24/06/2017 18:42:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [21153 Bytes] ##########


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:22 PM

Posted 25 June 2017 - 02:10 PM

  • Looks good, please run RKill
Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista/Windows7, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Ravenlaughing

Ravenlaughing
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico
  • Local time:06:22 PM

Posted 25 June 2017 - 03:17 PM

Rkill has been run. Here is the log.

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 06/25/2017 02:13:30 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * TBS [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 06/25/2017 02:17:27 PM
Execution time: 0 hours(s), 3 minute(s), and 57 seconds(s)


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:22 PM

Posted 25 June 2017 - 07:46 PM

Looks good,
If you want Adobe reader back get it here..
https://acrobat.adobe.com/us/en/acrobat/pdf-reader.html
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Ravenlaughing

Ravenlaughing
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico
  • Local time:06:22 PM

Posted 06 September 2017 - 02:04 PM

I've been working on my Moms computer after catching a bad case of Malware. See the following thread for details about that issue.

 

https://www.bleepingcomputer.com/forums/t/647489/mobic-worm-and-gen-risk-ware-trojan/

 

Anyway, I was still having an issue with exe files not opening properly. I opted for a system recovery, using the Windows & install disk. I picked a system image that was a year old, and figured it should be good after the machine had been cleaned. I also figured I would have to reinstall all MS updates from the previous year.

 

The backup reinstalled nicely, everything was working as it was supposed to including exe files. I started with MS Security Essentials updates. I then ran a scan with Essentials and found nothing. So I started windows updates. The downloads kept hanging up and failing. I restarted them several times thinking it was just my slow rural internet. While using my tablet, I kept getting a you are not connected message. This caused a red flag for me as my router showed internet connection. I ran MiniToolBox, on the computer and everything seemed to be fine, but I then downloaded and ran SuperAntiSpyware. The scan found five objects related to a Mobic worm, and two different trojans, a number of mindspark files, as well as hundreds of tracking cookies. I cleaned these and then downloaded Malwarebytes and ran a scan. MB found 209 more pieces of mindspark toolbar crap. I then downloaded the MB Junk Removal tool. JRT found and cleaned 23 more bits of toolbar junk. Next I ran Adware Cleaner and that scan came up clean. Finally I used the ESET Online Scanner and it found and cleaned 26 more toolbar files. Just to be sure I ran SAS and MB again and found nothing.

 

During all of this I had my moms external drive was connected. This was the location of the backup I used, and had her important files backed up there as well, so she could use them on a different computer until I could get this one fixed. When the malware infection became apparent, I had connected this external to my computer, and scanned it thoroughly finding no malware. My mom has used it on her laptop, and had no issues, and I made sure it was scanned regularly for malware. It was also connected during the previously mentioned scans after system recover.

 

Anyway, thinking I finally had this machine clean again, I wanted to restore the most current version of her files to the C drive. I deleted all of the year old documents, pictures, videos, ect from the C drive documents folders. I then started copying the up to date files from the external back into those document folders. I started with documents, and had no problem. Next I started copying pictures. Having approximately 17 GB of pictures, this was taking awhile. So while waiting, I went and watered my greenhouse, then went next door to my Mom's and gave her a progress update on her computer. When I came back to my house approximately 20 minutes later, I checked the progress, and instead of copying the files, the computer was deleting them. Not only the pictures were deleted, but all documents, which were previously okay, but also videos, music, and downloads. I had not even touched any of the last three yet.  In addition, there was an archive of her previous XP machine which was accessed through a virtual machine on the external. It was deleted as well. I thought maybe, I had clicked the wrong option, but essentially all document and media files were deleted from the computer and the external drive.

 

The first thing I did was S**t myself. Next I shared some profanity with my dog. Next I downloaded Recuva and went and recovered her files. I now have copies of them on USB and DVD drives, and have scanned them on a different computer. They show clean.

 

So after all of that, I guess my questions are:

 

  1. Was the additional malware in the year old backup, or was it possibly still in the hard drive despite seeming to be clean?
  2. What would cause this mass deletion? Is there still malware on either the c drive or the external which is not found by numerous scans, or during cleanup, did something become corrupted that caused this issue.
  3. And finally what course of action would be recommended for both the computer and the external?

My mom runs four businesses with this computer, and it needs to be safe and secure. I have been working with her to improve her security habits, especially since the initial malware infection. My dad is a Luddite, and thinks this is a waste of time. He is ready to buy a new hard drive, and have me install and do a clean install of Windows 7 on it. I believe the machine is able to upgrade to 10, but I have not yet confirmed that. I suggested installing Linux and explained that for what she needs the learning curve is not to steep, but he is not entirely on board with that either.

 

Anyway I appreciate any feedback regarding this.

 

Thanks,

Jeremy


Edited by hamluis, 06 September 2017 - 02:15 PM.


#12 Ravenlaughing

Ravenlaughing
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico
  • Local time:06:22 PM

Posted 06 September 2017 - 02:09 PM

I have posted a followup to this with a different problem on the same machine at https://www.bleepingcomputer.com/forums/t/656495/followup-to-previous-malware-problem-mass-deletion-of-files/

 

Any feedback would be appreciated.

 

Thanks.

 

Mod Edit:  Merged that topic into this one as post #11 - Hamluis.


Edited by hamluis, 06 September 2017 - 02:11 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users