Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Cannot Access Windows Update, iTunes, IE and others

This is a discussion on Cannot Access Windows Update, iTunes, IE and others within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, Since buying my laptop over 3 years ago I have NEVER been able to update windows, access the itunes


 
 
Thread Tools Search this Thread
Old 10-23-2015, 09:20 PM   #1
Registered Member
 
Join Date: Oct 2015
Posts: 36
OS: Windows 8



Hi,

Since buying my laptop over 3 years ago I have NEVER been able to update windows, access the itunes store, IE, steam and a few other programs. I can however use the internet with chrome, firefox, file sharing software, etc with no problems whatsoever.

When I try to use Windows update it says: "Windows could not search for new updates Code 80072F8F".
When I click on the iTunes store button it stays on "Accessing iTunes store" indefinitely.
IE opens up, but cannot load any webpages.

After peviosuly being unable to solve the problem, I swept it under the rug until recently getting an iphone 6 (having forgotten about this issue) and hit my head against a wall remembering that I can't put my music onto my computer because I can't access the itunes store.

Things I have done so far to try and solve the issue:

1) Temporarily disabled antivirus software (AVG)
2) Made sure I'm not using a proxy
3) Repairing my internet connection
4) Reinstalling said programs which don't work (itunes, steam etc)
5) Restarting in safe mode with networking
6) Performing a clean boot
7) Ran SFC /scannow (couldn't fix all files) and then SFCfix ("No corruptions were detected") and then SFC /scannow a 2nd time (couldn't fix files)
8) Checked my BIOS clock settings
9) Downloaded Malware bytes and ran a scan - removing 7 PUPs
10) Ran the DDS file (see attachment)

spunk.funk and masterchiefxx17 advised me to post here for advice. Previous thread can be found here:
hxxp://www.techsupportforum.com/forums/f320/cannot-connect-to-windows-update-itunes-store-steam-ie-and-others-1053114.html#post6682698

Thanks in advance!
Attached Files
File Type: txt attach.txt (9.3 KB, 38 views)
Deanosaurus is offline  
Sponsored Links
Advertisement
 
Old 10-26-2015, 01:37 AM   #2
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Deanosaurus,

DDS tool creates two reports when scanning is finished. Attach.txt and DDS.txt. You've just added Attach.txt You haven't added a DDS.txt. Please add it and we move on.
__________________
tekir06 is offline  
Old 10-26-2015, 06:03 AM   #3
Registered Member
 
Join Date: Oct 2015
Posts: 36
OS: Windows 8



Sorry my bad. Here are the two logs.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2
Run by yojax at 12:59:23 on 2015-10-24
Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.3988.2746 [GMT 9:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\dwm.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe
C:\Windows\system32\dashost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\Hola\app\hola_svc.exe
C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files\Hola\app\hola_updater.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
C:\Windows\WinStore\WSHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [AVG-Secure-Search-Update_0913b] C:\Users\yojax\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 2490a102466147d09dcfb9dd65422e8f-fb0855923d548d2c878ff705463db7675a2bc6fb --CMPID 0913b
uRun: [AmazonMP3DownloaderHelper] C:\Users\yojax\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
uRun: [Viber] "C:\Users\yojax\AppData\Local\Viber\Viber.exe" StartMinimized
uRun: [Dropbox Update] "C:\Users\yojax\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [Amazon Music] "C:\Users\yojax\AppData\Local\Amazon Music\Amazon Music Helper.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [CheckNDISPortf0ac8B] C:\Program Files (x86)\4G Hostless Modem\PocketWiFi\CheckNDISPort_df.exe
mRun: [CancelAutoPlay_df] "C:\Program Files (x86)\4G Hostless Modem\PocketWiFi\CancelAutoPlay_df.exe" run
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [YouCam Service] "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
mRun: [BtTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: hola.org
TCP: NameServer = 192.168.100.1 192.168.100.1
TCP: Interfaces\{0E594347-D7B3-4282-8597-D095587EE032} : DHCPNameServer = 192.168.128.1
TCP: Interfaces\{5CE3FC0C-96BA-46FD-A71D-EB8D6CCDC141} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{5CE3FC0C-96BA-46FD-A71D-EB8D6CCDC141} : DHCPNameServer = 192.168.100.1 192.168.100.1
TCP: Interfaces\{5CE3FC0C-96BA-46FD-A71D-EB8D6CCDC141}\244584572653D225A425A4 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{5CE3FC0C-96BA-46FD-A71D-EB8D6CCDC141}\244584572653D225A425A4 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{5CE3FC0C-96BA-46FD-A71D-EB8D6CCDC141}\8475441343F5344303532383132393249323 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{5CE3FC0C-96BA-46FD-A71D-EB8D6CCDC141}\8475441343F5344303532383132393249323 : DHCPNameServer = 192.168.100.1 192.168.100.1
TCP: Interfaces\{5CE3FC0C-96BA-46FD-A71D-EB8D6CCDC141}\97574716B61626 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{5CE3FC0C-96BA-46FD-A71D-EB8D6CCDC141}\97574716B61626 : DHCPNameServer = 192.168.11.1
TCP: Interfaces\{5CE3FC0C-96BA-46FD-A71D-EB8D6CCDC141}\97574716B6162623 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{5CE3FC0C-96BA-46FD-A71D-EB8D6CCDC141}\97574716B6162623 : DHCPNameServer = 192.168.11.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Expat Shield Class: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Classic Start Menu] "C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun
x64-Run: [hola] C:\Program Files\Hola\app\hola.exe --silent
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\Drivers\aswRvrt.sys [2015-10-19 65224]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\Drivers\aswVmm.sys [2015-10-19 274808]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-8-1 645952]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2015-10-19 1049880]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2015-10-19 448968]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-5-29 77128]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\Drivers\aswHwid.sys [2015-10-19 28656]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2015-10-19 90968]
R2 aswStm;aswStm;C:\Windows\System32\Drivers\aswStm.sys [2015-10-19 153744]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-10-19 146600]
R2 Ds3Service;SCP DS3 Service;C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe [2014-8-9 388352]
R2 hola_svc;Hola Better Internet Engine;C:\Program Files\Hola\app\hola_svc.exe [2015-9-15 8105600]
R2 hola_updater;Hola Better Internet Updater;C:\Program Files\Hola\app\hola_updater.exe [2015-5-24 7747528]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 99128]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-9-8 35232]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-10-5 2451456]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-10-5 131032]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-10-5 165336]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-10-5 366040]
R3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;C:\Windows\System32\Drivers\BtAudioBus.sys [2012-6-15 23136]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;C:\Windows\System32\Drivers\BtL2caScoIf.sys [2013-4-26 54064]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2013-3-25 49584]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\Drivers\clwvd.sys [2013-10-26 41408]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-6-20 342528]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2012-10-5 2531528]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2012-10-5 269968]
R3 rtbth;RTBTH Bluetooth Device Driver;C:\Windows\System32\Drivers\rtbth.sys [2013-7-13 1162952]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-10-5 690832]
R3 ScpVBus;Scp Virtual Bus Driver;C:\Windows\System32\Drivers\ScpVBus.sys [2014-8-9 39168]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2013-6-28 33008]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-6-25 327296]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-10-24 99384]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-10-5 41272]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-10-24 203320]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2015-6-10 54784]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\Windows\System32\Drivers\xusb22.sys [2012-7-26 89088]
.
=============== Created Last 30 ================
.
2015-10-19 12:59:36 -------- d-----w- C:\Users\yojax\AppData\Roaming\AVAST Software
2015-10-19 12:47:03 93528 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2015-10-19 12:47:03 90968 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2015-10-19 12:47:03 65224 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-10-19 12:47:03 28656 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-10-19 12:47:03 274808 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-10-19 12:47:03 153744 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2015-10-19 12:47:03 1049880 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2015-10-19 12:46:45 43112 ----a-w- C:\Windows\avastSS.scr
2015-10-19 12:43:35 -------- d-----w- C:\Program Files\AVAST Software
2015-10-19 12:35:29 -------- d-----w- C:\ProgramData\AVAST Software
2015-10-15 12:45:43 -------- d-----w- C:\Program Files (x86)\Audacity
2015-10-14 13:30:42 -------- d-----w- C:\SFCFix
2015-10-13 13:28:35 -------- d-----w- C:\ProgramData\Malwarebytes
2015-10-13 13:27:48 -------- d-----w- C:\Users\yojax\AppData\Local\Programs
2015-10-11 13:58:40 -------- d-----w- C:\Users\yojax\AppData\Roaming\WindSolutions
2015-10-11 13:41:54 -------- d-----w- C:\ProgramData\WindSolutions
2015-09-30 12:44:23 -------- d-----w- C:\Users\yojax\AppData\Local\{9EA278D8-CC8A-48D3-BECC-931EDD488D1F}
2015-09-30 12:40:49 -------- d-----w- C:\Users\yojax\AppData\Local\{6AB982DE-4DDB-4CA2-9550-2B3E92DB25DC}
.
==================== Find3M ====================
.
.
============= FINISH: 13:02:14.84 ===============
Attached Files
File Type: txt attach.txt (9.3 KB, 25 views)
File Type: txt dds.txt (17.4 KB, 19 views)
Deanosaurus is offline  
Sponsored Links
Advertisement
 
Old 10-26-2015, 06:32 AM   #4
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Deanosaurus,

You're Welcome. Thanks for the logs.

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Now, let's get started, shall we?

========================================================

We need to uninstall some program.

Press the Windows Key + R on your keyboard at the same time. Type appwiz.cpl and click OK.
Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of program to uninstall:

Hola™ 1.9.624 - Better Internet >>>>> read

==============================================

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
__________________
tekir06 is offline  
Old 10-26-2015, 07:03 AM   #5
Registered Member
 
Join Date: Oct 2015
Posts: 36
OS: Windows 8



Hi Tolga,

Thanks very much for your assistance!

I uninstalled Hola™ 1.9.624 - Better Internet, but the extension is still set up in Google chrome. Do you recommend me removing the extension too?

Please find the FRST and Addition logs below.
Attached Files
File Type: txt Addition.txt (38.4 KB, 20 views)
File Type: txt FRST.txt (38.6 KB, 18 views)
Deanosaurus is offline  
Old 10-27-2015, 12:27 AM   #6
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Deanosaurus,

You're Welcome!

Quote:
Do you recommend me removing the extension too?
Yes please do.

=========================================================

Please do the following.

Download attached fixlist.txt file and save it to the Desktop.

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.

Double-click FRST.exe to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Attached Files
File Type: txt fixlist.txt (1.9 KB, 20 views)
__________________
tekir06 is offline  
Old 10-27-2015, 04:04 AM   #7
Registered Member
 
Join Date: Oct 2015
Posts: 36
OS: Windows 8



Fix result of Farbar Recovery Scan Tool (x64) Version:25-10-2015 02
Ran by yojax (2015-10-27 19:49:38) Run:1
Running from C:\Users\yojax\Desktop
Loaded Profiles: yojax (Available Profiles: yojax)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-3288700551-718339241-87107954-1003 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> C:\Users\yojax\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [2015-09-15] ()
FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\yojax\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [2015-09-15] (Hola)
FirewallRules: [{AB2EAB3F-6B83-4BDC-8865-48D8576D8952}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{35A59640-745E-4CE9-8C0D-9D9937BBD1A8}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [TCP Query User{90EA3F9A-7EFF-47FA-85F6-3F4FC71144D2}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe
FirewallRules: [UDP Query User{BE03AC4C-D006-4A0A-83E4-24C87FC7417D}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe
FirewallRules: [{4058346B-89FE-42F2-8C04-3CFD6968CB3F}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{9B328B60-73CD-4D41-86F8-8E41079BC07A}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{3FF65D26-176F-4256-B097-2B3452DB42D0}] => (Allow) C:\Program Files\Hola\app\hola_svc.exe
FirewallRules: [{9DFF00D3-DADF-4BCE-BF11-5018B21E20A3}] => (Allow) C:\Program Files\Hola\app\hola_svc.exe
FirewallRules: [{00F46797-677B-423A-9CE9-16D0AA874091}] => (Allow) C:\Users\yojax\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [{C319EB8E-8270-45D1-9DC8-87C2C4E9460C}] => (Allow) C:\Users\yojax\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
EmptyTemp:
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKU\S-1-5-21-3288700551-718339241-87107954-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKU\.DEFAULT\Software\MozillaPlugins\@hola.org/FlashPlayer" => key removed successfully
C:\Users\yojax\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll => moved successfully
"HKU\.DEFAULT\Software\MozillaPlugins\@hola.org/vlc" => key removed successfully
C:\Users\yojax\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AB2EAB3F-6B83-4BDC-8865-48D8576D8952} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{35A59640-745E-4CE9-8C0D-9D9937BBD1A8} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{90EA3F9A-7EFF-47FA-85F6-3F4FC71144D2}C:\program files\vuze\azureus.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BE03AC4C-D006-4A0A-83E4-24C87FC7417D}C:\program files\vuze\azureus.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4058346B-89FE-42F2-8C04-3CFD6968CB3F} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9B328B60-73CD-4D41-86F8-8E41079BC07A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3FF65D26-176F-4256-B097-2B3452DB42D0} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9DFF00D3-DADF-4BCE-BF11-5018B21E20A3} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{00F46797-677B-423A-9CE9-16D0AA874091} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C319EB8E-8270-45D1-9DC8-87C2C4E9460C} => value removed successfully
EmptyTemp: => 6.3 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 19:53:57 ====
Deanosaurus is offline  
Old 10-27-2015, 04:41 AM   #8
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Deanosaurus,

Thanks for the log. Please do the following steps. Then tell me, how is the machine behaving now? What problems do you still have?

STEP 1

Please download Malwarebytes Anti-Malware and save it to your desktop.

Double-click mbam-setup-2.2.0.1024.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
At the end of the installation, a database update will be performed.
Click on Scan Now.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

Posting the Malwarebytes log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

=========================================================

STEP 2

Please go to Start > Control Panel > Programs and Features and remove the above Java program(s) installed.
Next, download the latest Java, version 8 Update 65 from the following link

Download Free Java Software

=========================================================

STEP 3


Please go HERE then click on: Run Eset Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

Select the option YES, I accept the Terms of Use then click on Start buton.
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan Archives
  • Enable Anti-Stealth Technology
Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
Tick all the boxes that correspond to your external/inserted drives.
Click Start. The virus signature database will begin to download. This may take some time.
Wait for the scan to finish.
When completed, click on Finish.
When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
Save that text file to your desktop, and then copy/paste the contents in your next reply.

========================================================

I need to see in your next post:

  • MBAM Log
  • ESET Log
__________________
tekir06 is offline  
Old 10-27-2015, 07:55 AM   #9
Registered Member
 
Join Date: Oct 2015
Posts: 36
OS: Windows 8



Tolga,

to answer your first question - my machine still has limited internet connectivity in windows update and iTunes.

STEP 1 - I had previously already ran Malwarebytes, but I went ahead and reinstalled it and ran the scan again. The log is attached to this message.

STEP 2 - I uninstalled my current Java software. Then tried to reinstall via the link you sent me. Strangely, the installer wouldn't work. Quote: "The installer cannot proceed with current internet connection settings." I assume this is related to my problem. I was eventually able to install it via the offline installer with no problems.

STEP 3 - I began running the online scanner but unfortunately don't have enough time today to finish the scan. I will complete the full scan tomorrow and will post the logs ASAP.
Attached Files
File Type: txt Malwarebytes Scan 27.10.txt (1.0 KB, 21 views)
Deanosaurus is offline  
Old 10-28-2015, 06:51 AM   #10
Registered Member
 
Join Date: Oct 2015
Posts: 36
OS: Windows 8



Threats found via ESET scanner:

C:\Program Files\Vuze\bunndle.zip a variant of Win32/Bunndle potentially unsafe application
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\yojax\AppData\Local\Viber\Helper.dll Win32/Toolbar.SearchSuite.W potentially unwanted application
C:\Users\yojax\AppData\Local\Viber\Uninstall.exe a variant of Win32/Toolbar.SearchSuite.W.gen potentially unwanted application
C:\Users\yojax\Downloads\cbsidlm-cbsi134-Daemon_Tools_Lite-ORG-10778842.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\yojax\Downloads\cbsidlm-cbsi5_3_0_93-Pazera_Free_FLV_to_AVI_Converter-ORG-10786669.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\yojax\Downloads\HSS-2.25-install-anchorfree-232-expatshield (1).exe a variant of Win32/Toolbar.Conduit.AI potentially unwanted application
C:\Users\yojax\Downloads\HSS-2.25-install-anchorfree-232-expatshield.exe a variant of Win32/Toolbar.Conduit.AI potentially unwanted application
C:\Users\yojax\Downloads\ViberSetup.exe Win32/Toolbar.SearchSuite.W potentially unwanted application
C:\Users\yojax\Downloads\WinZip170.exe a variant of Win32/OpenInstall potentially unwanted application
Deanosaurus is offline  
Old 10-29-2015, 05:57 AM   #11
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Deanosaurus,

Thanks for the informations. Please do the following instructions.

Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST.exe

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work

Code:
CreateRestorePoint:
C:\Program Files\Vuze\bunndle.zip
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll
C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll
C:\Users\yojax\AppData\Local\Viber\Helper.dll
C:\Users\yojax\AppData\Local\Viber\Uninstall.exe
C:\Users\yojax\Downloads\cbsidlm-cbsi134-Daemon_Tools_Lite-ORG-10778842.exe
C:\Users\yojax\Downloads\cbsidlm-cbsi5_3_0_93-Pazera_Free_FLV_to_AVI_Converter-ORG-10786669.exe
C:\Users\yojax\Downloads\HSS-2.25-install-anchorfree-232-expatshield (1).exe
C:\Users\yojax\Downloads\HSS-2.25-install-anchorfree-232-expatshield.exe
C:\Users\yojax\Downloads\ViberSetup.exe
C:\Users\yojax\Downloads\WinZip170.exe
EmptyTemp:
Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
tekir06 is offline  
Old 10-29-2015, 06:35 AM   #12
Registered Member
 
Join Date: Oct 2015
Posts: 36
OS: Windows 8



Fix result of Farbar Recovery Scan Tool (x64) Version:25-10-2015 02
Ran by yojax (2015-10-29 22:27:43) Run:2
Running from C:\Users\yojax\Desktop
Loaded Profiles: yojax (Available Profiles: yojax)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
C:\Program Files\Vuze\bunndle.zip
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll
C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll
C:\Users\yojax\AppData\Local\Viber\Helper.dll
C:\Users\yojax\AppData\Local\Viber\Uninstall.exe
C:\Users\yojax\Downloads\cbsidlm-cbsi134-Daemon_Tools_Lite-ORG-10778842.exe
C:\Users\yojax\Downloads\cbsidlm-cbsi5_3_0_93-Pazera_Free_FLV_to_AVI_Converter-ORG-10786669.exe
C:\Users\yojax\Downloads\HSS-2.25-install-anchorfree-232-expatshield (1).exe
C:\Users\yojax\Downloads\HSS-2.25-install-anchorfree-232-expatshield.exe
C:\Users\yojax\Downloads\ViberSetup.exe
C:\Users\yojax\Downloads\WinZip170.exe
EmptyTemp:
*****************

Restore point was successfully created.
C:\Program Files\Vuze\bunndle.zip => moved successfully
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll => moved successfully
"C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll" => not found.
C:\Users\yojax\AppData\Local\Viber\Helper.dll => moved successfully
C:\Users\yojax\AppData\Local\Viber\Uninstall.exe => moved successfully
C:\Users\yojax\Downloads\cbsidlm-cbsi134-Daemon_Tools_Lite-ORG-10778842.exe => moved successfully
C:\Users\yojax\Downloads\cbsidlm-cbsi5_3_0_93-Pazera_Free_FLV_to_AVI_Converter-ORG-10786669.exe => moved successfully
C:\Users\yojax\Downloads\HSS-2.25-install-anchorfree-232-expatshield (1).exe => moved successfully
C:\Users\yojax\Downloads\HSS-2.25-install-anchorfree-232-expatshield.exe => moved successfully
C:\Users\yojax\Downloads\ViberSetup.exe => moved successfully
C:\Users\yojax\Downloads\WinZip170.exe => moved successfully
EmptyTemp: => 165.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 22:28:41 ====
Deanosaurus is offline  
Old 10-30-2015, 03:10 PM   #13
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Deanosaurus,

Please do the following.

Please download TDSSKiller here or here. to the desktop.
Right-click on TDSSKiller.exe and select Run as Administrator to start the program and follow the prompts.
Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
If a suspicious file is detected, the default action will be Skip, click on Continue.
Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
Copy and paste its contents in your next reply.
__________________
tekir06 is offline  
Old 11-01-2015, 04:38 PM   #14
Registered Member
 
Join Date: Oct 2015
Posts: 36
OS: Windows 8



Here is the report from tdsskiller: no threats found. (log is very big so it's split between two posts)

09:09:14.0897 0x049c TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
09:09:14.0897 0x049c UEFI system
09:09:49.0197 0x049c ============================================================
09:09:49.0197 0x049c Current date / time: 2015/11/02 09:09:49.0197
09:09:49.0197 0x049c SystemInfo:
09:09:49.0197 0x049c
09:09:49.0197 0x049c OS Version: 6.2.9200 ServicePack: 0.0
09:09:49.0197 0x049c Product type: Workstation
09:09:49.0197 0x049c ComputerName: DEANOSAURUS
09:09:49.0197 0x049c UserName: yojax
09:09:49.0197 0x049c Windows directory: C:\Windows
09:09:49.0197 0x049c System windows directory: C:\Windows
09:09:49.0197 0x049c Running under WOW64
09:09:49.0197 0x049c Processor architecture: Intel x64
09:09:49.0197 0x049c Number of processors: 4
09:09:49.0197 0x049c Page size: 0x1000
09:09:49.0197 0x049c Boot type: Normal boot
09:09:49.0197 0x049c ============================================================
09:09:50.0003 0x049c KLMD registered as C:\Windows\system32\drivers\72958488.sys
09:09:50.0487 0x049c System UUID: {204F1664-2A1D-4E6A-4870-CAE04EDA5924}
09:09:51.0393 0x049c Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:09:51.0393 0x049c ============================================================
09:09:51.0393 0x049c \Device\Harddisk0\DR0:
09:09:51.0393 0x049c GPT partitions:
09:09:51.0393 0x049c \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {E27B44AF-B24E-45C5-B735-73365F2C6E9F}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
09:09:51.0393 0x049c \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {D980C85E-4F6D-47D2-B12E-395C960C2FE2}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x82000
09:09:51.0393 0x049c \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {EC637D0C-C8E7-4D4F-8512-33AC5CE258A7}, Name: Microsoft reserved partition, StartLBA 0x14A800, BlocksNum 0x40000
09:09:51.0393 0x049c \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {445AE037-3638-440F-A298-BA8EC55121F4}, Name: Basic data partition, StartLBA 0x18A800, BlocksNum 0x54C8D000
09:09:51.0393 0x049c \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {7B15B394-4EFE-489B-8133-2AAF19A88F7E}, Name: Basic data partition, StartLBA 0x54E17800, BlocksNum 0x272B800
09:09:51.0393 0x049c MBR partitions:
09:09:51.0393 0x049c ============================================================
09:09:51.0425 0x049c C: <-> \Device\Harddisk0\DR0\Partition4
09:09:51.0472 0x049c D: <-> \Device\Harddisk0\DR0\Partition5
09:09:51.0472 0x049c ============================================================
09:09:51.0472 0x049c Initialize success
09:09:51.0472 0x049c ============================================================
09:10:54.0920 0x07e4 ============================================================
09:10:54.0920 0x07e4 Scan started
09:10:54.0920 0x07e4 Mode: Manual; SigCheck; TDLFS;
09:10:54.0920 0x07e4 ============================================================
09:10:54.0920 0x07e4 KSN ping started
09:10:57.0920 0x07e4 KSN ping finished: true
09:10:59.0311 0x07e4 ================ Scan system memory ========================
09:10:59.0311 0x07e4 System memory - ok
09:10:59.0311 0x07e4 ================ Scan services =============================
09:10:59.0467 0x07e4 [ E890C46E4754F0DF51BAFCC8D2E07498, E620D03030F3B65442E0A5CB8B59016A6E8DB3BCA52741977B8897B34438E902 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
09:10:59.0639 0x07e4 1394ohci - ok
09:10:59.0654 0x07e4 [ 4F18D4C7EA14F11A7211F60D553C03DB, 09AB6D2D8E9B7B6D6A97708551C0E4B34538947A15EA2A69C11764D7BC0BB7F6 ] 3ware C:\Windows\system32\drivers\3ware.sys
09:10:59.0701 0x07e4 3ware - ok
09:10:59.0733 0x07e4 [ 899B7E724BF19F17978B6A37B864A277, F7D166DC5F7642D4B834B1E0D956929BA94F3E4D402989FC1A681A08FA1F86B6 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
09:10:59.0764 0x07e4 Accelerometer - ok
09:10:59.0826 0x07e4 [ 975AABEB243B800C23626D6B652C5A9C, FB02336F26AF10BA2A0D1B97C33CB1D78BB90CA51EF008A613A0274779798FAD ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:10:59.0873 0x07e4 ACPI - ok
09:10:59.0904 0x07e4 [ DC968C37822117E576B933F34A2D130C, 4C94E00ADC242296D7CBBFC7346D5F9AE5FE1B0C616ECA3BDE10A7B34FD2040B ] acpiex C:\Windows\system32\Drivers\acpiex.sys
09:10:59.0967 0x07e4 acpiex - ok
09:10:59.0998 0x07e4 [ 0CA9F7C3A78227C21A0A7854E245CFB2, D54147C9C1EE2F0098B863B0852E027DB89D6FA67F6B7FD54F609D9715A11442 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
09:11:00.0076 0x07e4 acpipagr - ok
09:11:00.0076 0x07e4 [ 8EB8DA03B142D3DD1EB9ED8107A76C43, 24B9B24F9A5BDF3AAD13C4EE0638497D9CA4A100096C6EAE403E0215EA89C439 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
09:11:00.0170 0x07e4 AcpiPmi - ok
09:11:00.0201 0x07e4 [ CBCE725C5D86ABA7D2604E22951AA9B8, DE0440F0E943F057EBCD01DB4B1E12DBC241FBF03C42021306D322AB88FF8F21 ] acpitime C:\Windows\System32\drivers\acpitime.sys
09:11:00.0264 0x07e4 acpitime - ok
09:11:00.0373 0x07e4 [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:11:00.0389 0x07e4 AdobeARMservice - ok
09:11:00.0420 0x07e4 [ 93C6388592B99925C1D1576E465BC80F, 4C48BE5471DA4788357D71E90DFEA20FE320C7AAE1F4C55AFBE2E46FEA5CF8FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:11:00.0467 0x07e4 adp94xx - ok
09:11:00.0483 0x07e4 [ D27763E0247292654E7F7D16444C7C72, 0314C713D31E2B34F215B52F804F014D876E6ED92DC656CC3E27920CCD36CF0E ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:11:00.0529 0x07e4 adpahci - ok
09:11:00.0576 0x07e4 [ 67B90070FF48F794AF19F9FCF0080D75, 5D0D352606D58D2CA0814F38EF7B1774C030BE44353DF5910CBFAAF4FDE64ED6 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:11:00.0639 0x07e4 adpu320 - ok
09:11:00.0701 0x07e4 [ 974AE60BF5B90E31412D93596C968E5B, 092B59C2B67C4618E7B1800615D1DF7199482F60D0D27BD91763F7F8D7FC883F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:11:00.0764 0x07e4 AeLookupSvc - ok
09:11:00.0811 0x07e4 [ 36D6A3201721558A8AFBCC09C2DA4C2C, 66BBD6F2267A6418625D54F114B87248590E48C182085B3F43AEF585554F4A17 ] AFD C:\Windows\system32\drivers\afd.sys
09:11:00.0904 0x07e4 AFD - ok
09:11:00.0920 0x07e4 [ 01590377A5AB19E792528C628A2A68F9, F3A4B6CA4E8D4436E44E36D7F7EEF3DC861D1EE50D41F4273226C4ED95674B84 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:11:00.0967 0x07e4 agp440 - ok
09:11:01.0014 0x07e4 [ D1BE8E6E5B3AF23A4393AF1BF867977A, B3AE97D35A9304198715D76F6C3F0545AA176FDEBA6C2055782558B11DFA14EB ] ALG C:\Windows\System32\alg.exe
09:11:01.0061 0x07e4 ALG - ok
09:11:01.0092 0x07e4 [ 025E8C755BE293E50854D26D1BBE5133, 4373639689306A3D8FE0F862072711BAD5DBAA45E105CD3129586439A90EE070 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
09:11:01.0201 0x07e4 AllUserInstallAgent - ok
09:11:01.0233 0x07e4 [ 5A81054B824004B1ECC04F0034A1CDF9, 73A1986A4B346C425157216EBF16CC90EFFC642EDF6109E6364CF0552E3388FD ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
09:11:01.0326 0x07e4 AmdK8 - ok
09:11:01.0358 0x07e4 [ B849D453E644FAB9BC8EF6DC8CA9C4C6, B803CDA478D3385937C44CBB05A0E65ABACEFEBA682975787C44E2904FB89D2D ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
09:11:01.0436 0x07e4 AmdPPM - ok
09:11:01.0467 0x07e4 [ 35A0EB5AECB0FA3C41A2FB514A562304, 737783ABF348288471AC7051D4DC6CB336D686C94EC7B8938DCA74AFE9BECB1C ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:11:01.0514 0x07e4 amdsata - ok
09:11:01.0545 0x07e4 [ 00452671904F5EE94B50BF0219C97164, 99F9B86D3DB3E10B014120A63CD43CBAAB22C8E38851090ABE37D89ABD61F7B6 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
09:11:01.0608 0x07e4 amdsbs - ok
09:11:01.0639 0x07e4 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7, DC0B8B798720F5F75F8AFD3383CF69194282AEEE84DCACB97382F4C86E1D3E49 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:11:01.0670 0x07e4 amdxata - ok
09:11:01.0717 0x07e4 [ 823F34D1DEF120A657BB7529ABF4461F, C56D6614F6B3DA13DF7F6AC6B70ACA39D1DB146F7324CF96029CA038C3063DB3 ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
09:11:01.0779 0x07e4 AppHostSvc - ok
09:11:01.0811 0x07e4 [ 83B3682CE922FB0F415734B26D9D6233, 9102E8B410BB1AE426770896B6AB584D1F02830337FBB2DEC182F3F19832F35F ] AppID C:\Windows\system32\drivers\appid.sys
09:11:01.0904 0x07e4 AppID - ok
09:11:01.0936 0x07e4 [ CE2BEAD7F31816FF0AC490D048C969F9, 7D24C5A9E8F7C21CC6D8BF2CA29A8B79DDE7EEDE2F37D36B9071ECE1CF61371F ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:11:01.0983 0x07e4 AppIDSvc - ok
09:11:02.0029 0x07e4 [ 4F750B7EFCB6520AE01E01D082D7D476, AD2A67D727A1D4DD0BBACC6B4BB432FA9A14D50D8BA292B95A4747CEC9F85728 ] Appinfo C:\Windows\System32\appinfo.dll
09:11:02.0061 0x07e4 Appinfo - ok
09:11:02.0139 0x07e4 [ 6EB87FDB59AABF6D19C927492DEA0D36, 36168F8CC75D16917A30FA1FACF57659BC2ADF870D20DEE93F851D5348E605BB ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:11:02.0170 0x07e4 Apple Mobile Device Service - ok
09:11:02.0186 0x07e4 [ E933401B392387F4BE34DE8BAF1722A7, 57CC6DE31E2C82D2B12509F0A5EC9EC70DD2EF6A1F31A66ADF62DC6AE0A67323 ] arc C:\Windows\system32\drivers\arc.sys
09:11:02.0233 0x07e4 arc - ok
09:11:02.0264 0x07e4 [ 07CA323EF2E8247A568AB0F3662AD644, 1224B41193F0E9B164732BA5BF707A13427C82C1D8C3EDC2AAE5C5C75454B9F6 ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:11:02.0311 0x07e4 arcsas - ok
09:11:02.0436 0x07e4 [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:11:02.0483 0x07e4 aspnet_state - ok
09:11:02.0514 0x07e4 [ 30E7D7B63BE378C6DCD31434E1C5EBEB, 6F38FBD6B45506E57D4EC6C84C83F0829F280167E14B65643F583B41AA23C18B ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
09:11:02.0561 0x07e4 aswHwid - ok
09:11:02.0576 0x07e4 [ 6C3B7781075271AD9DFBD77BC7FBB9F7, AC53FD0EE1D7695219225440D3922EEF0B953F45F0ED3034CF5F1630A6B40607 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
09:11:02.0623 0x07e4 aswMonFlt - ok
09:11:02.0655 0x07e4 [ 3C04B80B49697EB7DFE5FA43620F8728, 4BC11901898348318BA807938BEA888BC54FE80ADA17C209C728F14EA4E91F21 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
09:11:02.0686 0x07e4 aswRdr - ok
09:11:02.0701 0x07e4 [ AA8CB23B3B4A4B16F49CB54CA04FE0D9, A94D214B43EDAEC52656EA36C2A830E76C40B90E8F4BABEF4F16BA679A429586 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
09:11:02.0764 0x07e4 aswRvrt - ok
09:11:02.0842 0x07e4 [ E40965585B901AA60AF26279E09959E0, F3EACB4F1E78903D648DE75CC01642BFACA76C0605A6831EC24201292891B5DE ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
09:11:02.0936 0x07e4 aswSnx - ok
09:11:02.0983 0x07e4 [ B54E400C1B044D6D7D9EF95BA865741E, C929B53F53EFD15D3EE64FED23686A01F77E8F7BC74623D02D10D4CFEC3D6BF2 ] aswSP C:\Windows\system32\drivers\aswSP.sys
09:11:02.0998 0x07e4 aswSP - ok
09:11:03.0014 0x07e4 [ 0652346DF90731A87E4C7C9A9C45A8E0, 38B8A760B532254A8CB2FD6B922269A1B96BB5E5F243D130B4BBD09ED50DEDB8 ] aswStm C:\Windows\system32\drivers\aswStm.sys
09:11:03.0030 0x07e4 aswStm - ok
09:11:03.0045 0x07e4 [ 54230972D23E6E4D034D7CB577DC784C, 7F51E81CBAFB143982AF2C68675CF0D46DD17A9A17A8805EBF628FAE84DFF8A9 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
09:11:03.0092 0x07e4 aswVmm - ok
09:11:03.0108 0x07e4 [ 74DBAEC35366C4EE7670428808715A6A, 3B3A7A81CD8038C4750560B94A9247C4409410780B312BA71EDF2E393DCA7474 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:11:03.0186 0x07e4 AsyncMac - ok
09:11:03.0217 0x07e4 [ A721FF570C2387E383BDDEA9632863C9, 45DD7787F44A2C742560FEB03AB66910C2F0002D95BB02C55EEDE973AA92AD24 ] atapi C:\Windows\system32\drivers\atapi.sys
09:11:03.0264 0x07e4 atapi - ok
09:11:03.0295 0x07e4 [ BCD7A47EF587DC00DD61D12D9C2D1E44, 95BC9AC8BA8A86DB5C7A6317002BD9872F193B401A0C58DF252DCF3D4A7541E2 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
09:11:03.0373 0x07e4 AudioEndpointBuilder - ok
09:11:03.0420 0x07e4 [ 599B3F685A263A114FFAF3BE29C49C75, 579E9561BA8537888E061E303F3F89E2E6F8B8DED74369C3767DB10B35CD45E8 ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:11:03.0467 0x07e4 Audiosrv - ok
09:11:03.0561 0x07e4 [ 11120878E5276B367E1A10FF8C9B595B, 7C02EEF3733307C31BAC4DA9975EC017AC40D0893D88228C30FFAA536DAA73FB ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
09:11:03.0576 0x07e4 avast! Antivirus - ok
09:11:03.0608 0x07e4 [ 89491EF71D5EA011127832C588002853, 05620E4235956D8446FB9604F930738C8AA97E3A74C907E37F7CC08B8EDA0461 ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:11:03.0639 0x07e4 AxInstSV - ok
09:11:03.0686 0x07e4 [ 87AB5BB072A3F128541D5B815F82FFDD, 186AF33D3DE90638C3E165CAC3DA17295E8A80CDB523F9BE4AF7D38CA6954905 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
09:11:03.0748 0x07e4 b06bdrv - ok
09:11:03.0795 0x07e4 [ 81703BC5D68DEDBB086C2368FBE7B334, CFD4A55C8045C482F8D410514F3211AEFA00097AB395F5A04BFE983ED6254F6B ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
09:11:03.0905 0x07e4 BasicDisplay - ok
09:11:03.0936 0x07e4 [ 5EC68164E14D25675C98BBB5F09E8606, 1D7EDB21C87039FC5F39F46460AD852BC4EC6B179B1C205D189DD3C397343435 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
09:11:03.0983 0x07e4 BasicRender - ok
09:11:04.0030 0x07e4 [ 89143A7BA7850F5C7E61B43BB44B6418, 00BB781DF87D4FF1BAFD318AFE237296B4F5925023BA4486405EC0A384C88D8F ] BDESVC C:\Windows\System32\bdesvc.dll
09:11:04.0076 0x07e4 BDESVC - ok
09:11:04.0108 0x07e4 [ 9E7AEA59776D904607985AFFE7E5E183, C3DB745A9F4DA7CB9628A7913DD52B2444B14FEB9D588FF6558CF52CEB8955EB ] Beep C:\Windows\system32\drivers\Beep.sys
09:11:04.0170 0x07e4 Beep - ok
09:11:04.0233 0x07e4 [ 73133A0C0CA63817BFF2CB9DE65B64E7, 2EA10882AE4DA5A241C183624701DED4FBFFA8EF39C9E9AC7D5DA4A114DD309E ] BFE C:\Windows\System32\bfe.dll
09:11:04.0295 0x07e4 BFE - ok
09:11:04.0373 0x07e4 [ D598C44A7072D3108D8D8102EC5E07F7, D7472E9BAAB7B6E1D30F4E153412E2A16EE5C08DE2BF8BFF4D65089825226FE0 ] BITS C:\Windows\System32\qmgr.dll
09:11:04.0717 0x07e4 BITS - ok
09:11:04.0889 0x07e4 [ 72F3E18258F608C0D636BD82BA3EE5B6, 26D9749B8C7091ED1EB76F51F2A4EE9AC5B03B07CEC073270524158D5955EFB3 ] BlueSoleilCS C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
09:11:04.0936 0x07e4 BlueSoleilCS - ok
09:11:05.0014 0x07e4 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:11:05.0030 0x07e4 Bonjour Service - ok
09:11:05.0045 0x07e4 [ B17AC10B47C7FCB44D22A1F06415840E, 990D6F629D93F4F913D218ACE5187A26DCB762BAFB2BB279CCE8CAF2755D85A5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:11:05.0123 0x07e4 bowser - ok
09:11:05.0170 0x07e4 [ 038FA1B55531E7020DB705B42FCCE373, 023E87E3204D64890D6FEA78E762E5BC5BD0A59325EBC264834727779EEEDBC5 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
09:11:05.0233 0x07e4 BrokerInfrastructure - ok
09:11:05.0264 0x07e4 [ 310068BDA80B1D55C36580FD8A873FAF, A75412FF1F483461F526E9A359DCEECA5E683441514464D5ED82D1A9740D583E ] Browser C:\Windows\System32\browser.dll
09:11:05.0311 0x07e4 Browser - ok
09:11:05.0342 0x07e4 [ CC27DC2E3F2768FB485AAC93F0F82E96, 7231EB19DA005ED2764F3177C10F6BBB0090EB2B9B441D1FB0349BBC65B78847 ] BsHelpCS C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
09:11:05.0358 0x07e4 BsHelpCS - ok
09:11:05.0389 0x07e4 [ 34AAF6FD68B8403E76F0D08A8C1C1DA3, 2255F88C04E89AA80231B67287D81271DC226007F01CFCB55EB1EBF640C6FCF5 ] BtAudioBusSrv C:\Windows\System32\Drivers\BtAudioBus.sys
09:11:05.0452 0x07e4 BtAudioBusSrv - ok
09:11:05.0498 0x07e4 [ 6695200F455E251F0BCC9CE4D0978D59, 4DB2F967E449581A9330EF43E794B45B93581564B20C5B991FC1EC665A640D69 ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
09:11:05.0578 0x07e4 BthAvrcpTg - ok
09:11:05.0609 0x07e4 [ A8B20D852B07AE19A13B5D47EC4E4C3B, 86571C9E2BA15BB169CAB2D24C4D0598154C02FD173638CAFC685A7F6B09472D ] BthEnum C:\Windows\System32\drivers\BthEnum.sys
09:11:05.0687 0x07e4 BthEnum - ok
09:11:05.0718 0x07e4 [ 616EB8748C988AEE98D93DA141C3D3B4, 15A055B0496BDB29CBCF6EEBF112D4BA1C7A2FF39124728830D0FD1FD7A404CB ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
09:11:05.0828 0x07e4 BthHFEnum - ok
09:11:05.0874 0x07e4 [ DCB4EBD928A6FB368BE6CAE522412DE1, 9E1345F29467054689B9F48B5CCB567760D36610A4EA9AF41B829EAD60347269 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
09:11:05.0937 0x07e4 bthhfhid - ok
09:11:05.0984 0x07e4 [ CE3921CC0814574A699628776B3AE301, 63FF436E5FB3D3FF83191191425F124E5F8551E33F3AC222495EC2E39E44E63F ] BthL2caScoIfSrv C:\Windows\System32\Drivers\BtL2caScoIf.sys
09:11:06.0015 0x07e4 BthL2caScoIfSrv - ok
09:11:06.0046 0x07e4 [ 42201C346F0B8C458E1E9CDE04D68A2C, 6168FD0D10CD06B00B5C79D5D2B5C353AAC22FD99CE8D417DDBA33ED63CFB8BF ] BthLEEnum C:\Windows\system32\DRIVERS\BthLEEnum.sys
09:11:06.0125 0x07e4 BthLEEnum - ok
09:11:06.0171 0x07e4 [ 033916CE8784A848B9A3D686B7F66D97, B4D0514D59646CF6B70D4FA488CF95C38EA38CC5C509329CC8753E897C640AFA ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
09:11:06.0250 0x07e4 BTHMODEM - ok
09:11:06.0296 0x07e4 [ 091BB978E9504D0AD14586929431A957, ACED02B879026A228E35F40847C210BC30A5AFC948FFE922DB21663E4A8DFF1D ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
09:11:06.0390 0x07e4 BthPan - ok
09:11:06.0484 0x07e4 [ 13795CAA34239D97A7211E7F9D96E012, C4F3402B063A7CFCE386D1AE9255975A199164BA9E7DCDB6129725213A0642B1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
09:11:06.0578 0x07e4 BTHPORT - ok
09:11:06.0609 0x07e4 [ A4387C3D271959313E2577DB7BE8BA7A, C71474802102102EBE04DF036EEB2F5FB3380BE288E3842F19F234EFAE977D70 ] bthserv C:\Windows\system32\bthserv.dll
09:11:06.0640 0x07e4 bthserv - ok
09:11:06.0687 0x07e4 [ 1F715957F5236D30B6020A19A4271F6A, C06B637C2C6919E2DE1055AE249AE3EAF7B4890799F22BF5757CC10CEF145043 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
09:11:06.0734 0x07e4 BTHUSB - ok
09:11:06.0765 0x07e4 [ 6F9C5E08B53E9AB0C1AE380B87F41A9C, 3B6565E6463168C8FCAE631D569167F79E9DD53D8850760920A5ADE018040312 ] btUrbFilterDrv C:\Windows\System32\Drivers\IvtUrbBtFlt.sys
09:11:06.0812 0x07e4 btUrbFilterDrv - ok
09:11:06.0843 0x07e4 [ 990B1BABE6E81FB18E65A87EBEFB1772, 1820D4AC57E1D4B7FB5AA89C277B16910ED73712878D2B43FE542CE16DFE16C3 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:11:06.0921 0x07e4 cdfs - ok
09:11:06.0953 0x07e4 [ 339BFF85D788268752DA8C9644B188EE, C2279F1A39AED39865A5027D2FD087F8E82F3ED8C94BA4D922855B98E792AFC5 ] cdrom C:\Windows\System32\drivers\cdrom.sys
09:11:07.0015 0x07e4 cdrom - ok
09:11:07.0046 0x07e4 [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] CertPropSvc C:\Windows\System32\certprop.dll
09:11:07.0203 0x07e4 CertPropSvc - ok
09:11:07.0234 0x07e4 [ F64B7D1A37CC1D5F421D5359EEC81E2E, 2B4879DD32B2C20B94847755E22B1BCBE2B567B3989C57A9BA2DD783307EFFDB ] circlass C:\Windows\System32\drivers\circlass.sys
09:11:07.0328 0x07e4 circlass - ok
09:11:07.0359 0x07e4 [ 9905168708DB68849B879B5548F68AB3, B7A495E57B9398704988DC472126CBC5B8D76761A34F51732FBF6CC88E3AB79A ] CLFS C:\Windows\system32\drivers\CLFS.sys
09:11:07.0406 0x07e4 CLFS - ok
09:11:07.0437 0x07e4 [ 39F71BF21E7F8EBE9B4810BC95EE26D6, 6134013F918D41A1AA8C814217A272F2C428FA3FE97DB66501FA50A488B0C991 ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
09:11:07.0468 0x07e4 clwvd - ok
09:11:07.0500 0x07e4 [ 2DC8538A2260647484A6C921CA837313, 094059DD66B0C50A1CAE288F920107B0B6AD1AA5758284E35B92C131EDEA30EA ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
09:11:07.0593 0x07e4 CmBatt - ok
09:11:07.0656 0x07e4 [ E708BFF0473EC6B271EA46B65B16CA56, 2B4C661F7C5A4395CA4204122A1C3C8AA766B56C3D01CD8BAAFA18F71FC7B591 ] CNG C:\Windows\system32\Drivers\cng.sys
09:11:07.0734 0x07e4 CNG - ok
09:11:07.0765 0x07e4 [ 0E5B1E9E7122EDAAF1F6CE047965CA92, 803E585B92D1E2E5B6BF67BE511E88DC2629A12407C3E30F7AEFB544D390A9B8 ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
09:11:07.0843 0x07e4 CompositeBus - ok
09:11:07.0843 0x07e4 COMSysApp - ok
09:11:07.0875 0x07e4 [ D9CB0782AF819548072AA45B70F8B22D, 04796F39ABB88759A534DE3D0C51F684BF2A8DE1F4028B657CCFDBDD39A6618C ] condrv C:\Windows\system32\drivers\condrv.sys
09:11:07.0922 0x07e4 condrv - ok
09:11:08.0031 0x07e4 [ DA8066CFED07DEBECB8DC08A55946ACE, 094AF4E198AACCB22F8FEA1DF0D7D8A4626BE3D2C3AE5310C47281998B84AB12 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
09:11:08.0125 0x07e4 cphs - ok
09:11:08.0172 0x07e4 [ 5CE2742F063731EC10C1B2EE386A2C08, 309919BDDD4649AFB95A99DCF8AFC3BAE10F9BC1E2819C0794CFD0F80682C223 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:11:08.0234 0x07e4 CryptSvc - ok
09:11:08.0265 0x07e4 [ C4D01BD86D6B207275FC143EEA951D75, D36F7BBE0DB3EAD0C74DE5E6622C89D4568760D8735B6E191AD30990EA8018DC ] dam C:\Windows\system32\drivers\dam.sys
09:11:08.0296 0x07e4 dam - ok
09:11:08.0390 0x07e4 [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:11:08.0437 0x07e4 DcomLaunch - ok
09:11:08.0468 0x07e4 [ C8650D1F61149AA546BDBC99172EBBC1, D9592ED1B6F23B6EC76A0B93635B6E38702311B0A6982F0F9DEC37FCDAF1288B ] defragsvc C:\Windows\System32\defragsvc.dll
09:11:08.0531 0x07e4 defragsvc - ok
09:11:08.0562 0x07e4 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16, ADAC7FD6AC12B50F4998C5EB0BD770DD4B80A94C4CC1B9376AD77648E48D012D ] DeviceAssociationService C:\Windows\system32\das.dll
09:11:08.0593 0x07e4 DeviceAssociationService - ok
09:11:08.0625 0x07e4 [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
09:11:08.0656 0x07e4 DeviceInstall - ok
09:11:08.0703 0x07e4 [ 09D9EB9E7898F8E6561473A20CC808B9, 0F511593D36084843E5138AF6D55FE08D77803968AE12A236A02368DB364347E ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
09:11:08.0781 0x07e4 Dfsc - ok
09:11:08.0812 0x07e4 [ 6060106CE00F32F63F1A73160E46E9D2, E7E14E759F30916BAF1AF4CF459FCFD55D308C44173A6131D1323FAD8A5259A9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
09:11:08.0843 0x07e4 dg_ssudbus - ok
09:11:08.0906 0x07e4 [ 9E0E72222264745ADEB0E5AC680B0ED6, 576AFC8741695396A3B8E9DBDD3703E9D70370437D09D162262E47A140D101B4 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:11:08.0984 0x07e4 Dhcp - ok
09:11:09.0000 0x07e4 [ 3C736FAE17BA6F91BA37594AAB139CD0, 34304A194105B19E7ADD80108DC85C3B7AA9E942C84A7EF93C475CE1D9AE4615 ] discache C:\Windows\system32\drivers\discache.sys
09:11:09.0062 0x07e4 discache - ok
09:11:09.0093 0x07e4 [ 560495FF4CA22E1D9B1972FA18F43B6F, 41FFDD4C1097AA857A8177E34F101A1A9C1429A4E8DEC3D395C6135A9E112CD6 ] disk C:\Windows\system32\drivers\disk.sys
09:11:09.0125 0x07e4 disk - ok
09:11:09.0172 0x07e4 [ 82A7C72593793FE1EADA7A305BD1567A, 75F432E4C75AE9EFF553BD860B3B250853BDDA85C17DBD9B7242D74593506A86 ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
09:11:09.0250 0x07e4 dmvsc - ok
09:11:09.0297 0x07e4 [ 066B9710B36AB550E01EEFCA52155968, DCA9F3F4856A6866D3F5A2EEE34E96A83F40198DB0B5AC6381A7568DE1F56FAB ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:11:09.0359 0x07e4 Dnscache - ok
09:11:09.0375 0x07e4 [ 9949AD2ABA168A618D46C799D6CC898C, DFAC86A0AEE83C9EFE1BEE9EC15C8CAF1D619D55AF3ACC3986057A5AC985D06A ] dot3svc C:\Windows\System32\dot3svc.dll
09:11:09.0422 0x07e4 dot3svc - ok
09:11:09.0437 0x07e4 [ 109FC3F80BF4F4DC5A071058074F13C1, F30736F45BA1811D59E9CB1C172D8D1EA9F5A7D36DCFFBFC9E7E02448C1CF851 ] DPS C:\Windows\system32\dps.dll
09:11:09.0453 0x07e4 DPS - ok
09:11:09.0500 0x07e4 [ 9C7C183F937951AE17C5B8B3259CF3FF, 8ED607139F15D08B4835ACF864421BA4C08C88FE90B9AAF707F5D8514D7731B1 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:11:09.0547 0x07e4 drmkaud - ok
09:11:09.0672 0x07e4 [ CB7A9D3C7B5A49B3904B9C415204533F, 5AD535902F28DB481DC12C49E900A0E5C7FA15D7747D0C0351332523F66D0330 ] Ds3Service C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe
09:11:09.0703 0x07e4 Ds3Service - ok
09:11:09.0734 0x07e4 [ F87F4AAAF6664906248D11D5E579A53B, F283932F68ED93891EEF00C18724359AB7057E922A3CDC8BC6F33F84D2B0BEE5 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
09:11:09.0797 0x07e4 DsmSvc - ok
09:11:09.0890 0x07e4 [ 6D1B8A9A2C0BD4851D8AF1AB43E67AD9, 3D348D3EFCA9C2AC25C3D0722FB8F64820936DEFD3926888740442972A0A8189 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:11:09.0968 0x07e4 DXGKrnl - ok
09:11:09.0984 0x07e4 [ 58BA473DD88F5FC1932282BA683AA03E, B8A4407D3006D91BE88F9C5389AC1CACC73BEBF6F66433A1E5EB8E58E8836C12 ] Eaphost C:\Windows\System32\eapsvc.dll
09:11:10.0015 0x07e4 Eaphost - ok
09:11:10.0156 0x07e4 [ 5AB97B3282D7D6114949D1EB5C8598E4, FB9449CC1CDC12C12AA0469BB6ACC770CB011250EDFD86E9600E754610608EFD ] ebdrv C:\Windows\system32\drivers\evbda.sys
09:11:10.0359 0x07e4 ebdrv - ok
09:11:10.0375 0x07e4 [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] EFS C:\Windows\System32\lsass.exe
09:11:10.0422 0x07e4 EFS - ok
09:11:10.0453 0x07e4 [ 66D60BD9A4C05616ABECA2A901475098, 8111550DB03FFD72F1822F47B16F075DA92874B64F19342D7CF60B0EE648AFEF ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
09:11:10.0515 0x07e4 EhStorClass - ok
09:11:10.0547 0x07e4 [ A61D0F543024E458C0FE32352E1978E2, BDE6BC140300EAF790F16466C28897CE0BD7D94DCED13FDE20AA4AACA0F6A4FD ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
09:11:10.0594 0x07e4 EhStorTcgDrv - ok
09:11:10.0640 0x07e4 [ D790D058D67582DB9C84C2D33695FE6B, A5763D7F6D191EA4B290B3E92D842AC36FD46DF598472E70B46E45D8CCD2F912 ] ErrDev C:\Windows\System32\drivers\errdev.sys
09:11:10.0718 0x07e4 ErrDev - ok
09:11:10.0765 0x07e4 [ F9E01C2D9F8BC049E04CF5DC24A5F638, CB6CCB59C77D4A59DDA846608AABEF1DFEC24C8422712AB8D59E27C13D731D2E ] EventSystem C:\Windows\system32\es.dll
09:11:10.0797 0x07e4 EventSystem - ok
09:11:10.0844 0x07e4 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03, 6B0146A4C9AD32DCDC2DEE8E8C5A29F687665458486449E0D37B151ED63B8ADC ] exfat C:\Windows\system32\drivers\exfat.sys
09:11:10.0906 0x07e4 exfat - ok
09:11:10.0937 0x07e4 [ 60996602A7111FD2D086E803F33E4282, E62A91C90F8542990BEA4E6A5D9DD3D070F4EB23B4C13414C5DA2B0219509749 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:11:10.0968 0x07e4 fastfat - ok
09:11:11.0000 0x07e4 [ F0E7F8382ED5E138B0DFA4CB5058BCFE, 6247C7B75F975F5AB080FFB9881EF58A6F360219F7AF2DE871F38E80CAF3B62C ] Fax C:\Windows\system32\fxssvc.exe
09:11:11.0062 0x07e4 Fax - ok
09:11:11.0078 0x07e4 [ 73B2D11DF0B6E03A0CB0323218ACB3E4, BA9256919BAA2E0760F6A658B557FDC389ACE8F9820D1A41FD995FC5613F5AA6 ] fdc C:\Windows\System32\drivers\fdc.sys
09:11:11.0125 0x07e4 fdc - ok
09:11:11.0156 0x07e4 [ 0828E3E7BD77C89149EAD3232BFD38DB, A6A296647A4EDBFF59124E3A9C0AB48759AA1738615ACFA5A454FF6BD3C31BA2 ] fdPHost C:\Windows\system32\fdPHost.dll
09:11:11.0219 0x07e4 fdPHost - ok
09:11:11.0250 0x07e4 [ 872506AAB591E8908DF4461475AF92DF, 772F2D08CB95775E438822B9EA005CBA92ED4071ADAB2C0101156A7D037D4704 ] FDResPub C:\Windows\system32\fdrespub.dll
09:11:11.0281 0x07e4 FDResPub - ok
09:11:11.0312 0x07e4 [ 0588950D93A426F97C7AAADB1A9B0458, ABCB3619BD58CAC438FC032495AE45A7B6FFDD4BD33C1B3D1BC7F9F13FCB727A ] fhsvc C:\Windows\system32\fhsvc.dll
09:11:11.0344 0x07e4 fhsvc - ok
09:11:11.0375 0x07e4 [ 88A9EBACD1058ABB237A6B4E96E7F397, 263D25D33B679EB01D97763701347C31B2F72E28CE2C7EC8013EA77756D98BE1 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:11:11.0406 0x07e4 FileInfo - ok
09:11:11.0422 0x07e4 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02, 1D7BFB00D74A28AC13ECBA1E0036D50EE79266AC02CEDB2632466BF9DD46F211 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:11:11.0500 0x07e4 Filetrace - ok
09:11:11.0547 0x07e4 [ B1D4C168FF7B8579E3745888658FFB1D, 1A5C13E902A0C788A8B995ADD2FBC3303005911C0AA3F3F4497D3016AA0EF583 ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
09:11:11.0625 0x07e4 flpydisk - ok
09:11:11.0672 0x07e4 [ B33EC133AE4E6C1881D2302D93D2467D, 77E3A16257EA3698B3FCD947D004144E8D1EEE48EF5C82DF49B1B9B2B3C61DB2 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:11:11.0734 0x07e4 FltMgr - ok
09:11:11.0844 0x07e4 [ 0BCDC0FF11B984162B0CF0FF6E9E0146, D44A3CECBA36B7A64854E244FA6B5E65047896BF9983D20B431410FBBA36697A ] FontCache C:\Windows\system32\FntCache.dll
09:11:11.0922 0x07e4 FontCache - ok
09:11:12.0047 0x07e4 [ 0B56259F5611787222A04A8F254E51D4, F77AEC0ACBFAF9154E32223B84B613229DACCD953AEBC3E96C27570F9AB10FD0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:11:12.0062 0x07e4 FontCache3.0.0.0 - ok
09:11:12.0094 0x07e4 [ A5F7873A39E4E9FAAAE59B7E9E36B705, 32036109F5A50E9F3BEF97C5B28AE8179B3A5E22517868A83CADE4671FF90DEC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:11:12.0125 0x07e4 FsDepends - ok
09:11:12.0140 0x07e4 [ A6DD7D491F587F4BC13FB972977DC8E8, B86F97F17F6F443EC16DEF67CCA4EF78AFE56078D2877838A982FECB19557C87 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:11:12.0187 0x07e4 Fs_Rec - ok
09:11:12.0250 0x07e4 [ FA228F4BB10DC7ED7E7D131C034E2331, 0463B1DB8BB2B5AF95EAD988EA9DEB5483D9E78C07E07BAC1E3CC46C086B3BB0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:11:12.0312 0x07e4 fvevol - ok
09:11:12.0344 0x07e4 [ A969D92973DFA895E7776B4BFE36DBB2, 7528E6983ECC59291A7A386E4E459B19D1593ABDDFFD276E2F01B0EA21693E20 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
09:11:12.0406 0x07e4 FxPPM - ok
09:11:12.0437 0x07e4 [ 52BC441E07A827EBAB70CDC7EAEDB28D, 8DECBD8E12EA52039742599CFBBF0D3B6610B57EF8D9DAEEEA33D202A478D286 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:11:12.0469 0x07e4 gagp30kx - ok
09:11:12.0515 0x07e4 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:11:12.0578 0x07e4 GEARAspiWDM - ok
09:11:12.0609 0x07e4 [ 721F8EEF5E9747F32670DEFF7FB92541, E0A8EF70753E260C2C7D93D316B5EF9589DB086FDF829BDA2958C6A09CE471A6 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
09:11:12.0672 0x07e4 gencounter - ok
09:11:12.0703 0x07e4 [ FC2B8B06BDBD3B6457F5A3DA9AD2410E, 4BF196E1CAC94E9265EBEB68F41C3E29F0C709ECFF9420B5B1C9C82680D5D6A8 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
09:11:12.0766 0x07e4 GPIOClx0101 - ok
09:11:12.0859 0x07e4 [ 5358678C6370F2ADC5291849F6503262, 841633D7A936C3889690C67E189BAD4C6B294C196FFFE5B564FCECDFE46A9E52 ] gpsvc C:\Windows\System32\gpsvc.dll
09:11:12.0922 0x07e4 gpsvc - ok
09:11:13.0031 0x07e4 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:11:13.0062 0x07e4 gupdate - ok
09:11:13.0078 0x07e4 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:11:13.0078 0x07e4 gupdatem - ok
09:11:13.0125 0x07e4 [ 630555943E5A3FE21010CE91EC7FC84F, 20D7247A4363EE9E851501D89A466564ADCAEC304DE42280E4E09AD8499436A9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:11:13.0187 0x07e4 HdAudAddService - ok
09:11:13.0234 0x07e4 [ 7D87B5B6C7188D553E11B59DC7F0B111, FC633DB71E1D72E8AD8F89BBB54324CC6ED17F5594EF55DD0BDB58EE1F601FF5 ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
09:11:13.0312 0x07e4 HDAudBus - ok
09:11:13.0359 0x07e4 [ 3F76BBA53D65E85A7F53E7A71082082C, D1E18815BB19CD11007C4A66162C76F55D4FE6B09B34ED45969C7ECC29D394AD ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
09:11:13.0422 0x07e4 HidBatt - ok
09:11:13.0453 0x07e4 [ 085F150D002B7F0153D3C06DDF33A143, 41847FD02608ECFE3A6B4B38CBDE8416B0EF17491868511FD704B0BCC280338E ] HidBth C:\Windows\System32\drivers\hidbth.sys
09:11:13.0531 0x07e4 HidBth - ok
09:11:13.0578 0x07e4 [ CC4A07E51D89575CAB6F4EB590D87CD4, DFB4EAF0923EF9FF6C42EDD1EA5E4025F243C9BE2D03D5423FE8A897DC01D657 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
09:11:13.0641 0x07e4 hidi2c - ok
09:11:13.0656 0x07e4 [ DC96F7DACB777CDEAEF9958A50BFDA06, 7CE79F32D5EE65C0178CFF56523825D3EE01095B2CE8C67634A6604A821A9086 ] HidIr C:\Windows\System32\drivers\hidir.sys
09:11:13.0703 0x07e4 HidIr - ok
09:11:13.0750 0x07e4 [ FAC37D7B3D6354A5A5E19A45B50B4008, 2962B552A1DA545DFDEF0886582E82596FE8A3A19AAF989B025AFDA84D16D4EC ] hidserv C:\Windows\system32\hidserv.dll
09:11:13.0781 0x07e4 hidserv - ok
09:11:13.0797 0x07e4 [ 9E11EE0F2E117B2D5A835B2B91752827, DA523B5DE025B54DC685CB7FF76A75B343EAA8A10C7A8870BB023F1AAEEB67F5 ] HidUsb C:\Windows\System32\drivers\hidusb.sys
09:11:13.0859 0x07e4 HidUsb - ok
09:11:13.0906 0x07e4 [ 43F884B61A24377567CD0FEB35236334, B3BA36B527C8D6D83DE2FBCD8D503B87FD2611BF15B07A7BC138DC8BAE6A50C1 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:11:13.0953 0x07e4 hkmsvc - ok
09:11:14.0000 0x07e4 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF, E6967F3F465C6E903221BC0FCBAE7D05FD18C0BF110D929335F5935364B3C1BC ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:11:14.0062 0x07e4 HomeGroupListener - ok
09:11:14.0094 0x07e4 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E, B965DCC72625188F3B896CB447B7696F22687266EAFC5AA270E2AD53DD9F324D ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:11:14.0141 0x07e4 HomeGroupProvider - ok
09:11:14.0203 0x07e4 [ 77E81E788CC63E65272A7D247F441505, EA57947495A6FD5B6FCC06AD396AEEEEE44AA5EB924B1A4D71C81B1265120F7B ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
09:11:14.0203 0x07e4 HP Support Assistant Service - ok
09:11:14.0219 0x07e4 [ D104FF402FC3DDB686E6DEF00334DB26, 6CCE56587C02ECE474C6BF959C4A6F752A1FF0B718FBE8EE4FD9755313A207C1 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
09:11:14.0250 0x07e4 hpdskflt - ok
09:11:14.0359 0x07e4 [ D2946D9F020AE76E9CEF9B4A6DF838C0, C29CE594879385DA12B8EAA90B258905827B613839CCD820DE49215B68676995 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
09:11:14.0391 0x07e4 hpqwmiex - ok
09:11:14.0422 0x07e4 [ 64DB7A8D97CA53DCCF93D0A1E08342CF, 02CAB7F28D3830C482683425C60044239C6F1562556688A274CA2C237C846E76 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:11:14.0469 0x07e4 HpSAMD - ok
09:11:14.0500 0x07e4 [ 55FFCBB036D7BE4BCA6FA1421203A27F, 5BB865FC631390F59AF5F2452D4D2DA47E34A49E194C8010E942F5A2013F3895 ] hpsrv C:\Windows\system32\Hpservice.exe
09:11:14.0516 0x07e4 hpsrv - ok
09:11:14.0562 0x07e4 [ 3C5B2067338E4EFDADE94E4A72728F23, 72E21FA1E660F9405A5E39B0F89AB21C60F20BAC13247567EF7139AC130F1897 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
09:11:14.0578 0x07e4 HPWMISVC - ok
09:11:14.0672 0x07e4 [ F4A91D985EB9D1D2717D538F3424603C, 454AD2FF3A7963B9835AEF300F6672F92D0CCF59593BA2CCC83F0EC1446BB659 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:11:14.0750 0x07e4 HTTP - ok
09:11:14.0781 0x07e4 [ 2A98301068801700906C06649860FE94, 664394A52326289DCA0828B0041A105653F4FEF3E3DCCC3787AAE0F6FDC73A14 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:11:14.0828 0x07e4 hwpolicy - ok
09:11:14.0859 0x07e4 [ DC76901D82097C9E297F20C287CB9A27, 01A412D0D8A65050BE4250A7C4B9F98A4C43FD891827761E0C830369A5F9F09C ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
09:11:14.0937 0x07e4 hyperkbd - ok
09:11:14.0969 0x07e4 [ 716413AB3CA12DE0A7222D28C1C9352C, B82B586BD9DBD70DDA19A02504E8CB00DA53677703AB848B53387601C5BAD3D3 ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
09:11:15.0031 0x07e4 HyperVideo - ok
09:11:15.0047 0x07e4 [ C9E9CBF73AFFBFE3E801EFB516787BA3, 1A850D614BDA6AA4195CC657702BC6242BA51B90131717743182AA160F65E72C ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
09:11:15.0125 0x07e4 i8042prt - ok
09:11:15.0203 0x07e4 [ 050F2539E14F9D5E90A4B61738EC29BD, 0E65468B9F452FA7DB6DF2C1B2B2E9439C79031E27054FBDBDFE28A9F98721D7 ] iaStorA C:\Windows\system32\drivers\iaStorA.sys
09:11:15.0281 0x07e4 iaStorA - ok
09:11:15.0328 0x07e4 [ 5E394EBD26FD68AA9300332C46BEDD62, 56A5DA7CE08C07B519E55D0A46AA9D10B640349808EFE02B3278267B75B5F603 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:11:15.0391 0x07e4 iaStorV - ok
09:11:15.0516 0x07e4 [ ABEFA4BD23329FD9BD47496BF2E58774, 9689D4C6380735EE1CC7F480696CDDC229E0FA511942AC813314D353584D82DD ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
09:11:15.0594 0x07e4 IconMan_R - detected UnsignedFile.Multi.Generic ( 1 )
09:11:18.0703 0x07e4 Detect skipped due to KSN trusted
09:11:18.0703 0x07e4 IconMan_R - ok
09:11:19.0031 0x07e4 [ 11A31FC2481BFE69B0507ED8C80215F4, 8A1E90611F749E8F04B6D86E835E981CAC16D0841305CADB19E58682DA006698 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
09:11:19.0391 0x07e4 igfx - ok
09:11:19.0453 0x07e4 [ 24847A06B84339FEEDE5CABF3D27D320, 7727B1DAD0D4A1D474FBBEFCEBDF36A1F07D1AA300869AE57A24ED91BF84B6B4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:11:19.0500 0x07e4 iirsp - ok
09:11:19.0578 0x07e4 [ 3884117CE4FEC35E4A1A7A62918B1F34, 0B35F7195CAAF15B9C65AB5B74A887DCFCA8F7736005E704D9F603981606AFE7 ] IKEEXT C:\Windows\System32\ikeext.dll
09:11:19.0625 0x07e4 IKEEXT - ok
09:11:19.0656 0x07e4 [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
09:11:19.0703 0x07e4 IntcDAud - ok
09:11:19.0813 0x07e4 [ C6128F2E3DC6156C6F8828F9F1B96010, 612C1191AFB8F69BA5634E8C52BDDE608F57D98FA4C76C5A337676A5F1E8191D ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
09:11:19.0828 0x07e4 Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
09:11:20.0611 0x0880 Object required for P2P: [ 11120878E5276B367E1A10FF8C9B595B ] avast! Antivirus
09:11:22.0970 0x07e4 Detect skipped due to KSN trusted
09:11:22.0970 0x07e4 Intel(R) Capability Licensing Service Interface - ok
09:11:23.0064 0x07e4 [ 729AB4F0608E95EFF8FDEF23596283E2, 62A2091FF440C65505AB3E38436A86D9B0978BCB9485960EFCE0C5CBC8E06201 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
09:11:23.0095 0x07e4 Intel(R) Capability Licensing Service TCP IP Interface - ok
09:11:23.0173 0x07e4 [ B32A84262049E43DB2FDB70F2EAF3BEE, B80214F5A697F7C163E62448FAC4FC71E798114E1C0FBB52C3A16534208849B7 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
09:11:23.0205 0x07e4 Intel(R) ME Service - ok
09:11:23.0220 0x07e4 [ 4F37726CF764CA18A8A84F85EF3A7F24, 6212B23917526E127CE641A11A58DA93651FFE70829C4079FE465DBDC81CF470 ] intelide C:\Windows\system32\drivers\intelide.sys
09:11:23.0251 0x07e4 intelide - ok
09:11:23.0298 0x07e4 [ E15CDF68DD73423F15D4AC404793AF0D, E2D0136AF68D1A73EB3A63C83284B4661222CB0A4AFACCF276CB57CBD4850287 ] intelppm C:\Windows\System32\drivers\intelppm.sys
09:11:23.0376 0x07e4 intelppm - ok
09:11:23.0392 0x07e4 [ 8FCA66234A0933D796BB780B7953BAB9, 7DD677F5EE09A8D7A75C9E475B5E6B3DCA49D1E846C7D160B839D7029B1C5B6D ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:11:23.0470 0x07e4 IpFilterDriver - ok
09:11:23.0533 0x07e4 [ C217B8D2E58C57A319B16125C3D4B69C, 905BB858E1782BD08FF080A4A604CE662440A15601B178FBD30269C306C04CCF ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:11:23.0580 0x07e4 iphlpsvc - ok
09:11:23.0595 0x07e4 [ 6E98A046A12AA113F8898AA5D612BD6E, 28816CC1F03F2BFBF099C087C0BB6949E959F44C888DD2D0528FF7ED5D665ECF ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
09:11:23.0673 0x07e4 IPMIDRV - ok
09:11:23.0720 0x07e4 [ 3969B9C218DD3FAA9F4ED2FFC3651C02, 93447F124CC55FB17055126432194153E1BB8F0FD95A47608494B6834A5F7089 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:11:23.0798 0x07e4 IPNAT - ok
09:11:23.0876 0x07e4 [ E8D96F840994291789F0CDE6800AC1A4, 35B39474B6385DA828D4212047F5C94775FC3C55E8C72EAA503D763D86F9BFB7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:11:23.0892 0x07e4 iPod Service - ok
09:11:23.0908 0x07e4 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C, 4099BAA2DB4ADB93B878D71E241B7D9EB7E0EE7ED0FE2450CCB9E4718B3726EB ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:11:23.0923 0x0880 Object send P2P result: true
09:11:23.0970 0x07e4 IRENUM - ok
09:11:24.0017 0x07e4 [ D940C5BB9DC92E588533C19ABCC3D2C2, D1442854CEDE86F2C187A35851E74C873D34B772C60BC118FA1577F79C03364D ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:11:24.0064 0x07e4 isapnp - ok
09:11:24.0111 0x07e4 [ 69C8BF0BC2B0EA10F130F4D3104DC2EF, 8FFF92828C3DC20F0F42C42E58A03B59A4E0187963F728DC618C9595FB2D0239 ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
09:11:24.0173 0x07e4 iScsiPrt - ok
09:11:24.0205 0x07e4 [ 08B14887C0B98101F8EC207817A0D734, DF2B2C16F9C8EA05533AE26C3302C41D5B67966D8E55ED8625353AE1D70FBD29 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
09:11:24.0220 0x07e4 jhi_service - ok
09:11:24.0220 0x07e4 [ 8FBD94B69D6423E20ABCD59D86368B21, 218EF992095E365EC917413749856A64D55D8129D77098E24D670843233377F4 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
09:11:24.0252 0x07e4 kbdclass - ok
09:11:24.0283 0x07e4 [ E88C932ABDF8185A62C8F2FC7B051FB6, 67F9AF58237A11F0BF3D15AA5B32E5CE66B7AA039B999D938F7F6E63DCEA7A6E ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
09:11:24.0314 0x07e4 kbdhid - ok
09:11:24.0330 0x07e4 [ FB6C185092E18011EF49989425C2AA87, 043524409E0A764201DD221C48B7DEEA0D161945EB37D4B88313BAB2299949DF ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
09:11:24.0392 0x07e4 kdnic - ok
09:11:24.0423 0x07e4 [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] KeyIso C:\Windows\system32\lsass.exe
09:11:24.0470 0x07e4 KeyIso - ok
09:11:24.0486 0x07e4 [ DFA480F6DED551464F3A5B959F437800, C07AB6F28A09FCBE11EECAD03B06CEAE1016EC24031FCA0C092639E90FBA84CF ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:11:24.0502 0x07e4 KSecDD - ok
09:11:24.0548 0x07e4 [ 127FB0AAD232BAAD2C9BBACD374F4FC5, 3BC56F6B4374062C96149D69ACE053DF81A278F0361599F5A2F3DB1F76F0AD68 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:11:24.0595 0x07e4 KSecPkg - ok
09:11:24.0611 0x07e4 [ 81492FEEBF2F26455B00EE8DBAE8A1B0, E33AA2DFB2D3BB30B02CDADA2EC290F86329DA3198327A653F39A843D86390B9 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:11:24.0658 0x07e4 ksthunk - ok
09:11:24.0720 0x07e4 [ 5825DBACEDC3812B5CF8D40B997BF210, 1C2997BCC707C1029B21876E093038CE3BBF6E6694B4CCF7EEDD47172ED9A541 ] KtmRm C:\Windows\system32\msdtckrm.dll
09:11:24.0783 0x07e4 KtmRm - ok
09:11:24.0814 0x07e4 [ 256EE31588257E8A555DBFAA13F1908E, B6817F632EDEA483E35BF26846DCDD4E95E860620959179B2A5D8AD7EEDDB126 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:11:24.0845 0x07e4 LanmanServer - ok
09:11:24.0877 0x07e4 [ 16650912BE5A94B40E0B3B4C39652B56, 908C2C9367AE0AC9AECB5D91514BB33ACD746D99F19C1A8DD6A9550E9CAD9E00 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:11:24.0908 0x07e4 LanmanWorkstation - ok
09:11:24.0923 0x07e4 [ CEEFD29FC551F289810B0B9381B321DC, 900F206B487B2190D9363F28AA4BA0CD7DCFE1D005BE05A48AF74B1B81194691 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:11:24.0970 0x07e4 lltdio - ok
09:11:25.0002 0x07e4 [ BCF53485E0A94722CDE3C4A93CD8EB8C, D24E1066EB102245A89A5D17D608DB9DF6B71C99F1C77E070B95EFD17D268141 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:11:25.0017 0x07e4 lltdsvc - ok
09:11:25.0033 0x07e4 [ 5A2F7F1CBC2E631A497DAD16164E06D2, 35274FC6C386380B01B5E8F467E71A2C4E2FB2AD701554F9B1A9B036B0340142 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:11:25.0080 0x07e4 lmhosts - ok
09:11:25.0095 0x07e4 [ 920F6774762DE8D8477088B6F38FBD6C, DA056D27FE775835CD6F8F5F3143179D818C20658304E21100B534C24079916C ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
09:11:25.0111 0x07e4 LMS - ok
09:11:25.0142 0x07e4 [ 022CDD12161B063D7852B1075BF3FFF2, E21267243AF2FC208D27E67827B1264A762C99AECEDB7AD2C48A04F421A6B2F0 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:11:25.0205 0x07e4 LSI_SAS - ok
09:11:25.0220 0x07e4 [ 07AD59D669B996F29F91817F0ECFA34F, 026F332F862D142BFFC9D169CCD17A35BFB6B301EEC72AA13E16369B3520919C ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
09:11:25.0283 0x07e4 LSI_SAS2 - ok
09:11:25.0330 0x07e4 [ 216FB796AA4E252ACCE93B1BCB80B5EC, 5B1E49B5F7B9C7A778198D27F8EE500FE35DC32D40B22A3D6ED67560BEB04212 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:11:25.0392 0x07e4 LSI_SCSI - ok
09:11:25.0423 0x07e4 [ 5E80530AF37102488EE980B4A92AF99F, 364E18EAD9AC22F8A306B24C6C43E58224F6BE2744EFEAA2484696B8D9880851 ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
09:11:25.0470 0x07e4 LSI_SSS - ok
09:11:25.0517 0x07e4 [ A57BA284F5996FFD32DCDBC41A4657DB, 2106B83873A824BC83EF42FAC9DD9A0F741209535A84AE65EA8E786519920043 ] LSM C:\Windows\System32\lsm.dll
09:11:25.0564 0x07e4 LSM - ok
09:11:25.0595 0x07e4 [ 2BDC5D711FA61307CE6190D47C956368, 6BCDC6CBB9783F1ABE8957BDA94AF977DFB2A310BB6D19085EFC8609C97FD180 ] luafv C:\Windows\system32\drivers\luafv.sys
09:11:25.0658 0x07e4 luafv - ok
09:11:25.0658 0x07e4 massfilter - ok
09:11:25.0705 0x07e4 [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
09:11:25.0798 0x07e4 MBAMSwissArmy - ok
09:11:25.0845 0x07e4 [ 9B0D829C3BE4E7472DB9DD2B79908E3C, ACED5806FFF39E84007B5A3DCB16315329DC53007F46B1BEEDC391CC659F7DD3 ] megasas C:\Windows\system32\drivers\megasas.sys
09:11:25.0892 0x07e4 megasas - ok
09:11:25.0923 0x07e4 [ ECC3F54C7AFC318271C4F0B4606D8DB0, FD1ACB18B8C912C7A57DABCD5460800DD0721A82E09C8D79C47B3392D61CBEA6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
09:11:25.0970 0x07e4 MegaSR - ok
09:11:26.0002 0x07e4 [ D71FD7A4FDB01C554AE144037B688DF1, 74D33303DA559A3A2EB809FC0EC3722D24F7F1A37BC7370680CFEB951BE735AF ] MEIx64 C:\Windows\System32\drivers\HECIx64.sys
09:11:26.0049 0x07e4 MEIx64 - ok
09:11:26.0142 0x07e4 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
09:11:26.0173 0x07e4 Microsoft Office Groove Audit Service - ok
09:11:26.0205 0x07e4 [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] MMCSS C:\Windows\system32\mmcss.dll
09:11:26.0252 0x07e4 MMCSS - ok
09:11:26.0267 0x07e4 [ 780098AD5DA8A4822E2563984C85EF7B, 29312970774E944B5ED388316CF3D350DCABF721F9695737B0AC56BE878B0446 ] Modem C:\Windows\system32\drivers\modem.sys
09:11:26.0298 0x07e4 Modem - ok
09:11:26.0330 0x07e4 [ EA8EAD3F5B762F889CC7F3966625B48B, B701A42E5E08B7BC6601560446146803182E5DC631AB73E9408F19CB6432F121 ] monitor C:\Windows\System32\drivers\monitor.sys
09:11:26.0392 0x07e4 monitor - ok
09:11:26.0423 0x07e4 [ 618446B98C79776654340CE27C73485E, EFE7169FDD545933B5949DA2D09266971C0C3E6894E7BD8AFE29E41567C72B16 ] mouclass C:\Windows\System32\drivers\mouclass.sys
09:11:26.0455 0x07e4 mouclass - ok
09:11:26.0486 0x07e4 [ C0ADEBED913295803B579ED288936CBB, 58F71541166D1DA07C18FBD27458D55E3F8AD7291CB7496B3A2F01372A5B0CAE ] mouhid C:\Windows\System32\drivers\mouhid.sys
09:11:26.0580 0x07e4 mouhid - ok
09:11:26.0611 0x07e4 [ 89D263DBF08119CE16273991C120D6DD, 9771EDAD266F0E234E71DFB6792F396710E051F2ADCA5CDADEBBD2790D0E6054 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:11:26.0674 0x07e4 mountmgr - ok
09:11:26.0705 0x07e4 [ 0D1609DD82C7440F5D5BF21A9D4D5C0C, BCBFF081FAFB822CE29D291FB329FC310D90F0EC0D1BB69CF8CB09ED5A2E84D1 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:11:26.0814 0x07e4 mpsdrv - ok
09:11:26.0908 0x07e4 [ 3031573A739DBEE8923851929D0AF423, E9EA6C0D12A896AC745173B1F1A58192B52724AA424718B16B8D05E9AC091741 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:11:26.0955 0x07e4 MpsSvc - ok
09:11:26.0986 0x07e4 [ 3D70147F55F1EC84EB9139ED7FFE48BC, 12429C2FDDDA13815F0E18F9009011AA5360955759A23A38175543F480CB92EF ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:11:27.0049 0x07e4 MRxDAV - ok
09:11:27.0111 0x07e4 [ 93179D48066918323628CB016D8C94DC, FE110BF7A10EDD1DF7F6B933D373FCA51F37413282EBC4187E7C9B1965186BCC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:11:27.0189 0x07e4 mrxsmb - ok
09:11:27.0236 0x07e4 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3, C665B7896501D42C73955F4EAF4FA3C6B2C9286957D6023C235AFBF9BFB761C6 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:11:27.0283 0x07e4 mrxsmb10 - ok
09:11:27.0314 0x07e4 [ 5C7DD2E5759FFCCD2C7341C1B90F2B26, 9822FA53E6067C0E39B7A3A3F1E88719D5D8B055D86FF894F0475B158289EA45 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:11:27.0361 0x07e4 mrxsmb20 - ok
09:11:27.0408 0x07e4 [ 98487487D6B3797CA927E9D7B030AE13, 05840AF0DD2E3CB596DA768DBD0728B52210EC05B55AB5921E697AD8956938DD ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
09:11:27.0486 0x07e4 MsBridge - ok
09:11:27.0517 0x07e4 [ 4A07458EB4F17573BD39F22029A991C1, 74D7A1882EA4D19B8F090C2813489E5D3F759BF4AF2D88AE852EC6510C405B5E ] MSDTC C:\Windows\System32\msdtc.exe
09:11:27.0564 0x07e4 MSDTC - ok
09:11:27.0595 0x07e4 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2, ECCA22985838A914EDC866C491DEB64B9FF5110EFA9BEE541F634AC5EC3081F9 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:11:27.0642 0x07e4 Msfs - ok
09:11:27.0689 0x07e4 [ C32A7A39B960A42BA9D4FBE47213CA03, 4DA48587138972DA5E95AEDBBBE73BA8CCADC8172C6654427ABEAC8047B27E95 ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
09:11:27.0752 0x07e4 msgpiowin32 - ok
09:11:27.0783 0x07e4 [ D3857A767B91A061B408CCAB02DA4F40, A4D780772086AD8717EE6DC2B6189F796939FB5E5AA08FD9D1984101998FBECF ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:11:27.0830 0x07e4 mshidkmdf - ok
09:11:27.0845 0x07e4 [ 839B48910FB1E887635C48F3EC11A05E, F8CFD99911500CC1B6A90C8E2A1697BD5A6E5776A62A62FE5B342FE204C936B1 ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
09:11:27.0908 0x07e4 mshidumdf - ok
09:11:27.0939 0x07e4 [ 55C0DB741E3AB7463242B185B1C2997C, D2E2A5B48A64EA0EC2A6566C08E65A38D11CEA64BCA7B57793BA0D009E4D974A ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:11:27.0955 0x07e4 msisadrv - ok
09:11:27.0986 0x07e4 [ 216C6B035A4BA5560E1255BD8E5BB89F, A14E038604B9A5506DB145A4D9F51E2751AC825240D2744924F39C332B5DE00B ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:11:28.0017 0x07e4 MSiSCSI - ok
09:11:28.0017 0x07e4 msiserver - ok
09:11:28.0033 0x07e4 [ 509809566E49F4411055864EA8D437CD, 70F37BF9C759E8BCA1C6AC8FB9805950925E1C648ED37E8561A0F7A407DFDC28 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:11:28.0064 0x07e4 MSKSSRV - ok
09:11:28.0095 0x07e4 [ 63145201D6458E4958E572E7D6FC2604, EDD4A8A3BBE94B983554B1117734E66A2647B867269C5F0567C47EDE6F3FACCB ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
09:11:28.0142 0x07e4 MsLldp - ok
09:11:28.0174 0x07e4 [ 99D526E803DB6D7FF290FD98B6204641, 4AFAA3B1186621AEAD19E12D3DBE104DD8FCD5C106F9EC3ADA4AD1BC7093E61F ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:11:28.0236 0x07e4 MSPCLOCK - ok
09:11:28.0252 0x07e4 [ 06FA77C3E2A491ADCD704C5E73006269, 465A7EE5387E6C11398A554F73437278F5BF110356E7F49F315905C1F2459278 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:11:28.0330 0x07e4 MSPQM - ok
09:11:28.0377 0x07e4 [ E134EC4DE11CF78CB01432D180710D84, BB111F97AEEFDCA5866B157E9957599CD7A4952B5BCCA0B0BCA9EDFCD17E61FE ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:11:28.0408 0x07e4 MsRPC - ok
09:11:28.0424 0x07e4 [ B5AECF12F09DEE97C9FCAA5BA016CE1E, F5305C4CE6C93A3A3481BD13BE0C23FE26571E11029ACFFE75FB78913681FCFC ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
09:11:28.0455 0x07e4 mssmbios - ok
09:11:28.0470 0x07e4 [ 72D66A05E0F99F2528F6C6204FD22AA1, B14D433BC5795F1DC4C672302285E665DC012693E75574F60664AAD8874DE562 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:11:28.0533 0x07e4 MSTEE - ok
09:11:28.0549 0x07e4 [ 8AAAE399FC255FA105D4158CBA289001, 2F55C02605B4A3406B289FF9D46C76260B9138E3DE96AFAEA0E0522E5A2A746C ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
09:11:28.0627 0x07e4 MTConfig - ok
09:11:28.0658 0x07e4 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A, 00D33A4AB3E7C5F65F59C63F8E2FD27EF38D5484595F785D5632E9414E29352C ] Mup C:\Windows\system32\Drivers\mup.sys
09:11:28.0720 0x07e4 Mup - ok
09:11:28.0736 0x07e4 [ 3A1E095277BBD406CEA8EA6B76950664, 47838F307A6354E77C19A7B1F3F3E22726EF60403B611F358AD6FFE81D7214E7 ] mvumis C:\Windows\system32\drivers\mvumis.sys
09:11:28.0752 0x07e4 mvumis - ok
09:11:28.0799 0x07e4 [ 4B18840511D720BA118D3017E8165875, 724458A69269A5AE57E8DAB74FF3C198A79B6F7A9602BF38A70B4A40543ED167 ] napagent C:\Windows\system32\qagentRT.dll
09:11:28.0830 0x07e4 napagent - ok
09:11:28.0861 0x07e4 [ 43D7388A90A4C6EA346A4D6FF0377479, DFDCFA448B49C8A577056070AF516F08CD2E452706A3CF9173195ABA4256F35D ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:11:28.0924 0x07e4 NativeWifiP - ok
09:11:28.0970 0x07e4 [ 6A0C3996DA7DAE6D6939676D786EEEC4, 6E8A4C6234FD3040BC889E92016A4D5AC7BCAF5059521E50C733966163A546A0 ] NcaSvc C:\Windows\System32\ncasvc.dll
09:11:29.0017 0x07e4 NcaSvc - ok
09:11:29.0033 0x07e4 [ C982FE4CC91DECE2259F494FCEB4030F, 4C285407E6F9FBBA92180F4063AEFB736ED142D802F0151002F0CC20AB7BB4E5 ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
09:11:29.0080 0x07e4 NcdAutoSetup - ok
09:11:29.0158 0x07e4 [ A10E176F3B2BF83EDE7B5C4658C93B66, 42F2FAEB4A29BBC6727D7E159D3E7E2E66D33785E5C98496EEB44D281601A23E ] NDIS C:\Windows\system32\drivers\ndis.sys
09:11:29.0236 0x07e4 NDIS - ok
09:11:29.0267 0x07e4 [ 39C8A1D9D46F5E83A016BCAB72455284, 80DBED610E0818C2C7122FBC5BC8C15BCE981538AE48DC48F464A86389AF3F68 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:11:29.0314 0x07e4 NdisCap - ok
09:11:29.0346 0x07e4 [ 762941932B7E4C588E48A577BA9D6440, 71FA1870E398CB848D8294FEF6C60E0499CAB9A16EC3F487564C41072590E4F3 ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
09:11:29.0392 0x07e4 NdisImPlatform - ok
09:11:29.0439 0x07e4 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7, D902AE15194A9F8A2198914FC76184FE7E2B589747275952A04A52853128FDB8 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:11:29.0502 0x07e4 NdisTapi - ok
09:11:29.0549 0x07e4 [ 79AB68BB3FFF974AD4F41FA559F4EC67, 1745EC6520B48E325C56D98A1F4DB9CE135FE3E097B3D66E6598791132CAD7BD ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:11:29.0627 0x07e4 Ndisuio - ok
09:11:29.0658 0x07e4 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:11:29.0736 0x07e4 NdisWan - ok
09:11:29.0736 0x07e4 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NDISWANLEGACY C:\Windows\system32\DRIVERS\ndiswan.sys
09:11:29.0767 0x07e4 NDISWANLEGACY - ok
09:11:29.0799 0x07e4 [ 3730942D7DB2F8BB5F84542B7FF6F650, 89C9D7D7305205BDB304CE6DA7D1A57EDE86A9D77429698802A39D75EB78CAAB ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:11:29.0877 0x07e4 NDProxy - ok
09:11:29.0908 0x07e4 [ D3F60A4345FCA9C1BE68AD7D0D6DE770, 214AF09F4B021C2F8655FBC8AC8C801E89CD9115CDE690FAEBDA69D63D660EDD ] Ndu C:\Windows\system32\drivers\Ndu.sys
09:11:29.0955 0x07e4 Ndu - ok
09:11:29.0971 0x07e4 [ 7C203A76394F9AE68F69EEE5F9612C4A, 2222654915913BDC9367A2075714906A10CF22C047A7494CD59CB71834ED1B62 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:11:30.0002 0x07e4 NetBIOS - ok
09:11:30.0033 0x07e4 [ 7CEC25C682D319D484630B3952C31A11, 025C46B367E0570E9E3F9DF1564C3E47B1524E9E9A180BBDF0E9C684838F5E42 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:11:30.0096 0x07e4 NetBT - ok
09:11:30.0111 0x07e4 [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] Netlogon C:\Windows\system32\lsass.exe
09:11:30.0127 0x07e4 Netlogon - ok
09:11:30.0158 0x07e4 [ 89519D29CBEC2121CA65CC29C4D345E0, F3BA7BCAFEC8DD8B29837458D1B2B1DEE748AEAAAE0575FD3AAE65CFC72A04CD ] Netman C:\Windows\System32\netman.dll
09:11:30.0205 0x07e4 Netman - ok
09:11:30.0252 0x07e4 [ 79FA9393C67EBBF92A56923592CF7A7C, A8AB8A6346B97B68810CC632F425085BE9E63ACAED0F119A7BFD03F2DA4AA5F6 ] netprofm C:\Windows\System32\netprofmsvc.dll
09:11:30.0299 0x07e4 netprofm - ok
09:11:30.0424 0x07e4 [ BC7AAC1EF500BA830E45439D5669EE10, F9C96CC6C8309108E40263D8F476E48138A8719FDCD70CE5319EC714F4C86F1C ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
09:11:30.0533 0x07e4 netr28x - ok
09:11:30.0596 0x07e4 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:11:30.0642 0x07e4 NetTcpPortSharing - ok
09:11:30.0674 0x07e4 [ 12DD2800E4EEA37DC9AE256AD62423B4, 34740469EEA8740CBACD881CB232C9ABB9AB180DE5F45336BC6DBE154259F29B ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:11:30.0705 0x07e4 nfrd960 - ok
09:11:30.0752 0x07e4 [ 80ABCD4C2DE9FD832477303AE0CA3BE5, 98F3958E650CEB1006D92980503E1B176D2CA55D2A6742C1C27CDE829D137DA9 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:11:30.0814 0x07e4 NlaSvc - ok
09:11:30.0846 0x07e4 [ 17E19A742FB30C002F8B43575451DBE1, 59D226A4A5B5281C399BE96C694915E38EEAF335D31F346B0C65D8F469D7C9C3 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:11:30.0892 0x07e4 Npfs - ok
09:11:30.0908 0x07e4 [ 8ED299C30792544264E558BEA79F0947, 8A03FDA9AADB79ECBCBCDC988B7D8CF0672689C9DF673A2ECFE0D2D88A9C6A6B ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
09:11:30.0971 0x07e4 npsvctrig - ok
09:11:31.0002 0x07e4 [ 832B5FDF0B5577713FD7F2465FCD0ACE, 4A551CDBACED47DD781EC59F8B59A13D66EFD85DCF636BCFCBACFE5972A78E93 ] nsi C:\Windows\system32\nsisvc.dll
09:11:31.0049 0x07e4 nsi - ok
09:11:31.0080 0x07e4 [ 689B3B1E95C70ABF7AFF29F9406EF1E0, 8B62D8AE53E1B3218158FADC0075682AB06D18998CF5DE82C920A9CD91C0652F ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:11:31.0127 0x07e4 nsiproxy - ok
09:11:31.0236 0x07e4 [ 76929F4A69E425911A63B407E26C2589, 17896DB6EDEF2637D159432DB61E8B5FA2F4F54B5F50BCD6215827C321ED2C2A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:11:31.0330 0x07e4 Ntfs - ok
09:11:31.0361 0x07e4 [ 4163ADE07DB51843AE31F65B94F5398D, 4349E7EF1EE1E71E1F436BA42F5B58871D82B987D513BA2D6E1CEB8A21BD1B20 ] Null C:\Windows\system32\drivers\Null.sys
09:11:31.0439 0x07e4 Null - ok
09:11:31.0455 0x07e4 [ D6D34118263412D3AAA8348A9572B7F2, 66106A25BC5A4CA7697A23ED67CEDB5C0BF678EA70FD967A405D2DF76F4CA3A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:11:31.0502 0x07e4 nvraid - ok
09:11:31.0533 0x07e4 [ 27AFC428D1D32ABD04A86763A4EDDEA9, 0920866013A8C8CFEE00E6AECDD41736F5501C49837E2D785998734F087F6B98 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:11:31.0549 0x07e4 nvstor - ok
09:11:31.0564 0x07e4 [ 051CFB5107BAAE510419BDC41F8C4036, 9990906F17A3886EF301D2AA6556263B52A1C0554C6BD18331AF44ECECAEE4B5 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:11:31.0596 0x07e4 nv_agp - ok
09:11:31.0705 0x07e4 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:11:31.0736 0x07e4 odserv - ok
09:11:31.0783 0x07e4 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:11:31.0783 0x07e4 ose - ok
09:11:31.0830 0x07e4 [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:11:31.0861 0x07e4 p2pimsvc - ok
09:11:31.0939 0x07e4 [ 4319FD931DCD796435ECB5DB4A04FBA5, 20185B2F359EEC202B37019A4E4F5B914ADCF78B97AF0CBD91EECED2259FC6DE ] p2psvc C:\Windows\system32\p2psvc.dll
09:11:31.0986 0x07e4 p2psvc - ok
09:11:32.0002 0x07e4 [ 4563DAF8C6A740AD7F501E219BD10766, 7A1212DDAE2D66A9C2041262796904E36036CDC4C5B75C2F66B8DF9D89F7C25D ] Parport C:\Windows\System32\drivers\parport.sys
09:11:32.0080 0x07e4 Parport - ok
09:11:32.0111 0x07e4 [ D6ACCF9F2EEEEA711C14EFD976E573F3, 60D2A81832A8D24F91C3EF134440D5026354917F59462BACBCE7A01D84767D91 ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:11:32.0174 0x07e4 partmgr - ok
09:11:32.0236 0x07e4 [ 4811D9EC53649105A5A8BEA661B0F936, C77907E03D0561500FCFEAFAC323E9679E66297329901A0CA2BD7E919419A8E8 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:11:32.0283 0x07e4 PcaSvc - ok
09:11:32.0314 0x07e4 [ 4A003E8F718C1E6A2050CA98CD53E3E2, BCC3BE1EC3FA4967353371D85094D096940A7B5944A6FFCA31E8FBE83D92CC6C ] pci C:\Windows\system32\drivers\pci.sys
09:11:32.0377 0x07e4 pci - ok
09:11:32.0408 0x07e4 [ F9908D274D458220F91E89B54D78D837, 1E89ABFA6B375383E0297CEE5AF66E37F90E16DD21ABA5C91777A86CDF013B4D ] pciide C:\Windows\system32\drivers\pciide.sys
09:11:32.0471 0x07e4 pciide - ok
09:11:32.0518 0x07e4 [ 84D19CB6102627932DCB5DFDF89FE269, 2F9C47E076645B35877D9ACA77968EFFCDA8794D76265CD9A4AAA239C4B33C5F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:11:32.0580 0x07e4 pcmcia - ok
09:11:32.0596 0x07e4 [ CEBBAD5391C2644560C55628A40BFD27, 8AAA6EBD8D89FC91AECCCF1452F53C5650A1A17027FF4E64D224371404CE4C8B ] pcw C:\Windows\system32\drivers\pcw.sys
09:11:32.0611 0x07e4 pcw - ok
09:11:32.0643 0x07e4 [ 0698DEDEAD6A00AD0D468C687D830FBF, B9DCA1A61F2EF80DB26380F390F2E9A17114D33129D61CF465B949B6A7916CAA ] pdc C:\Windows\system32\drivers\pdc.sys
09:11:32.0674 0x07e4 pdc - ok
09:11:32.0752 0x07e4 [ 61FE70659CD43E07F94DA4DC31DEC493, 3739B6670B440173FD81DE3D47B0B90FAF296802AD4F57C05BF5CF191BF16022 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:11:32.0830 0x07e4 PEAUTH - ok
09:11:32.0924 0x07e4 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A, 459CF99D5243C4ACAA38C7B426ADC52F1044C759D06A925D475DF6213AEB85CD ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:11:32.0971 0x07e4 PerfHost - ok
09:11:33.0049 0x07e4 [ 6E84BFF58F7643499277F29DFA2F8C8D, 401CCF137F35D9690C7B56B2BFEDB2DB72709EBE38626D787904B67640EF6F14 ] pla C:\Windows\system32\pla.dll
09:11:33.0096 0x07e4 pla - ok
09:11:33.0143 0x07e4 [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:11:33.0174 0x07e4 PlugPlay - ok
09:11:33.0189 0x07e4 [ 8E2414E818C26C4A9C70CB2B8567F04F, A16B22AE143BA070C562FBE5DEF32F7E228F50B302B66E46B46C44C0F50A4461 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:11:33.0221 0x07e4 PNRPAutoReg - ok
09:11:33.0252 0x07e4 [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:11:33.0268 0x07e4 PNRPsvc - ok
09:11:33.0299 0x07e4 [ 0108C8E5176D590F242701EF5A62CC26, 3A72F5D4402663B7445F6B3C55F01E83A619B6192F7D3CC2DE3C57F9F50D5A2D ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:11:33.0330 0x07e4 PolicyAgent - ok
09:11:33.0361 0x07e4 [ F1E067F56373F11EA4B785CAE823740A, 69BD30E64DA17595FF29C9C9FF9AD4F2F4BE29B688FBAC9DABB2FA9D13A47FF0 ] Power C:\Windows\system32\umpo.dll
09:11:33.0393 0x07e4 Power - ok
09:11:33.0424 0x07e4 [ 362D47E5B4D67270DE4B8606036F4ADD, 716E229C68D91AEA5B5629F60133D5CBDC0C95ABA54D9DC6264E923CAF4DC6C0 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:11:33.0486 0x07e4 PptpMiniport - ok
09:11:33.0721 0x07e4 [ C2D3B3D0060619D5E03E696BD56FF59F, 155954F16B6F9B51BA16F43F1AE6F977B1EC4DE77862C6F6C722293189BE0DD2 ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
09:11:33.0908 0x07e4 PrintNotify - ok
09:11:33.0939 0x07e4 [ DD979EB6A7212F60E4AFBE96EDC7AE6D, BC681D64C5B8F08FD4613D71111853FCD5B05E4BD127D2C6258BAED7627105BE ] Processor C:\Windows\System32\drivers\processr.sys
09:11:34.0002 0x07e4 Processor - ok
09:11:34.0049 0x07e4 [ 429E8502AD2227CF88F8840FC5BD590D, A186DA46C083580ACEDE9C7E3156865034302CD803140EEEC8E1DE16DA4BC99B ] ProfSvc C:\Windows\system32\profsvc.dll
09:11:34.0096 0x07e4 ProfSvc - ok
09:11:34.0111 0x07e4 [ EB8034147D4820CD31BFCB11A2A652DF, B10B5E16B7A05D2DB2D5D1945B6146DE15EEDE2C778772A59F104706B5145E46 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:11:34.0190 0x07e4 Psched - ok
09:11:34.0252 0x07e4 [ 0AFBF333B6F87A2F598EAB379AF100B8, D11F3A4D7E4463B62E2DBDE5FC61425B1FDFB07DD1A19BC001D479CA1F554510 ] QWAVE C:\Windows\system32\qwave.dll
09:11:34.0299 0x07e4 QWAVE - ok
09:11:34.0330 0x07e4 [ 13D47BB0CCA2FC51BD15F8E85C6A078E, EA832A9511007C9E8599C3066E1FA66BE869E8A27886D9A9AC590BD4DFBD1A15 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:11:34.0361 0x07e4 QWAVEdrv - ok
09:11:34.0377 0x07e4 [ 873C60F8178100557740A832FCE10B5F, 400EF60CB2C98E2AFE122AF3D01CCE56A1548AF865345EE2194AB74DBCBF4C48 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:11:34.0408 0x07e4 RasAcd - ok
09:11:34.0424 0x07e4 [ 69B93F623B130976243ECA3D84CC99CA, F27617E651EADFAEE479619AAB01CDAA98111BA63E204D5C44A1256732CB0100 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:11:34.0471 0x07e4 RasAgileVpn - ok
09:11:34.0502 0x07e4 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0, 2F3C90A04964D4D906238BD557D90F7AC05DF86FE9729C4378B39431F54DDAE3 ] RasAuto C:\Windows\System32\rasauto.dll
09:11:34.0549 0x07e4 RasAuto - ok
09:11:34.0580 0x07e4 [ A14D625C5AEE5FFE0F47D1A1D419FAAE, 1229B81C23340AD5B436B1FD227876EB41715CE6BD270BA367F18879D26B8F04 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:11:34.0611 0x07e4 Rasl2tp - ok
09:11:34.0658 0x07e4 [ C923C785A2DE0B396AD6D13ACAFF2DE9, 4F950DA776FBABEC7D546983D6F3018733F61268A4BF95C01D4836AD000BD073 ] RasMan C:\Windows\System32\rasmans.dll
09:11:34.0721 0x07e4 RasMan - ok
09:11:34.0736 0x07e4 [ 00695B9C2DB6111064499C529E90C042, 3CD4DF4D8001C2BBF52EEEB1F0D587209878BEAC339D268892477AD840D490F1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:11:34.0815 0x07e4 RasPppoe - ok
09:11:34.0846 0x07e4 [ A7F24D8CD1956B0A1FDCB86CC5114DE4, 30489D235362DF62B105378597168B13F4BAC74A8EDDBDA25237E3C017B69FEE ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:11:34.0893 0x07e4 RasSstp - ok
09:11:34.0955 0x07e4 [ CA03D642ACE58E1BA54E4B383F91CD69, 39BB942603801CF11FBEA28E24F8C8D1EF2AF615D1FABF951683A015D6A6EF37 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:11:35.0018 0x07e4 rdbss - ok
09:11:35.0033 0x07e4 [ CA7DF5EC95D8DE0DD24BE7FF97369F68, 153E6F716CA935DBCACB8FF1BB8DE5F5551CE3D18878225470E45893CA69BDB8 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
09:11:35.0065 0x07e4 rdpbus - ok
09:11:35.0080 0x07e4 [ B2A3AD74FF2E2FFA73AF2567108231B3, DF8CEA6215F75C634D56F6B8AE11ECCEEB5F8CBC091AC3D6D9F7DE214B00A439 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:11:35.0127 0x07e4 RDPDR - ok
09:11:35.0174 0x07e4 [ 57F4787E4602A3FCA719C0A33137C6DA, D03AE59A184EB5D126F8EAB9D36EE406ABB8B9ED834F2D2496DDB1349FF56F89 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:11:35.0221 0x07e4 RdpVideoMiniport - ok
09:11:35.0252 0x07e4 [ B3CB0721E81E30419CE7D837EF4EA151, EC9410818661BF77E4A19694E3A3030E1D983B36F49C72E27F92A1424E0729C2 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:11:35.0315 0x07e4 RDPWD - ok
09:11:35.0361 0x07e4 [ 62C1F8A0685FE07E998AA296C4F697C4, C636AB2D0F139003A6AD7A12E9DC13EE4485A62F30DA59AF842FF02FE07442EE ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:11:35.0424 0x07e4 rdyboost - ok
09:11:35.0455 0x07e4 [ 3663CCF243EE0C04E9F6F91ED1737273, 31D06445996F99A7F6B32004D1BA63A21C61DE125373F860BA9A9DE5278E8293 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:11:35.0502 0x07e4 RemoteAccess - ok
09:11:35.0533 0x07e4 [ E80DD61E52EDFFF9DA1ED7260A68855B, 97909F42AE35E28B8F98C01A1D8BAD80A949CDCA0C88FB4ACF0A655DC7C10E45 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:11:35.0565 0x07e4 RemoteRegistry - ok
09:11:35.0596 0x07e4 [ CCBFCABDFE2BC22F0645CEAADDB36004, 279EA9075079F91165027CEFD4FBC61A213CA602EE7DE106F7D2D243468706AA ] RFCOMM C:\Windows\System32\drivers\rfcomm.sys
09:11:35.0643 0x07e4 RFCOMM - ok
09:11:35.0674 0x07e4 [ 73F2E030B5C24E4E41401B5F0D59E6FD, FAA8B5E3159684E0836900C6EAF63857B445F7F180169B56D5790F097EDAA38B ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:11:35.0721 0x07e4 RpcEptMapper - ok
09:11:35.0736 0x07e4 [ 10B21284B3D964AB3DC45490E57D422E, 12D5E3A7785F21C99C5EAD14A88EB7A86A058E26C091991339356D99D196CC13 ] RpcLocator C:\Windows\system32\locator.exe
09:11:35.0752 0x07e4 RpcLocator - ok
09:11:35.0799 0x07e4 [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] RpcSs C:\Windows\system32\rpcss.dll
09:11:35.0830 0x07e4 RpcSs - ok
09:11:35.0846 0x07e4 [ D38250F459BF60D6F4B69B79DCD948CC, E68C864C1A4C9352EA939062F28789ADE9F0672E8CB3F3909D2891786C76F06F ] RSP2STOR C:\Windows\system32\DRIVERS\RtsP2Stor.sys
09:11:35.0893 0x07e4 RSP2STOR - ok
09:11:35.0924 0x07e4 [ E04E770DD198B9399640717145E79EBF, 2F9BECB7E4B0A522C6370FD39CFD7DFD3FB5D0A779AECCED2EE855629FA3C952 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:11:35.0987 0x07e4 rspndr - ok
09:11:36.0049 0x07e4 [ B73A81659A0BBF134399BD802DC228FB, 3B1374B976934FBEE3538DCC0DE706F6A87FDBC3666FDD0F943F351A868A366D ] rtbth C:\Windows\System32\drivers\rtbth.sys
09:11:36.0111 0x07e4 rtbth - ok
09:11:36.0158 0x07e4 [ 34DA0D14F5C3F1883A331AFB975AB434, BB5D580C1DCAE59CC1DB75C411A5A4DDF435931469E7EBFF5DFDADBFE07ADEBF ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys
09:11:36.0190 0x07e4 RTL8168 - ok
09:11:36.0221 0x07e4 [ 752EC7DCD2F96871A3857EEE6AFE965A, 1D0640966B9147A06ED0E733711773E6B4AB8AC6D962D5B369ECB04170D18AD8 ] s3cap C:\Windows\System32\drivers\vms3cap.sys
09:11:36.0252 0x07e4 s3cap - ok
09:11:36.0283 0x07e4 [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] SamSs C:\Windows\system32\lsass.exe
09:11:36.0299 0x07e4 SamSs - ok
09:11:36.0330 0x07e4 [ 9C7B28CE0D136DB226E24DB3BC817F92, E9DE55D6432ADD08EC75F99F2B5D2BD1F553F4EE55991B1767B1578351EE0BF2 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:11:36.0377 0x07e4 sbp2port - ok
09:11:36.0424 0x07e4 [ 14316954FCE79C9DE5A0AFF9D42C83AA, B60FB1FAC0299F9560761411711E86EDFA2F8D27B58230E2E4BB37736FAB2287 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:11:36.0486 0x07e4 SCardSvr - ok
09:11:36.0486 0x07e4 [ 5D7733A12756B267FCA021672B26BC9E, 01CE5B5F49914B9E099BD909A66296F3A40644AE47BA1D5EBFFB30CD33C70A4A ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:11:36.0549 0x07e4 scfilter - ok
09:11:36.0627 0x07e4 [ ED40ED9A65F3E79A8C43DD50C5FDADBF, 2323BFAB1BC3D661A376650B7AC14C7780C92BA575DA048F3C7611CDB3F7F04A ] Schedule C:\Windows\system32\schedsvc.dll
09:11:36.0690 0x07e4 Schedule - ok
09:11:36.0721 0x07e4 [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] SCPolicySvc C:\Windows\System32\certprop.dll
09:11:36.0737 0x07e4 SCPolicySvc - ok
09:11:36.0783 0x07e4 [ AD7189E85A0801DE0507C610963A3CD0, 0AA9F3C9D252624CC62EC95FD910C6911E136DD3E66159CEB9857BC7AB70FAA2 ] ScpVBus C:\Windows\System32\drivers\ScpVBus.sys
09:11:36.0815 0x07e4 ScpVBus - ok
09:11:36.0846 0x07e4 [ F58B030A0664385C707B8C1C63682041, E46AADAA2CD687B9A4B564DC5B002493C8480542588E660BC3DF89EAF9DB0427 ] sdbus C:\Windows\System32\drivers\sdbus.sys
09:11:36.0908 0x07e4 sdbus - ok
09:11:36.0971 0x07e4 [ 92968277ED491E4B3DDA361E3952361E, 71C50853BB2126A34C7CD014EE44D4B8B39F589E2E8E8E8F4C982E07498E3899 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:11:37.0018 0x07e4 SDRSVC - ok
09:11:37.0049 0x07e4 [ BB107AA9980B0DA4E19A3A90C3BD4460, BCB4CF0FFF1FD57302557B68044A88C8EEAAE57C2FEAE8EAD1F410F960298B6D ] sdstor C:\Windows\System32\drivers\sdstor.sys
09:11:37.0096 0x07e4 sdstor - ok
09:11:37.0127 0x07e4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:11:37.0205 0x07e4 secdrv - ok
09:11:37.0237 0x07e4 [ CD282626738B6BC92B6E7CD0AAE95B63, 1A56567C781786C85C63E24E79186EE5C82D3EB2679061B21BA0571A3A6CB7F5 ] seclogon C:\Windows\system32\seclogon.dll
09:11:37.0283 0x07e4 seclogon - ok
09:11:37.0299 0x07e4 [ 9C51620998F0763039DFA6BF68E475ED, 9E496ADE7CE9A446BE8A2C2FC61B462D966778A94A4C147AABBD25C4821C2BCE ] SENS C:\Windows\System32\sens.dll
09:11:37.0315 0x07e4 SENS - ok
09:11:37.0346 0x07e4 [ 0D50B4B860DAB65241628D04CD33ACAE, 2AA897C3F9ED076AB9244A32745D18489B076F3ED28A35B868C472131C5B5B46 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:11:37.0362 0x07e4 SensrSvc - ok
09:11:37.0377 0x07e4 [ 87C46B239A7EEF30FDFDD5E9BD46130C, F36FB5B20AC58FBD31F7E636059D2D865B751E178E51A03B94ABE0BBD1AB1EC9 ] SerCx C:\Windows\system32\drivers\SerCx.sys
09:11:37.0424 0x07e4 SerCx - ok
09:11:37.0455 0x07e4 [ 7A1F9347C85FD55E39B8A76B3A25C5AD, 03AF3B23285278A38F4CBEAB7FD326A48FA1EC7F8D044C059CE5403C6D225639 ] Serenum C:\Windows\System32\drivers\serenum.sys
09:11:37.0487 0x07e4 Serenum - ok
09:11:37.0502 0x07e4 [ F640A0A218BBF857F1D04A15D7D939F6, 948C13886281FE7947E10FB7B34D5CCFE512FB632F1132B6062AC85149F79950 ] Serial C:\Windows\System32\drivers\serial.sys
09:11:37.0549 0x07e4 Serial - ok
09:11:37.0580 0x07e4 [ F1A5F56B2620B862CC28FF96A0A6DAAB, E5367212B2CADF3820D657CFC27CD961547E28DAB950C68E1380CF97FB68F3F4 ] sermouse C:\Windows\System32\drivers\sermouse.sys
09:11:37.0612 0x07e4 sermouse - ok
09:11:37.0627 0x07e4 [ CB60A60340788C8D6DE2A269D28086AB, 2D8948E59BB9B00E16D20E425F80E7B862957DBAC9A4D1484E5191FAF333B60D ] SessionEnv C:\Windows\system32\sessenv.dll
09:11:37.0658 0x07e4 SessionEnv - ok
09:11:37.0674 0x07e4 [ 7EE65419B29302C795714FF8073969A1, E28D89A5423E3A5062030EB2418E9435DD5D8B9D16570046E782D3FCFDA2E79A ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
09:11:37.0737 0x07e4 sfloppy - ok
09:11:37.0783 0x07e4 [ 090AE16F79C8EAD04E6031F863DA85F3, 3F27BE46DF602B53940414A6E9FEB23B36CFFB8E9A7F41440C3315B8E27D0029 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:11:37.0830 0x07e4 SharedAccess - ok
09:11:37.0893 0x07e4 [ A77F3ABE13FCC698511E5DEC7ACEBD5F, 78A43FDA9F770FD8BA107605DB44BC71D8B89D7E75560DA783AA6356C1873C15 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:11:37.0987 0x07e4 ShellHWDetection - ok
09:11:38.0018 0x07e4 [ 2560721D6F16D5B611C36A3A9D28C1B2, 15C30404902654ABA5DB5367FC5BD31343B12A3FC22B4BC5A26B09016447B5ED ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
09:11:38.0033 0x07e4 SiSRaid2 - ok
09:11:38.0049 0x07e4 [ 3AA8FDE1DBF65BB8B88B053529554A0D, 8060D946344D043D336F4735363C23C37C91A6DB3F81E575C267B2EC2BECB0EC ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:11:38.0080 0x07e4 SiSRaid4 - ok
09:11:38.0205 0x07e4 [ E6035ADBA3F13ACF1BEDA7B5D50FDBBB, A840D072395F2394E3B55A080F8F17CC3A02E8BCAFE8B8EC0374ECA1EFF05C23 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:11:38.0237 0x07e4 SkypeUpdate - ok
09:11:38.0252 0x07e4 [ AF5CC3F9B88F140D78FC967ABF0F4EC7, 7CE3AB7B0A36635CF00E35E84C14B8661FAF794ABCFA61AE45A0E5E8EA996A3B ] SmbDrv C:\Windows\System32\drivers\Smb_driver_AMDASF.sys
09:11:38.0268 0x07e4 SmbDrv - ok
09:11:38.0284 0x07e4 [ 962ABD93C70B28CE97F78B8F115FF1B2, C3C83AF01764E24FFEFDDC8383DA4667107A0D84C2533FE71794EF90C3C374A7 ] SmbDrvI C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
09:11:38.0300 0x07e4 SmbDrvI - ok
09:11:38.0316 0x07e4 [ E660156A4588A84305CB772FD2C0DB21, 9492EB6578D4A689945E1FC2440EFA77D461049CDB2D00A645969A71B7DA68E1 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:11:38.0347 0x07e4 SNMPTRAP - ok
09:11:38.0394 0x07e4 [ FD3AF5575B99871BADB94E7699DBCE08, 847A78C1388683984AFA7D00B7C7F8741BC1DFBF4999AAD1E2EFC22D3C316846 ] spaceport C:\Windows\system32\drivers\spaceport.sys
09:11:38.0425 0x07e4 spaceport - ok
09:11:38.0441 0x07e4 [ 3D8679C8DF52EB26EB7583A4E0A29202, DCD9B69299275857712AB200C014AE820C8A9F7E53C4A335A84518FBE4BB56BB ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
09:11:38.0472 0x07e4 SpbCx - ok
09:11:38.0519 0x07e4 [ 3F215BF2D4D8D6756298B25B579772C2, 744192D1635E5D296BFD399E870B70592202CEAF95C31C2D2B226A868D33A3FD ] Spooler C:\Windows\System32\spoolsv.exe
09:11:38.0613 0x07e4 Spooler - ok
09:11:38.0800 0x07e4 [ EC84D961501054F87A6878EC5D53388F, C69F3542B182BED4260EE1906361B72B9FFDE47FD92A161850E28BC6ED7505CC ] sppsvc C:\Windows\system32\sppsvc.exe
09:11:39.0003 0x07e4 sppsvc - ok
09:11:39.0019 0x07e4 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6, 61EEB1349489CB85204F1B4E398BE24EDC01FB914120C9DD0487F8EE1EDA055E ] srv C:\Windows\system32\DRIVERS\srv.sys
09:11:39.0081 0x07e4 srv - ok
09:11:39.0160 0x07e4 [ 56218A571ECF8D55E0CDFF8DF2546CF1, 44B34722108EDDC8757A0B7C939A854457BB7EBC92A83C4284DFFAECFC2E3619 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:11:39.0222 0x07e4 srv2 - ok
09:11:39.0269 0x07e4 [ 14FC338B80CFF7E04215133B568D15C4, 1F437BE0EC887097F0C3409D4198A20981FC325FDF915532AB85070D337DEF2B ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:11:39.0316 0x07e4 srvnet - ok
09:11:39.0363 0x07e4 [ 7A20882D76D4A78240A5AC9F2C2EBA21, ACA05211EE542999A118BBD2CD051038A7DC8C40C4B8971DC6514BA90E90EC61 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:11:39.0394 0x07e4 SSDPSRV - ok
09:11:39.0410 0x07e4 [ D233B16999A8E626F6004BD7814C57EC, 5BBFE5DDF1269617ABD1BDBED85A79D99BB52EA29C2BB3A8F4A1827BFAA1A747 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:11:39.0425 0x07e4 SstpSvc - ok
09:11:39.0456 0x07e4 [ 855335BF5792E56164F98C012E3D92DD, 4C0DAB03AC7B7DF52D2FBC89AD09A4421D16C02EFB035101EF419E9D2FF903A0 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
09:11:39.0472 0x07e4 ssudmdm - ok
09:11:39.0581 0x07e4 [ 098185E9B7C417CF7480BB9F839DB652, 5573CB98057DC2F01E8958780165A32AFD08E4C768F5625250628CB8A4C509D3 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
09:11:39.0644 0x07e4 STacSV - ok
09:11:39.0691 0x07e4 [ AFE32AFD30464FC59CB8E88DC72F66FA, 24644F8AA47E61B98EF867BE18A9BE383822D64F3AADF2ED35E42FBFBA7B340F ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
09:11:39.0722 0x07e4 Steam Client Service - ok
09:11:39.0738 0x07e4 [ 4E85355B94CFCB67C135F6521A4895A7, AC4FC65C1E62A54B3834E7FE0A2B1ECC48A2AA563AE5BD508326EE68FFFBBEEE ] stexstor C:\Windows\system32\drivers\stexstor.sys
09:11:39.0769 0x07e4 stexstor - ok
09:11:39.0831 0x07e4 [ 32BE0B7CCA47A5BE30E7E43DC54B54F3, D4667E88E14393311F93D787C902B993B9451A94D332A65B0E22A8C40C3DFF44 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
09:11:39.0925 0x07e4 STHDA - ok
09:11:39.0972 0x07e4 [ BAC8A721736AECC55A4F71523AEAB65F, B52E1303B13A961A5FC190829E55B6F28ACA409A6EEF44B358D1D210558FE1D8 ] stisvc C:\Windows\System32\wiaservc.dll
09:11:40.0019 0x07e4 stisvc - ok
09:11:40.0066 0x07e4 [ B240874B2CA0CD02E8CD11E140B14C57, 0FDBEE3DB644175A30065CAF020F375703ADC45A33221788C010F3111707FC25 ] storahci C:\Windows\system32\drivers\storahci.sys
09:11:40.0081 0x07e4 storahci - ok
09:11:40.0097 0x07e4 [ F74DBC95A57B1EE866D3732EB5F79BE2, E4FE9D5CD0A385ACB60D5D5E8D969F26C3A6BC0C08FF0838DBE9CA106229C8DE ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
09:11:40.0113 0x07e4 storflt - ok
09:11:40.0128 0x07e4 [ 5337E138B49ED1F44CCBA4073BC35C20, 2B296973215E3865A56C46DC3D27F1460D96BC321558CE7A911B05B0E7BF397F ] StorSvc C:\Windows\system32\storsvc.dll
09:11:40.0175 0x07e4 StorSvc - ok
09:11:40.0206 0x07e4 [ 543CD3CC0E05B8D8815E0D4F040B6F59, 4B57C9534E94A0A67FC82DBD4FAECACA180BEC281FB477550A37C0A04777E09E ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:11:40.0253 0x07e4 storvsc - ok
09:11:40.0269 0x07e4 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A, 82CC77030D23013572B4A64A64B6156789F253BF56268B790093CE3D345410A0 ] svsvc C:\Windows\system32\svsvc.dll
09:11:40.0316 0x07e4 svsvc - ok
09:11:40.0332 0x07e4 [ 4AFD66AAE74FFB5986BC240744DC5FC9, 0C9347614E3FD3B4D3B29FA4A5DA23FF6EE4CD9A1FFC378B855B8DE61B2876CF ] swenum C:\Windows\System32\drivers\swenum.sys
09:11:40.0363 0x07e4 swenum - ok
09:11:40.0425 0x07e4 [ 502F9488540051F3E6C39889ECFA76BB, 22ABD681BE4CF8A1F484C6363C1334B1EF7A6C074D837B0121DE1896887B84C6 ] swprv C:\Windows\System32\swprv.dll
09:11:40.0472 0x07e4 swprv - ok
09:11:40.0535 0x07e4 [ 1C9BC67929C728DED1091CA19C3F7D41, 78C7EA28E339FCDBD74470938298E33AB41A14CEE967E1B82CE1D11C54594135 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
09:11:40.0566 0x07e4 SynTP - ok
09:11:40.0644 0x07e4 [ A06CB9269D29EE3D0F3F5630ABB660B8, 519A01FC7D9414B26CCBC23E7FB1CEAF1C91CD173B4F4A4025F8316B7460C584 ] SysMain C:\Windows\system32\sysmain.dll
09:11:40.0706 0x07e4 SysMain - ok
09:11:40.0753 0x07e4 [ 6FB88606C4A71E1BFAF97D63A676C673, D72F93A482E989ACA50F9647B7AD699A4656AEAACF377BB2B8CEBB094B748852 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
09:11:40.0800 0x07e4 SystemEventsBroker - ok
09:11:40.0831 0x07e4 [ A6C06C45C44AD06C70AF8899AEC15BDC, AC2CCCDBA6B94BA85A6D41B47343193D175786D4ECF71AE9C7766ADD63A1273F ] TabletInputService C:\Windows\System32\TabSvc.dll
09:11:40.0863 0x07e4 TabletInputService - ok
09:11:40.0910 0x07e4 [ F33FDC72298DF4BF9813A55D21F4EB31, 34AADF5115CA1B275FEF4238B420FE424F0E1D0FFD1606B24A0D594D7305CF1F ] taphss C:\Windows\system32\DRIVERS\taphss.sys
09:11:40.0957 0x07e4 taphss - ok
09:11:40.0988 0x07e4 [ 88B7721AB551C4325036B25A34A2BF7B, 2817CC6294542524EC373A674535F913440736BEBE81233CA91D5ECD93620B02 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:11:41.0035 0x07e4 TapiSrv - ok
09:11:41.0144 0x07e4 [ 1794C43A000A47D92B3304FC1E3E512A, 5599B11EC63BB4BDD0486BDF06D913EEECCF6E2955AEC814619EAAA3CBBF22E4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:11:41.0269 0x07e4 Tcpip - ok
09:11:41.0347 0x07e4 [ 1794C43A000A47D92B3304FC1E3E512A, 5599B11EC63BB4BDD0486BDF06D913EEECCF6E2955AEC814619EAAA3CBBF22E4 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:11:41.0425 0x07e4 TCPIP6 - ok
09:11:41.0457 0x07e4 [ 8F2A13A5DF99D72FDDE87F502A66F989, 2228C62ACDB4CBBFDD2BE705E604E0B9A8AEA7146F65F2D8B9B2A2FB49ACFAE1 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:11:41.0503 0x07e4 tcpipreg - ok
09:11:41.0582 0x07e4 [ 73DC722CE5DF26D7638CE2446F2655C7, 9B8E6F6DEA5E0C2AEAC24A31897D2E73F86EF44F1C25FEF82D2C860353793817 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:11:41.0644 0x07e4 tdx - ok
09:11:41.0675 0x07e4 [ F7C8AB5D8AFFAA318D6A21093D139BF4, 0A35052EF7DC8615783A23897358D8C579BE694363615C9563FF629E7B719991 ] terminpt C:\Windows\System32\drivers\terminpt.sys
09:11:41.0738 0x07e4 terminpt - ok
09:11:41.0800 0x07e4 [ 541EE228D0DEF392F7B2DFD885DD021B, 594D6538FA4DB5EF4D130007D7C29051EC2EDCA39EBB119695B58E9CBB0EB728 ] TermService C:\Windows\System32\termsrv.dll
09:11:41.0847 0x07e4 TermService - ok
09:11:41.0863 0x07e4 [ 519A6F672FFF56B7D8EE8C730CEC8ECD, 2B36F10C0AE16A261DC0887B1050808BA1F0568F3879E4ABC3D370F08C3FADB7 ] Themes C:\Windows\system32\themeservice.dll
09:11:41.0894 0x07e4 Themes - ok
09:11:41.0925 0x07e4 [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] THREADORDER C:\Windows\system32\mmcss.dll
09:11:41.0941 0x07e4 THREADORDER - ok
09:11:41.0972 0x07e4 [ 4515B9E4140F04FB3907692DF89FCA87, F68EC56524BDA877646E987BE7414C1D622BD9FF05A5AEADCA39030FDC2B0115 ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
09:11:42.0003 0x07e4 TimeBroker - ok
09:11:42.0035 0x07e4 [ 6F0BFF80EE2A5BC841286A51F893CBAD, 79C58352002D9E3274170B6933FE3600F7C74E9DDB38C74805C42C53ADD35F28 ] TPM C:\Windows\system32\drivers\tpm.sys
09:11:42.0066 0x07e4 TPM - ok
09:11:42.0097 0x07e4 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA, A6846478B9E7B0A509E5A28C6C7B66ED39F0247F9AFF01E3C3CADC0DBEF3CA00 ] TrkWks C:\Windows\System32\trkwks.dll
09:11:42.0128 0x07e4 TrkWks - ok
09:11:42.0191 0x07e4 [ 8ABBB5CE0C62E0A6D28F32F44B7F865C, 4C78FE2A4A25A758D5191C4EDB2A6FE691FF82E7C16C0F146DC96DAD87D4F64E ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:11:42.0238 0x07e4 TrustedInstaller - ok
09:11:42.0269 0x07e4 [ 4E7C5FB10A50435523DE0CAA37DE2BD3, D6206DF61950F2541FB754E57C4D9EF9FA0CC1EDD6F6FA4E45F02B47958493F7 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:11:42.0316 0x07e4 TsUsbFlt - ok
09:11:42.0332 0x07e4 [ 16D684A820872EE54F6370703AC0B513, 795E20484358424CE9FA766937DD99413025A8AF967D03490392E8E02A382D0B ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
09:11:42.0378 0x07e4 TsUsbGD - ok
09:11:42.0410 0x07e4 [ 78C9EE193AC2B4CBDBC48B620314D740, 41523E47D321BFF5778F5E453545B928C0A469C3BBA51578E74D6721D7DF9273 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:11:42.0441 0x07e4 tunnel - ok
09:11:42.0457 0x07e4 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A, AA7DA2207C0236F47859A4791F9D7301E7ADB50A59D831DC859ECC7CA70D3E1D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:11:42.0488 0x07e4 uagp35 - ok
09:11:42.0535 0x07e4 [ 6FD6D03B7752C78712E5CFF29A305026, F09C5188AAFCF4C77B05BA1E604F9912782A9F1371F72F959288EBC2725407ED ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
09:11:42.0566 0x07e4 UASPStor - ok
09:11:42.0597 0x07e4 [ 4834158B8D06A153FADAB6B85320FBBE, 55D78600A9D2E02AA19A1840484E03B5DFF39BF5DA06834A0CCF531D5B623BED ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
09:11:42.0644 0x07e4 UCX01000 - ok
09:11:42.0691 0x07e4 [ 25C50F4EDF70D0A831E0566BD181CCF2, F2F9E86FB5617C16077D2073EC0AA747F76F1EB5148BA110347A84F3C3569F83 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:11:42.0738 0x07e4 udfs - ok
09:11:42.0754 0x07e4 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D, 16DE6E0894C356A58AF12BEC2FE9B188F147DD4B16CB2414DE600CE4127F929D ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:11:42.0785 0x07e4 UI0Detect - ok
09:11:42.0816 0x07e4 [ 07FEBCDF24FABA0D47B635D85A0FFB7A, 452C04B14681EBCE8B1B25B75A1B7CC978722B7DDE54D624E17841B14ACCF65D ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:11:42.0832 0x07e4 uliagpkx - ok
09:11:42.0847 0x07e4 [ 02CEB3FE6152668A7BA420B93B664860, 613F27540FD1EFE2442E326F507DACD5A25691C8481937022B7E1104F3E6E9E2 ] umbus C:\Windows\System32\drivers\umbus.sys
09:11:42.0894 0x07e4 umbus - ok
09:11:42.0910 0x07e4 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09, 30AAD7D18FF5962CEC7180359D148EED5A1BF193DDB2B34508897FC3EBA692C3 ] UmPass C:\Windows\System32\drivers\umpass.sys
09:11:42.0972 0x07e4 UmPass - ok
09:11:43.0004 0x07e4 [ 43FEFB040A0CC30F795FBF544169594D, F2A730C0F7C883321C378D4564120A40428D7F8E393F02C8D6A08934795A35C7 ] UmRdpService C:\Windows\System32\umrdp.dll
09:11:43.0050 0x07e4 UmRdpService - ok
09:11:43.0160 0x07e4 [ 9B8C9350985983E9760E1786731A8728, 78178FDE1329E5B55F77FF73C66B01279A03E2E3C3CB7E3D9DF14291D206D780 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
09:11:43.0191 0x07e4 UNS - ok
09:11:43.0222 0x07e4 [ 14D22C411854AA2560AFC94CD2D5E61F, BB376734733671C02319E6DB1800D41212694446FD65465498C92D4ECBFE7458 ] upnphost C:\Windows\System32\upnphost.dll
09:11:43.0253 0x07e4 upnphost - ok
09:11:43.0285 0x07e4 [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64 C:\Windows\System32\Drivers\usbaapl64.sys
09:11:43.0347 0x07e4 USBAAPL64 - ok
09:11:43.0394 0x07e4 [ 2AF9F0E16D75B8F783A1ACE74EF51C9B, AADB8991174CCDA3ADE14AF3EFB3A9826EC17A0F989F449FF43010A99D8CAA1F ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
09:11:43.0457 0x07e4 usbccgp - ok
09:11:43.0488 0x07e4 [ B395B62B62F28106218FA6FB17F4C797, 231CA3512B02BBE70E630A6304E899BCB741CE411FB10C2B3DE48E52034F24BB ] usbcir C:\Windows\System32\drivers\usbcir.sys
09:11:43.0550 0x07e4 usbcir - ok
09:11:43.0582 0x07e4 [ 52F267AEE8CA5AA5CEB88C6A71EE1E86, 93E2CC1D4A56A3BBDD85020A8F4AD1B9B119953DB83A155C56D667924D5D8A02 ] usbehci C:\Windows\System32\drivers\usbehci.sys
09:11:43.0597 0x07e4 usbehci - ok
09:11:43.0644 0x07e4 [ ADBF89B8E0BB372FEFE2E4B84E1E20AE, 4B73F96CD6526439983462CC19D092C92B5FBEAFB37DF6E34A1DAEE9985210E0 ] usbhub C:\Windows\System32\drivers\usbhub.sys
09:11:43.0691 0x07e4 usbhub - ok
09:11:43.0754 0x07e4 [ EA040D4C6C94F315A85F3D0EAA884B37, 7A222CD59117CB2AACF1D9BD2A2A4C1B1AC5EEDCBFDB13B722469BA2D81F4901 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
09:11:43.0800 0x07e4 USBHUB3 - ok
09:11:43.0847 0x07e4 [ 325F6179009B5A7F6118951A5BA422AB, 756CB2893530485E8C3ACFF5A40F4C6EB446E72B2296E8772058E407A5E066DE ] usbohci C:\Windows\System32\drivers\usbohci.sys
09:11:43.0925 0x07e4 usbohci - ok
09:11:43.0957 0x07e4 [ BA3ABE0CD1C14B3295BAD0F076B84CAC, 19E0679D44A9BD9DDCC336C7DE784147D6CFC3DE4250D5CA31CE49867D51A414 ] usbprint C:\Windows\System32\drivers\usbprint.sys
09:11:44.0019 0x07e4 usbprint - ok
09:11:44.0082 0x07e4 [ BFC7FE4AAEB61317A921871B4085EF4B, CBC3FBAEAD6C82A437CC87A97007EF807C64053AB8FA5C3233C2A0CF6FC8D019 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
09:11:44.0113 0x07e4 USBSTOR - ok
09:11:44.0129 0x07e4 [ D25EF4A6EC244C5DE85D88A05B7C149D, A08793945D5FDC2CCCB2C621853A69941F1A108DF6CB559F3E8A21A047A8CCB3 ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
09:11:44.0207 0x07e4 usbuhci - ok
09:11:44.0254 0x07e4 [ 09799E701B4327097E9F63D3FE221083, CF2B97D5B3D434D8E5547B2A86771C69A6F7F4857CAD70865B50462A04A27A48 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:11:44.0316 0x07e4 usbvideo - ok
09:11:44.0347 0x07e4 [ 1ADCF0A490C2845637B334626669CD6F, 7B49B491E2328A6969FAEA12B8D74C27F2671C9B2DC60294A2B8B431BAB1C176 ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
09:11:44.0425 0x07e4 USBXHCI - ok
09:11:44.0457 0x07e4 [ 9AD9560606A3049CE492E3A06FB12716, D154976648BC3F6B3E3B8E055ECF18C6BE93359B3F679D9BFC5430E4746CB52E ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
09:11:44.0535 0x07e4 usb_rndisx - ok
09:11:44.0550 0x07e4 [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] VaultSvc C:\Windows\system32\lsass.exe
09:11:44.0566 0x07e4 VaultSvc - ok
09:11:44.0597 0x07e4 [ BACECBFF9C97F7627A60B0E0F1FE7EE8, DC82F767D066B93A48A090DC7146EBCCDC54B43C6CD9DF29A160E09E3A531DC8 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
Deanosaurus is offline  
Old 11-01-2015, 04:39 PM   #15
Registered Member
 
Join Date: Oct 2015
Posts: 36
OS: Windows 8



09:11:44.0613 0x07e4 vdrvroot - ok
09:11:44.0722 0x07e4 [ 1B4488988E5E7512E6C5CD1255E9E973, B82C26E767A8895CFFD76C11D07D5C945C38E1BD32CC27D20A6C0FA7F6064FC5 ] vds C:\Windows\System32\vds.exe
09:11:44.0769 0x07e4 vds - ok
09:11:44.0785 0x07e4 [ 74FA2D4368DE6F6CE14393EDF1F342BE, C5CE4164B2C3D583A7FB8687ADEADCDB08D36A5AB1965E5FC6949AEED15881C8 ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
09:11:44.0800 0x07e4 VerifierExt - ok
09:11:44.0863 0x07e4 [ 500BE6B2E49883720D0AE8BB859ED7A3, 4606B02A3E8123510676E554635EB5ECF9DC5F2B83928710C8563787C52CC102 ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
09:11:44.0925 0x07e4 vhdmp - ok
09:11:44.0957 0x07e4 [ F5B4A14B00E89250C50982AC762DDD1D, 581CD97DD42E74A82F06BFB827DFC82618B4A8667ACA7E93C628BB0D056CE8F0 ] viaide C:\Windows\system32\drivers\viaide.sys
09:11:44.0988 0x07e4 viaide - ok
09:11:45.0004 0x07e4 [ 78DB50F7329F6D1311658DABFFFC8BE0, 8CB0C831608033C4BC1D2DA7FAA7D429333A3654E76A989F7AF85BFC5F086BE9 ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:11:45.0035 0x07e4 vmbus - ok
09:11:45.0082 0x07e4 [ ECFEE2F2BA3932C7880D1A8F67D68F91, 57DCD55A518A9FBDEF72B511C643B1062C3F7BD339F4B0FC19E9D84C615B968D ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
09:11:45.0144 0x07e4 VMBusHID - ok
09:11:45.0207 0x07e4 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicheartbeat C:\Windows\System32\ICSvc.dll
09:11:45.0238 0x07e4 vmicheartbeat - ok
09:11:45.0238 0x07e4 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmickvpexchange C:\Windows\System32\ICSvc.dll
09:11:45.0254 0x07e4 vmickvpexchange - ok
09:11:45.0269 0x07e4 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicrdv C:\Windows\System32\ICSvc.dll
09:11:45.0285 0x07e4 vmicrdv - ok
09:11:45.0300 0x07e4 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicshutdown C:\Windows\System32\ICSvc.dll
09:11:45.0316 0x07e4 vmicshutdown - ok
09:11:45.0316 0x07e4 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmictimesync C:\Windows\System32\ICSvc.dll
09:11:45.0332 0x07e4 vmictimesync - ok
09:11:45.0347 0x07e4 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicvss C:\Windows\System32\ICSvc.dll
09:11:45.0363 0x07e4 vmicvss - ok
09:11:45.0394 0x07e4 [ CB60FAAED8B49B812EBBF77EB87D9B18, ADA7C68D4C4981555ED48981E8B7ACBEEF5C39F902EB98782FC3DFF495FE0C33 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:11:45.0410 0x07e4 volmgr - ok
09:11:45.0425 0x07e4 [ A74101DA9809251BCD0E5A26BAE0F824, 15A3A7CC31A13C5882812C344D0937A8A4503D12DB07B9F7F2A8191B739CDBF7 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:11:45.0457 0x07e4 volmgrx - ok
09:11:45.0472 0x07e4 [ 78A5BBA3819FFFC62FFEC3E2220D102D, A95797B97D576374C2CDA8A09E6C51A89BADE428AAA89D5093579C85062E5874 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:11:45.0535 0x07e4 volsnap - ok
09:11:45.0566 0x07e4 [ A8DA1C1B52ECEA3726DEBED4FF1B700D, 75C024EC3858DF24FB82FE105BDD1E37900D53EFE9D72F42CDDFFD0742525586 ] vpci C:\Windows\System32\drivers\vpci.sys
09:11:45.0629 0x07e4 vpci - ok
09:11:45.0660 0x07e4 [ 38A60CD9C009C55C6D3B5586F8E6A353, 7F7E2AE39F1A0A5245650911E310E0948BC22A18262A16FA76B44A042D66312D ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:11:45.0722 0x07e4 vsmraid - ok
09:11:45.0800 0x07e4 [ D0C69E44BC1E1D4AD290FD84104623D8, 4C86760EA4BD2A64FFD42D89284EC3E5048CB2F0F6F3B80D017B41C0D2456A90 ] VSS C:\Windows\system32\vssvc.exe
09:11:45.0879 0x07e4 VSS - ok
09:11:45.0894 0x07e4 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC, AC2F3C70EDCA0AFBB2606267DFE6D3E8E7B0772140153BAD6B0A9EDE6A1D2F29 ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
09:11:45.0925 0x07e4 VSTXRAID - ok
09:11:45.0941 0x07e4 [ 62460A45435A26A334907E3F2EA45611, FEF86E05117CC0AAB8211CA1542776EB620BD4699BD590D91F16621ED35B9824 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
09:11:45.0972 0x07e4 vwifibus - ok
09:11:46.0004 0x07e4 [ 095E943D27025E4D588AF0A72CC2318F, 3CE406A202F93EF8C4BC7317621A672670D734C69166393CA7256D5E5E667041 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:11:46.0051 0x07e4 vwififlt - ok
09:11:46.0066 0x07e4 [ 73FA1A41A97A5C34ADC03B3577FF1A86, CBA4BC0DA837C163587BBB4BF2AC1549C72440307C984D3CDF8995023718136C ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:11:46.0082 0x07e4 vwifimp - ok
09:11:46.0097 0x07e4 [ F690B6EEAA94576727B24376D7ED3601, A61EE96024C8FC4058481DFB1E7F0AD746565368672FA3B6BA8F9E23D0F47E4C ] W32Time C:\Windows\system32\w32time.dll
09:11:46.0129 0x07e4 W32Time - ok
09:11:46.0144 0x07e4 [ 6B806E893714019969E2B50D7EF6A4D9, 38FE2B01082DC4C2A0C11A292016A727F48C3DF1293DC3A0216B2254A452263F ] WacomPen C:\Windows\System32\drivers\wacompen.sys
09:11:46.0176 0x07e4 WacomPen - ok
09:11:46.0207 0x07e4 [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
09:11:46.0254 0x07e4 Wanarp - ok
09:11:46.0254 0x07e4 [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:11:46.0269 0x07e4 Wanarpv6 - ok
09:11:46.0363 0x07e4 [ 901CC968412F8155B08D7ABE0171166A, D05A8E3D4D159546394E902C618D0583FE497B51C8F1C86D8E3B9E046819DD53 ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
09:11:46.0394 0x07e4 WAS - ok
09:11:46.0457 0x07e4 [ 42DF22F8C448E7CD219F6D63743505E2, 063F4280C7BD20CE1360436B76A17DFE17FF611F75337A47373D098CC6C263BF ] wbengine C:\Windows\system32\wbengine.exe
09:11:46.0519 0x07e4 wbengine - ok
09:11:46.0535 0x07e4 [ 31D37B2F6069C631EF0557D322924812, 6E18A1060F3C8F4BF220E286C44327866A8F9109E74928AA2D8C2DA9C452038B ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:11:46.0566 0x07e4 WbioSrvc - ok
09:11:46.0597 0x07e4 [ AF1349386D4C6786EF4E34FACEF15042, 6B33778409BC54C1955B92508ADDEBAFD629141961B71C94A91DC4CFE8391A13 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
09:11:46.0644 0x07e4 Wcmsvc - ok
09:11:46.0691 0x07e4 [ 5B5FEAB51172F5513C2CF7B39CFA6A01, 4FDAC5168E00D44781C6F5D98ECD4977A12663C5CE6FFDFF9DBC89A28D6212D8 ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:11:46.0738 0x07e4 wcncsvc - ok
09:11:46.0754 0x07e4 [ E19556D414332E2BEBA1F368229006B4, AB3454EC85D7B6E62D44C4510C1547AE7F736558588E54B0E265F7B3A5810E15 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:11:46.0801 0x07e4 WcsPlugInService - ok
09:11:46.0816 0x07e4 [ B3A4D918DAB90505B6BC7B70632913CB, ECC19DCD7902C29D0682C70B9546CF8B82477A32147EE30EB6750D8499605B46 ] Wd C:\Windows\system32\drivers\wd.sys
09:11:46.0832 0x07e4 Wd - ok
09:11:46.0879 0x07e4 [ FD47DF026B32969B8A68721A0243E8EE, 57A7B9B40CEDADFB023AEDD9F29869F1B93EA2596F47B5DDC233D57FC585CCE1 ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
09:11:46.0910 0x07e4 WdBoot - ok
09:11:46.0972 0x07e4 [ 2ADC985B85A71BD7D99712EC0C24358B, 22B2BAC79BBA83271AC23EA14E4EB1101F1F570691EBE68A43C0D74D1A3E8D23 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:11:47.0051 0x07e4 Wdf01000 - ok
09:11:47.0097 0x07e4 [ 5F425D842DD6ADE9F95A51A0616AFAD7, 807B8E6A4FE443A362076C225F588A8C897CFE24A6367F4D461C8F6D3EF004C5 ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
09:11:47.0144 0x07e4 WdFilter - ok
09:11:47.0176 0x07e4 [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:11:47.0191 0x07e4 WdiServiceHost - ok
09:11:47.0191 0x07e4 [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:11:47.0222 0x07e4 WdiSystemHost - ok
09:11:47.0254 0x07e4 [ F2002DA5E6B78C15B2CD48CFF8F0FBB6, 4281100271761521F75F4D5A3D2E9FF40A9C7D81CEDAFD2EDD95788534090CA6 ] WebClient C:\Windows\System32\webclnt.dll
09:11:47.0285 0x07e4 WebClient - ok
09:11:47.0316 0x07e4 [ 35FD720943D4FCD75C3275BF062FF140, 9D8345E6DE1AE23F93AD0B52D27D1CCFD69EF7EE50654F92CA999BEC4570A773 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:11:47.0347 0x07e4 Wecsvc - ok
09:11:47.0363 0x07e4 [ 4D2612E3C462B68F499D840B1133263E, 4DDAEB4480AEC31A8184838588E0D3DFA31CE6D2FA6E906926860C75F52DC7B7 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:11:47.0410 0x07e4 wercplsupport - ok
09:11:47.0441 0x07e4 [ 5F70EBFC1F75B487DE79501E3CCBDB54, 2FCA57BF60A43B03BB42FBF22BBFC19AD2266FBBD818494AD114125E6E433321 ] WerSvc C:\Windows\System32\WerSvc.dll
09:11:47.0488 0x07e4 WerSvc - ok
09:11:47.0519 0x07e4 [ 3F1F31883EAC9DDDF836ACC6D1DAC36C, E5FC02104DC629A915026010833FE0D15051329FB91ECB4DF923FDA344EC5017 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
09:11:47.0566 0x07e4 WFPLWFS - ok
09:11:47.0613 0x07e4 [ 60E0C220593DA4F7C289CB909D2DBAE0, 057CA7727F748600CC155043081AB9E3244763CF4913F317D13226A515F6FDB6 ] WiaRpc C:\Windows\System32\wiarpc.dll
09:11:47.0660 0x07e4 WiaRpc - ok
09:11:47.0691 0x07e4 [ A3C7624A42A3447EF5EDD1ED37FE4E60, BD8BDF0A571873FA8277878AF7AED11196CFF1B4DF1EA6BA13BD4887D7B63B94 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:11:47.0723 0x07e4 WIMMount - ok
09:11:47.0754 0x07e4 WinDefend - ok
09:11:47.0816 0x07e4 [ 7911470B6018059A880469A63B65700A, 4B6131491A028FBCA54AC261112D183EFD42E98160545C8E8DFBDA01C87B3FB5 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
09:11:47.0879 0x07e4 WinHttpAutoProxySvc - ok
09:11:47.0926 0x07e4 [ 3D6B518B71C75C8FA4115A33615C107A, ED7A266013D29D3B1A462464735C3632BEA121D1B32553907AEAA0B00595C3DF ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:11:47.0957 0x07e4 Winmgmt - ok
09:11:48.0082 0x07e4 [ 8E212A627F33F6FC3B5F3BB47212F66E, 9BBFE26ABFA14F346FE3711D13D959523EEA23608A33C16F3D750D66CA511911 ] WinRM C:\Windows\system32\WsmSvc.dll
09:11:48.0176 0x07e4 WinRM - ok
09:11:48.0207 0x07e4 [ BB20956C424531003F7FA6CD36F11D5D, 2C55F1C7553A527A7C4C34E730BE943269AE23928731C64D3DC945E07AE1771E ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:11:48.0238 0x07e4 WinUsb - ok
09:11:48.0254 0x07e4 [ 4F2A80D65AE6F845776E2F06AE6782ED, 2455537C048115435D9EDE4B18F9F54C43912076AEF36BDEFEC35AF2140B8B2E ] WirelessButtonDriver C:\Windows\System32\drivers\WirelessButtonDriver64.sys
09:11:48.0285 0x07e4 WirelessButtonDriver - ok
09:11:48.0347 0x07e4 [ 6351724B8FA0255C2DBD970297F00B93, A02F274479F9F32E30C75A5BD991B008B3CCB47D380D5870563EF918DAC5730E ] WlanSvc C:\Windows\System32\wlansvc.dll
09:11:48.0410 0x07e4 WlanSvc - ok
09:11:48.0504 0x07e4 [ B330CE47FB74A6BE9A3FFFF4B3F64D9B, B76226808406D8B38DE2D3A8CCE633BB507022C8BAAA6C3DAD34204CC6CE1284 ] wlidsvc C:\Windows\system32\wlidsvc.dll
09:11:48.0598 0x07e4 wlidsvc - ok
09:11:48.0613 0x07e4 [ E2A596CACFC6504306CDB7B593B90084, DF89CF57249553CE922C841F18B99A213185FA1099C053B9BB8C0F6E5BC3FEC0 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
09:11:48.0660 0x07e4 WmiAcpi - ok
09:11:48.0691 0x07e4 [ D113499052C5E541906B727779F0F959, 05FB51086C0A0CE3812A7E6098C5A454ECCFE8553669CFA715153564F2226DB0 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:11:48.0707 0x07e4 wmiApSrv - ok
09:11:48.0738 0x07e4 WMPNetworkSvc - ok
09:11:48.0754 0x07e4 [ C6FF953D5D6F2EAE3B8883474D5076B3, 001CBB7FBC30209C892869258E5ABD3F0932886E156ECB10DCA599F6D32648BE ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
09:11:48.0801 0x07e4 wpcfltr - ok
09:11:48.0832 0x07e4 [ A6ED163169876BFD2437E872FE2F1509, C13E8676800EEEF690F51C4DEA660B36C8734AE2CCAAC48054E10D74B98949B8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:11:48.0863 0x07e4 WPCSvc - ok
09:11:48.0894 0x07e4 [ 3013658A4D327854BEEC4A08D9655194, C4CF5AA6A47CC55E7037B0BFE20AE0A6442ADDC5DEB89D6861C98C61851FA821 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:11:48.0926 0x07e4 WPDBusEnum - ok
09:11:48.0941 0x07e4 [ 0346CAFC181C91C6E2330332EB332ED6, D46F44C339399CAAE13CD71C53A169E95065208E07E5420DE00A4509D6CB056F ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
09:11:48.0957 0x07e4 WpdUpFltr - ok
09:11:49.0004 0x07e4 [ BC8B5CB336E63BB25EAD1CE8EDD34B81, A42759956EDCCC6D0688240AA4F833FB9CA132D42D2D901CDCBB24DCE1788C1D ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:11:49.0035 0x07e4 ws2ifsl - ok
09:11:49.0066 0x07e4 [ 012CFE7F0F95266F554EE3B91EE2128A, 866312F6BF7369BE686F1BA9F01311C99E95E268C6E63BE37C841F54F5AA0DB8 ] wscsvc C:\Windows\System32\wscsvc.dll
09:11:49.0113 0x07e4 wscsvc - ok
09:11:49.0113 0x07e4 WSearch - ok
09:11:49.0207 0x07e4 [ C10BFFEE7E0D7A1366E84F251796C51D, E1FD1DF5F5C5934F9A8584D54F35720655AC4F5D4CFD69CD1E063C0BBEC4D33D ] WSService C:\Windows\System32\WSService.dll
09:11:49.0285 0x07e4 WSService - ok
09:11:49.0426 0x07e4 [ BE302BABE45EC05995F8DC66E37BBB3D, 5AC4601FD2F064D0901112CE73E0D7FC9F5C3861C2E9B59941B346BFD6D4EF82 ] wuauserv C:\Windows\system32\wuaueng.dll
09:11:49.0582 0x07e4 wuauserv - ok
09:11:49.0598 0x07e4 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:11:49.0660 0x07e4 WudfPf - ok
09:11:49.0691 0x07e4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
09:11:49.0754 0x07e4 WUDFRd - ok
09:11:49.0754 0x07e4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFSensorLP C:\Windows\system32\DRIVERS\WUDFRd.sys
09:11:49.0785 0x07e4 WUDFSensorLP - ok
09:11:49.0816 0x07e4 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:11:49.0894 0x07e4 wudfsvc - ok
09:11:49.0910 0x07e4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys
09:11:49.0941 0x07e4 WUDFWpdFs - ok
09:11:49.0957 0x07e4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdMtp C:\Windows\system32\DRIVERS\WUDFRd.sys
09:11:49.0973 0x07e4 WUDFWpdMtp - ok
09:11:50.0019 0x07e4 [ 6D9E07436B6646EC8F7EFFD39B6BA288, 82C1CEA93ECEF17D221AD0F87C5BD96F3FD8143841C16BD9608BD4D58D90B8E0 ] WwanSvc C:\Windows\System32\wwansvc.dll
09:11:50.0066 0x07e4 WwanSvc - ok
09:11:50.0098 0x07e4 [ D107AA09E4E233E1AAE126255D8A4057, 767E78508DF2FABF1E8DBEA7214B4214FA7B2FAA9AC6DD7D97F3F517A8C83BFB ] xusb22 C:\Windows\System32\drivers\xusb22.sys
09:11:50.0160 0x07e4 xusb22 - ok
09:11:50.0160 0x07e4 ZTEusbmdm6k - ok
09:11:50.0176 0x07e4 ZTEusbnet - ok
09:11:50.0176 0x07e4 ZTEusbnmea - ok
09:11:50.0191 0x07e4 ZTEusbser6k - ok
09:11:50.0207 0x07e4 ================ Scan global ===============================
09:11:50.0254 0x07e4 [ DDC1AFBF9DDF880CE9BD3896114D8DED, E2406231EA4D2689A5EDFA9BD1A1BC064359D8D23B37F113A18B5EAE3E2D4050 ] C:\Windows\system32\basesrv.dll
09:11:50.0301 0x07e4 [ E9343076AE704D20BB0D01F3AF3EFFEF, FF2CE4146945976F9480690505CECD3C7C719BAF0F633E6192C8272C75EF295D ] C:\Windows\system32\winsrv.dll
09:11:50.0348 0x07e4 [ BD7C6949984D19AAA609896B675E7357, 5B46538B27BC70F5A3805AA63F6AACDC780C7168468FB535F2D35CF26B9DEE06 ] C:\Windows\system32\sxssrv.dll
09:11:50.0379 0x07e4 [ 8F226143046435C75C033B0C52E90FFE, 54FA316485B57D7B8104FE621F5F40DEC35E3D57C3DF46B5F7EACF57445FE7CA ] C:\Windows\system32\services.exe
09:11:50.0394 0x07e4 [ Global ] - ok
09:11:50.0394 0x07e4 ================ Scan MBR ==================================
09:11:50.0410 0x07e4 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
09:11:50.0535 0x07e4 \Device\Harddisk0\DR0 - ok
09:11:50.0535 0x07e4 ================ Scan VBR ==================================
09:11:50.0535 0x07e4 [ 67DE445DC55332140DF0C6E41C7CDD22 ] \Device\Harddisk0\DR0\Partition1
09:11:50.0551 0x07e4 \Device\Harddisk0\DR0\Partition1 - ok
09:11:50.0566 0x07e4 [ C66EA8CE5F390226D9F7FB6B010D8232 ] \Device\Harddisk0\DR0\Partition2
09:11:50.0582 0x07e4 \Device\Harddisk0\DR0\Partition2 - ok
09:11:50.0598 0x07e4 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
09:11:50.0598 0x07e4 \Device\Harddisk0\DR0\Partition3 - ok
09:11:50.0613 0x07e4 [ 302ABF1CA09AB5B2CE7DE9E2523A9F44 ] \Device\Harddisk0\DR0\Partition4
09:11:50.0613 0x07e4 \Device\Harddisk0\DR0\Partition4 - ok
09:11:50.0660 0x07e4 [ 90F8EC24F116DFA8BFC27FF488A2CA68 ] \Device\Harddisk0\DR0\Partition5
09:11:50.0676 0x07e4 \Device\Harddisk0\DR0\Partition5 - ok
09:11:50.0676 0x07e4 ================ Scan generic autorun ======================
09:11:50.0738 0x07e4 [ B53D3AFAA2A39BE79BF0D093063DB958, 9AE40F5A18906B2640B54B2ECF32D27F2E3D883DD7FF55EEC9F1D6E6201DED43 ] C:\Windows\system32\igfxtray.exe
09:11:50.0769 0x07e4 IgfxTray - ok
09:11:50.0801 0x07e4 [ 2698A43DF7F9284AB9A5D1C09803F4B4, 4C3E63514D5BF217750D966E20283B49D4EBA66143129548AE10076B35C07610 ] C:\Windows\system32\hkcmd.exe
09:11:50.0832 0x07e4 HotKeysCmds - ok
09:11:50.0848 0x07e4 [ C7325FC085E4CBB35608C01003EF0E36, D562E4C3A6ECD702EF38A32B8122B7737909278DEFF7F8F3D7FEA76D1FD8C2DC ] C:\Windows\system32\igfxpers.exe
09:11:50.0863 0x07e4 Persistence - ok
09:11:50.0926 0x07e4 [ 210875E72C45D712120904128F357233, 4998BF27D28D4DDE79F9B06E0562E28A9D433DBFC0D3D4144A7A97EBF5110091 ] C:\Program Files\IDT\WDM\sttray64.exe
09:11:50.0988 0x07e4 SysTrayApp - ok
09:11:51.0066 0x07e4 [ D6BC654588848E413FC6F104FB4F0FE1, 91AAC411E87826F14875F1D344BD238919F49D7F49EDA24DFCF13D9AEB4DB3BD ] C:\Program Files\Classic Shell\ClassicStartMenu.exe
09:11:51.0082 0x07e4 Classic Start Menu - detected UnsignedFile.Multi.Generic ( 1 )
09:11:53.0942 0x07e4 Detect skipped due to KSN trusted
09:11:53.0942 0x07e4 Classic Start Menu - ok
09:11:54.0020 0x07e4 [ 838258B7655F2309F7BE63F844AF51BB, 50E5831663E8BD4627C9D532AB4B0D451D668CFC519163E5D75952BA9BD6EE12 ] C:\Program Files\iTunes\iTunesHelper.exe
09:11:54.0051 0x07e4 iTunesHelper - ok
09:11:54.0129 0x07e4 [ 0080EB1CDD83F14C01534B1DC754234D, D0FC9B95A12D0C92730F8031B3DB287D1309008CF15EA0C02FC14B56FAE8C320 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
09:11:54.0145 0x07e4 APSDaemon - ok
09:11:54.0223 0x07e4 [ 0E34B7BB1FCF22BCC1E394D16F9E992B, 382CA8E6BAC301E2F277F8EDA03D263FF71272796A8EED582C36294EEE9191F9 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
09:11:54.0238 0x07e4 GrooveMonitor - ok
09:11:54.0332 0x07e4 [ 6198A9BC15ED77F318D5DDD1918CF1D1, 6C7E619BB053F09021F5867E3A70A3A2890E2318CF1A5CE294A5F894CB3A4890 ] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
09:11:54.0348 0x07e4 HP Quick Launch - ok
09:11:54.0395 0x07e4 [ 0496AE54A9E64D3B1825BC02B73BE4FA, 93BF9F706E3A5F355D1FE20E6C75D52C85D9FE0D6F44502AAA86159BE008DFF8 ] C:\Program Files (x86)\4G Hostless Modem\PocketWiFi\CheckNDISPort_df.exe
09:11:54.0410 0x07e4 CheckNDISPortf0ac8B - ok
09:11:54.0442 0x07e4 [ 91D0EE21BC00DA62C4E10E5D102743C5, 338038A707F0D3F0CDF4D4051F1532549E93EF78B08B4D3E74219B4E2584DFF8 ] C:\Program Files (x86)\4G Hostless Modem\PocketWiFi\CancelAutoPlay_df.exe
09:11:54.0457 0x07e4 CancelAutoPlay_df - ok
09:11:54.0535 0x07e4 [ 9ACCBC5891BA51B5B29C1A88F80D4CE3, 4EA3D9CB239874232AE0D7F824AF8CC7AD9BB4657CB9978B41067B4447FBE71B ] C:\Program Files (x86)\QuickTime\QTTask.exe
09:11:54.0567 0x07e4 QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
09:11:57.0505 0x07e4 Detect skipped due to KSN trusted
09:11:57.0505 0x07e4 QuickTime Task - ok
09:11:57.0630 0x07e4 [ 249348AC5BF38938B713756DBA286956, 5F8A441D9DD617A28F6BB8522957A718FDBFF4D031EE7D5796D77BA720FB6694 ] C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
09:11:57.0662 0x07e4 YouCam Service - ok
09:11:57.0724 0x07e4 [ D3DF887ED11E617945ACFC322C70BE31, E9510C51800E2A8622FC83C0889C6D3BE674451863F8F6D160B4C0BDEF0E7950 ] C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
09:11:57.0771 0x07e4 BtTray - ok
09:11:58.0005 0x07e4 [ 123CE08362EE48BBA7F9F1D7EB50F24F, B78A49B186475805D7022E22AE163C535F3594F62CEA2759547EC514FA6CBFCC ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
09:11:58.0130 0x07e4 AvastUI.exe - ok
09:11:58.0177 0x07e4 [ FCEC6F664FA7E5FE323165FBC9314470, 4E5AB1E6C3D2881D95E74F2F28649A7DBC4919CA249829A0E4CD9804E401A025 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
09:11:58.0208 0x07e4 SunJavaUpdateSched - ok
09:11:58.0318 0x07e4 [ FE157C8114B6D6FEBEEB5884D4933CF8, BA94B3E09524E062618DBDC2889AD2721B6D1D074380410275480476CAB38770 ] C:\Program Files (x86)\Steam\Steam.exe
09:11:58.0365 0x07e4 Steam - ok
09:11:58.0458 0x07e4 GoogleDriveSync - ok
09:11:58.0505 0x07e4 AVG-Secure-Search-Update_0913b - ok
09:11:58.0583 0x07e4 [ 46F6A07B217E0E58EE4DE8CB7C05FB82, E0246604C63CCCD272BD85C0F72C122DBE2F937D8417E2E9E51631BE4BB8966A ] C:\Users\yojax\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
09:11:58.0615 0x07e4 AmazonMP3DownloaderHelper - ok
09:11:58.0740 0x07e4 [ E5B836841C228FC9C47CE0F287C57EF8, 3279EDFC7B570C00ECC4AEF72EE976DAA996A4C3F26F2FA6B36D462F660760DC ] C:\Users\yojax\AppData\Local\Viber\Viber.exe
09:11:58.0755 0x07e4 Viber - ok
09:11:58.0849 0x07e4 [ 7C6D524C78A1722AD987B9E47AC1FEE2, FFDC6C92ABB547D0DCD2621EC423C755A78079B061A41FA1751A56799D1A79A5 ] C:\Users\yojax\AppData\Local\Dropbox\Update\DropboxUpdate.exe
09:11:58.0865 0x07e4 Dropbox Update - ok
09:11:59.0130 0x07e4 [ C13A97A3D871A8BAB56979D49E77D695, C8167BB0F24292CEF0A5D0CBBB759828F0C265D4994D7B9B8FD613724FEE5AB4 ] C:\Users\yojax\AppData\Local\Amazon Music\Amazon Music Helper.exe
09:11:59.0334 0x07e4 Amazon Music - ok
09:11:59.0334 0x07e4 Waiting for KSN requests completion. In queue: 15
09:12:00.0349 0x07e4 Waiting for KSN requests completion. In queue: 15
09:12:01.0365 0x07e4 Waiting for KSN requests completion. In queue: 15
09:12:02.0146 0x126c Object required for P2P: [ C13A97A3D871A8BAB56979D49E77D695 ] C:\Users\yojax\AppData\Local\Amazon Music\Amazon Music Helper.exe
09:12:02.0366 0x07e4 Waiting for KSN requests completion. In queue: 1
09:12:03.0382 0x07e4 Waiting for KSN requests completion. In queue: 1
09:12:04.0397 0x07e4 Waiting for KSN requests completion. In queue: 1
09:12:05.0413 0x07e4 Waiting for KSN requests completion. In queue: 1
09:12:05.0476 0x126c Object send P2P result: true
09:12:06.0538 0x07e4 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.3.215.0 ), 0x60100 ( disabled : updated )
09:12:06.0538 0x07e4 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.4.2233.1299 ), 0x41000 ( enabled : updated )
09:12:06.0569 0x07e4 Win FW state via NFP2: enabled ( trusted )
09:12:09.0851 0x07e4 ============================================================
09:12:09.0851 0x07e4 Scan finished
09:12:09.0851 0x07e4 ============================================================
09:12:09.0866 0x0fcc Detected object count: 0
09:12:09.0866 0x0fcc Actual detected object count: 0
Deanosaurus is offline  
Old 11-01-2015, 10:31 PM   #16
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Deanosaurus,

What problems do you still have? Please do the following.

Please download ComboFix and Save it to your Desktop.

Important! - Please make sure you save combofix to your desktop and do not run it from your browser
Please make sure you disable your security applications before running ComboFix. Get help here
Double-click ComboFix.exe and follow the prompts to run it.
If a message window opens to install the Microsoft Windows Recovery Console, click the yes button.
Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.
Please re-enable your antivirus before posting the ComboFix.txt log.
NOTE: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe
Next, go File > New Task(Run...) and type explorer then press 'Enter'. or just reboot the computer.
__________________
tekir06 is offline  
Old 11-02-2015, 08:37 PM   #17
Registered Member
 
Join Date: Oct 2015
Posts: 36
OS: Windows 8



Unfortunately Windows update and iTunes store still won't work...

Here is the Combofix log:

ComboFix 15-10-28.01 - yojax 03/11/2015 13:12:04.1.4 - x64
Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.3988.2635 [GMT 9:00]
Running from: c:\users\yojax\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Files Created from 2015-10-03 to 2015-11-03 )))))))))))))))))))))))))))))))
.
.
2015-11-03 04:21 . 2015-11-03 04:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-29 12:12 . 2015-10-29 12:12 -------- d-----w- c:\windows\SysWow64\config\systemprofile\.oracle_jre_usage
2015-10-27 12:49 . 2015-10-27 12:49 -------- d-----w- c:\program files (x86)\ESET
2015-10-27 12:47 . 2015-10-27 12:47 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-10-27 12:47 . 2015-10-27 12:47 -------- d-----w- c:\users\yojax\.oracle_jre_usage
2015-10-27 12:46 . 2015-10-27 12:46 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-10-27 12:42 . 2015-10-27 12:47 -------- d-----w- c:\programdata\Oracle
2015-10-27 11:58 . 2015-10-27 14:46 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-27 11:58 . 2015-10-27 11:58 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-10-27 11:58 . 2015-10-05 00:50 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-27 11:58 . 2015-10-05 00:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-27 11:58 . 2015-10-05 00:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-10-26 13:56 . 2015-10-29 13:30 -------- d-----w- C:\FRST
2015-10-19 12:59 . 2015-10-19 12:59 -------- d-----w- c:\users\yojax\AppData\Roaming\AVAST Software
2015-10-19 12:47 . 2015-10-19 12:46 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-10-19 12:47 . 2015-10-19 12:46 90968 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-10-19 12:47 . 2015-10-19 12:46 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-10-19 12:47 . 2015-10-19 12:46 448968 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-10-19 12:47 . 2015-10-19 12:46 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-10-19 12:47 . 2015-10-19 12:46 274808 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-10-19 12:47 . 2015-10-19 12:46 153744 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-10-19 12:47 . 2015-10-19 12:46 1049880 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-10-19 12:46 . 2015-10-19 12:46 378880 ----a-w- c:\windows\system32\aswBoot.exe
2015-10-19 12:46 . 2015-10-19 12:46 43112 ----a-w- c:\windows\avastSS.scr
2015-10-19 12:43 . 2015-10-19 12:43 -------- d-----w- c:\program files\AVAST Software
2015-10-19 12:35 . 2015-10-19 12:35 -------- d-----w- c:\programdata\AVAST Software
2015-10-15 12:46 . 2015-10-26 12:33 -------- d-----w- c:\users\yojax\AppData\Roaming\Audacity
2015-10-15 12:45 . 2015-10-25 05:15 -------- d-----w- c:\program files (x86)\Audacity
2015-10-14 13:30 . 2015-10-14 13:30 -------- d-----w- C:\SFCFix
2015-10-13 13:28 . 2015-10-13 13:28 -------- d-----w- c:\programdata\Malwarebytes
2015-10-13 13:27 . 2015-10-13 13:27 -------- d-----w- c:\users\yojax\AppData\Local\Programs
2015-10-11 13:58 . 2015-10-11 13:58 -------- d-----w- c:\users\yojax\AppData\Roaming\WindSolutions
2015-10-11 13:41 . 2015-10-11 13:41 -------- d-----w- c:\programdata\WindSolutions
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-10 02:54 222832 ----a-w- c:\users\yojax\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-10 02:54 222832 ----a-w- c:\users\yojax\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-10 02:54 222832 ----a-w- c:\users\yojax\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 151576 ----a-w- c:\users\yojax\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 151576 ----a-w- c:\users\yojax\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 151576 ----a-w- c:\users\yojax\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2014-04-05 04:18 683200 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-09-23 1938112]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2015-10-12 22568216]
"AmazonMP3DownloaderHelper"="c:\users\yojax\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe" [2013-05-22 400704]
"Viber"="c:\users\yojax\AppData\Local\Viber\Viber.exe" [2014-07-24 936656]
"Dropbox Update"="c:\users\yojax\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-20 134512]
"Amazon Music"="c:\users\yojax\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2015-09-25 5887808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-05-15 60712]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-09-07 581024]
"CheckNDISPortf0ac8B"="c:\program files (x86)\4G Hostless Modem\PocketWiFi\CheckNDISPort_df.exe" [2013-06-27 455424]
"CancelAutoPlay_df"="c:\program files (x86)\4G Hostless Modem\PocketWiFi\CancelAutoPlay_df.exe" [2013-06-27 447232]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-04-30 421888]
"YouCam Service"="c:\program files (x86)\CyberLink\YouCam\YouCamService.exe" [2013-08-01 267224]
"BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2013-05-14 387832]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-10-19 6134544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-10-06 597040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
R3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;c:\windows\System32\drivers\xusb22.sys;c:\windows\SYSNATIVE\drivers\xusb22.sys [x]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbnet.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Ds3Service;SCP DS3 Service;c:\program files\Scarlet.Crush Productions\bin\ScpService.exe;c:\program files\Scarlet.Crush Productions\bin\ScpService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;c:\windows\System32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\System32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\System32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\System32\drivers\rtbth.sys;c:\windows\SYSNATIVE\drivers\rtbth.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 ScpVBus;Scp Virtual Bus Driver;c:\windows\System32\drivers\ScpVBus.sys;c:\windows\SYSNATIVE\drivers\ScpVBus.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ apphostsvc
iissvcs REG_MULTI_SZ w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-24 12:37 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-09-05 14:04 215416 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-05 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3288700551-718339241-87107954-1003Core.job
- c:\users\yojax\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20 07:19]
.
2015-11-02 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3288700551-718339241-87107954-1003UA.job
- c:\users\yojax\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20 07:19]
.
2015-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-26 12:19]
.
2015-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-26 12:19]
.
2015-10-29 c:\windows\Tasks\HPCeeScheduleForyojax.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-14 19:43]
.
2013-01-24 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-23 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-10-12 03:08 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-10-12 03:08 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-10-12 03:08 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-10 02:54 261744 ----a-w- c:\users\yojax\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-10 02:54 261744 ----a-w- c:\users\yojax\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-10 02:54 261744 ----a-w- c:\users\yojax\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-10-19 12:46 780616 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\yojax\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\yojax\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\yojax\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\yojax\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2014-04-05 04:18 803008 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-08 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-08 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-08 440640]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-06-21 1664000]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2014-04-05 161984]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-08-12 170256]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: hola.org
TCP: DhcpNameServer = 192.168.100.1 192.168.100.1
TCP: Interfaces\{5CE3FC0C-96BA-46FD-A71D-EB8D6CCDC141}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{5CE3FC0C-96BA-46FD-A71D-EB8D6CCDC141}\244584572653D225A425A4: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{5CE3FC0C-96BA-46FD-A71D-EB8D6CCDC141}\97574716B61626: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{5CE3FC0C-96BA-46FD-A71D-EB8D6CCDC141}\97574716B6162623: NameServer = 208.67.222.222,208.67.220.220
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_0913b - c:\users\yojax\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe
BHO-{3706EE7C-3CAD-445D-8A43-03EBC3B75908} - c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll
AddRemove-{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD} - c:\windows\system32\SupportAppPB4G Hostless Modem\Setup.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
AddRemove-Viber - c:\users\yojax\AppData\Local\Viber\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2015-11-03 13:24:56
ComboFix-quarantined-files.txt 2015-11-03 04:24
.
Pre-Run: 528,704,073,728 bytes free
Post-Run: 528,515,346,432 bytes free
.
- - End Of File - - FFF591286C7EE5E0DBD2627B9415485B
Deanosaurus is offline  
Old 11-03-2015, 12:29 AM   #18
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

Ok. Please do the following.

Please download Farbar Service Scanner to your desktop and double click on the file to run it.

Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
__________________
tekir06 is offline  
Old 11-03-2015, 01:04 AM   #19
Registered Member
 
Join Date: Oct 2015
Posts: 36
OS: Windows 8



Hi Tolga,

Here are the results of the FSS scan:

Farbar Service Scanner Version: 26-07-2015
Ran by yojax (administrator) on 03-11-2015 at 18:01:37
Running from "C:\Users\yojax\Desktop"
Microsoft Windows 8 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
Deanosaurus is offline  
Old 11-03-2015, 01:01 PM   #20
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

Let's check the date, time settings for Windows. Follow all the steps in the link I gave you. Follow all the steps to check that the date, time, time zone, and daylight savings time are all correct and he synchronizes your computer's clock with an Internet time server. Then let me know the result.

Link : Microsoft.com
__________________
tekir06 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:41 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts