Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Win 7, cursor jumps around uncontrollably in every app

This is a discussion on Win 7, cursor jumps around uncontrollably in every app within the Resolved HJT Threads forums, part of the Tech Support Forum category. did not have access to any cd, including win installation disks DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.18098 BrowserJavaVersion: 10.67.2


 
 
Thread Tools Search this Thread
Old 01-19-2016, 09:31 AM   #1
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

did not have access to any cd, including win installation disks

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18098 BrowserJavaVersion: 10.67.2
Run by user at 12:25:43 on 2016-01-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3966.1312 [GMT -5:00]
.
AV: Kaspersky Total Security *Enabled/Updated* {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
SP: Kaspersky Total Security *Enabled/Updated* {0F7D947C-13CC-4207-47BE-41AC12334EC6}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security *Enabled* {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\AMT\atchksrv.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Intel\AMT\LMS.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\AMT\UNS.exe
C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\AMT\atchk.exe
C:\Program Files\Everything\Everything.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Citrix\GoToMeeting\4190\g2mstart.exe
C:\Program Files (x86)\Classic Start Menu\ClassicStartMenu.exe
C:\Program Files (x86)\Pamela\Pamela.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Classic Start Menu\VistaHookApp.exe
C:\Program Files (x86)\Citrix\GoToMeeting\4190\g2mcomm.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\MediatekWiFi\Common\ApUI.exe
C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Citrix\GoToMeeting\4190\g2mlauncher.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe
C:\Windows\V0690Mon.exe
C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files (x86)\Logitech\H760\H760.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe
C:\Windows\splwow64.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\tv_w32.exe
C:\Program Files (x86)\TeamViewer\tv_x64.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Kaspersky Protection plugin: {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: Kaspersky Protection toolbar: {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll
uRun: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\4190\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [ClassicStartMenu] "C:\Program Files (x86)\Classic Start Menu\ClassicStartMenu.exe"
uRun: [pamela.exe] "C:\Program Files (x86)\Pamela\Pamela.exe"
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [Live! Central 3] "C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe" /mode2
mRun: [V0690Mon.exe] C:\Windows\V0690Mon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Logitech H760] C:\Program Files (x86)\Logitech\H760\H760.exe
StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ANTRAP~1.LNK - C:\Program Files (x86)\Antification\Ant Rapunzel\AntRapunzel.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MEDIAT~1.LNK - C:\Program Files (x86)\MediatekWiFi\Common\ApUI.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
Trusted Zone: localhost
Trusted Zone: webcompanion.com
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8F5475E8-F566-41D2-8C5B-4FA095ACFC01} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Kaspersky Protection plugin: {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
x64-TB: Kaspersky Protection toolbar: {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll
x64-Run: [atchk] "C:\Program Files (x86)\Intel\AMT\atchk.exe"
x64-Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\mz4cbpw5.default-1446683940283\
FF - prefs.js: browser.startup.homepage - hxxp://www.outcall.net/toplist/
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Stamps.com Web Postage Plug-in\npsdcwc.dll
FF - plugin: C:\Users\user\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\user\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll
.
============= SERVICES / DRIVERS ===============
.
R0 cm_km;Kaspersky Lab ZAO Cryptographic Module x64 (Weak);C:\Windows\System32\drivers\cm_km.sys [2015-7-5 389816]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;C:\Windows\System32\drivers\klbackupdisk.sys [2015-6-6 53432]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2015-11-23 55280]
R1 klbackupflt;Kaspersky Lab klbackupflt;C:\Windows\System32\drivers\klbackupflt.sys [2015-6-27 70000]
R1 klhk;Kaspersky Lab service driver;C:\Windows\System32\drivers\klhk.sys [2015-7-4 227000]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2015-6-11 39096]
R1 klpd;Kaspersky Lab format recognizer driver;C:\Windows\System32\drivers\klpd.sys [2015-6-8 41352]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2015-6-11 65208]
R1 Klwtp;Klwtp;C:\Windows\System32\drivers\klwtp.sys [2015-6-16 103096]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2015-6-23 187056]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-10-7 77104]
R2 AVP16.0.0;Kaspersky Anti-Virus Service 16.0.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [2015-7-8 194000]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 kldisk;kldisk;C:\Windows\System32\drivers\kldisk.sys [2015-6-6 68280]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-11-9 1513784]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-11-9 1135416]
R2 MediatekRegistryWriter;MediatekRegistryWriter;C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe [2015-9-18 405136]
R2 MediatekRegistryWriter64;MediatekRegistryWriter64;C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe [2015-9-18 454288]
R2 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-3-13 5702416]
R2 UNS;Intel(R) Active Management Technology User Notification Service;C:\Program Files (x86)\Intel\AMT\UNS.exe [2012-8-1 2519040]
R2 UsbClientService;UsbClientService;C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [2012-8-31 248704]
R3 busenum;Synology Virtual USB Hub;C:\Windows\System32\drivers\busenum.sys [2012-8-3 55776]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-8-1 70424]
R3 klflt;Kaspersky Lab Kernel DLL;C:\Windows\System32\drivers\klflt.sys [2015-8-19 181640]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2015-6-6 41144]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2015-6-7 41648]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-11-9 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-11-9 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-11-9 63704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 Brpu3sapw;Brpu3sapw;C:\Windows\System32\drivers\wimmount.sys [2009-7-13 22096]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2013-2-8 176000]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-11-14 114688]
S3 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2013-2-25 90352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-5 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-11 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-5 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 V0690Vid;Creative Live! Cam Socialize HD AF / ZiiCam Driver;C:\Windows\System32\drivers\V0690Vid.sys [2013-2-8 393952]
S3 vssbrigde64;vssbrigde64;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [2015-7-8 144640]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-4 1255736]
.
=============== Created Last 30 ================
.
2016-01-19 15:02:14 192216 ----a-w- C:\Windows\System32\drivers\165C796B.sys
2016-01-17 16:02:56 192216 ----a-w- C:\Windows\System32\drivers\60EC0B9C.sys
2016-01-12 23:48:24 -------- d-----w- C:\Program Files\Microsoft Games
2016-01-12 22:50:39 -------- d-----w- C:\Program Files (x86)\RssAuthoritySniper2
2016-01-11 14:55:25 192216 ----a-w- C:\Windows\System32\drivers\68DB0323.sys
2016-01-11 07:08:54 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3BD01BF0-FC89-4719-B49F-FBD91D51930A}\offreg.2652.dll
2016-01-08 15:11:08 192216 ----a-w- C:\Windows\System32\drivers\482624C4.sys
2016-01-05 15:14:57 192216 ----a-w- C:\Windows\System32\drivers\0D783D4A.sys
2016-01-04 15:12:21 192216 ----a-w- C:\Windows\System32\drivers\34816D2A.sys
2015-12-31 14:52:26 192216 ----a-w- C:\Windows\System32\drivers\2AA72564.sys
2015-12-28 15:09:30 192216 ----a-w- C:\Windows\System32\drivers\52D0480D.sys
2015-12-25 14:52:49 192216 ----a-w- C:\Windows\System32\drivers\5D6650E2.sys
.
==================== Find3M ====================
.
2016-01-19 17:18:48 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-01-02 02:07:30 796864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-01-02 02:07:30 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-12-15 14:07:00 192216 ----a-w- C:\Windows\System32\drivers\626E207D.sys
2015-12-14 14:11:59 192216 ----a-w- C:\Windows\System32\drivers\2913562B.sys
2015-12-10 14:01:59 192216 ----a-w- C:\Windows\System32\drivers\34E015FC.sys
2015-12-09 14:11:21 192216 ----a-w- C:\Windows\System32\drivers\1DD54F05.sys
2015-12-02 14:12:00 192216 ----a-w- C:\Windows\System32\drivers\2D312C96.sys
2015-11-27 14:02:09 192216 ----a-w- C:\Windows\System32\drivers\6FB61E62.sys
2015-11-26 13:53:40 192216 ----a-w- C:\Windows\System32\drivers\31B349C2.sys
2015-11-23 14:08:48 192216 ----a-w- C:\Windows\System32\drivers\537D6AF1.sys
2015-11-22 13:55:53 192216 ----a-w- C:\Windows\System32\drivers\753612EC.sys
2015-11-17 14:11:19 192216 ----a-w- C:\Windows\System32\drivers\046F1811.sys
2015-11-15 16:11:56 192216 ----a-w- C:\Windows\System32\drivers\12771C34.sys
2015-11-14 14:03:25 192216 ----a-w- C:\Windows\System32\drivers\53A2279C.sys
2015-11-10 14:15:50 192216 ----a-w- C:\Windows\System32\drivers\208A7898.sys
2015-11-07 20:36:51 7168 ----a-w- C:\Windows\SysWow64\drivers\ute3otkw.sys
2015-11-04 23:53:32 425744 ----a-w- C:\Windows\System32\LavasoftTcpService64.dll
2015-11-04 23:53:32 345360 ----a-w- C:\Windows\SysWow64\LavasoftTcpService.dll
2015-11-03 17:55:32 3211264 ----a-w- C:\Windows\System32\win32k.sys
2015-10-30 23:40:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-10-30 23:40:38 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-10-30 23:25:55 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-10-30 23:25:15 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-10-30 23:25:08 417792 ----a-w- C:\Windows\System32\html.iec
2015-10-30 23:24:50 585728 ----a-w- C:\Windows\System32\vbscript.dll
2015-10-30 23:24:34 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-10-30 23:12:09 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-10-30 23:12:09 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-10-30 23:11:58 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-10-30 23:11:46 5990912 ----a-w- C:\Windows\System32\jscript9.dll
2015-10-30 23:04:48 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-10-30 22:58:29 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-10-30 22:53:49 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-10-30 22:47:08 504832 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-10-30 22:46:27 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-10-30 22:45:51 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-10-30 22:45:42 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-10-30 22:44:57 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-10-30 22:36:25 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-10-30 22:36:06 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-10-30 22:29:57 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-10-30 22:29:52 2126336 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-10-30 22:23:51 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-10-30 22:17:06 2487808 ----a-w- C:\Windows\System32\wininet.dll
2015-10-30 22:16:43 4527616 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-10-30 22:09:23 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-10-30 22:09:15 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-10-30 21:51:28 2011136 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-10-29 17:50:44 6656 ----a-w- C:\Windows\System32\shimeng.dll
2015-10-29 17:50:30 342016 ----a-w- C:\Windows\System32\apphelp.dll
2015-10-29 17:50:29 72192 ----a-w- C:\Windows\System32\aelupsvc.dll
2015-10-29 17:50:29 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2015-10-29 17:50:29 309248 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2015-10-29 17:50:29 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2015-10-29 17:50:29 103424 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2015-10-29 17:50:21 5120 ----a-w- C:\Windows\SysWow64\shimeng.dll
2015-10-29 17:50:14 23552 ----a-w- C:\Windows\System32\sdbinst.exe
2015-10-29 17:49:58 295936 ----a-w- C:\Windows\SysWow64\apphelp.dll
2015-10-29 17:49:57 562176 ----a-w- C:\Windows\apppatch\AcLayers.dll
2015-10-29 17:49:57 470528 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2015-10-29 17:49:57 2178560 ----a-w- C:\Windows\apppatch\AcGenral.dll
2015-10-29 17:49:57 211968 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2015-10-29 17:49:35 20992 ----a-w- C:\Windows\SysWow64\sdbinst.exe
2015-10-29 17:39:57 2560 ----a-w- C:\Windows\apppatch\AcRes.dll
2015-10-21 18:50:57 181640 ----a-w- C:\Windows\System32\drivers\klflt.sys
2015-10-21 18:50:46 227000 ----a-w- C:\Windows\System32\drivers\klhk.sys
.
============= FINISH: 12:26:57.86 ===============
Attached Files
File Type: txt attach.txt (14.3 KB, 26 views)
mavensophie is offline  
Sponsored Links
Advertisement
 
Old 01-20-2016, 04:21 AM   #2
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello mavensophie,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Now, let's get started, shall we? Please do the below steps.

STEP 1

Please download AdwCleaner from here and save it to your desktop.

Click the green 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Cleaning
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.

STEP 2

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
__________________
tekir06 is offline  
Old 01-20-2016, 05:03 AM   #3
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

Hello Tolga

# AdwCleaner v5.030 - Logfile created 20/01/2016 at 07:41:46
# Updated 17/01/2016 by Xplode
# Database : 2016-01-19.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : user - USER-PC
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

[-] File Deleted : C:\Windows\SysWOW64\lavasofttcpservice.dll

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd

***** [ Web browsers ] *****

[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [966 bytes] ##########
Attached Files
File Type: txt Addition.txt (46.3 KB, 23 views)
File Type: txt FRST.txt (38.4 KB, 27 views)
mavensophie is offline  
Sponsored Links
Advertisement
 
Old 01-20-2016, 06:41 AM   #4
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello mavensophie,

Your report looks clean. I didn't see any suspicious activity. Let's continue to check anyway. Could you give information about the computer problems?

Please do the below steps.

STEP 1

Launch Malwarebytes Anti-Malware

On the Settings tab > Detection and Protection subtab, Detection Options section, tick the box Scan for rootkits.
Click on the Scan tab, then click on Start Scan.
A check for database updates will be performed.
After the update check completes, a scan will begin.
With some infections, you may see this message box.
'Could not load DDA driver'
Click Yes to this message, to allow the driver to load after a restart.
Allow the computer to restart. Continue with the rest of these instructions.
When the scan is complete, click 'Remove Selected'.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

Posting the Malwarebytes log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

=========================================================

STEP 2

Please go to Start > Control Panel > Programs and Features and remove the above Java program(s) installed.
Next, download the latest Java, version 8 Update 71 from the following link

Download Free Java Software

=========================================================

STEP 3


Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan, and let me know how things are now.
__________________
tekir06 is offline  
Old 01-20-2016, 06:59 AM   #5
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

before I continue, let me tell you that after I did my initial scan, I went and installed a firefox plugin to selectively allow javascripts on pages...

I did that because the pages froze, often, because of script issues...

It seems that the mouse issue in Firefox must have been because of javascripts on pages, because it stopped jumping around (the cursor).

It is still doing in in games, but I bet my game is also written in java.

Shall I just stop investigating for now, and come back if there is issues again?
mavensophie is offline  
Old 01-20-2016, 11:19 PM   #6
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello mavensophie,

Is it happening the same in all browsers?
__________________
tekir06 is offline  
Old 01-21-2016, 04:41 AM   #7
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

Just tested the chrome browser, and yes

But as I said, in firefox now I can control it by turning on and off the javascript on pages and sites with the browser plugin
mavensophie is offline  
Old 01-21-2016, 05:14 AM   #8
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello mavensophie,

Have you tried to scan ESET Online or Malwarebytes?
__________________
tekir06 is offline  
Old 01-21-2016, 12:33 PM   #9
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

I have malwarebyte working and scanning daily on my computer. and no, haven't tried eset, not in the past month or two.
mavensophie is offline  
Old 01-21-2016, 01:58 PM   #10
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again.

Please run both of them according to the intructions in my post 4th. Then post logs your next message.
__________________
tekir06 is offline  
Old 01-22-2016, 03:25 AM   #11
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

C:\Program Files (x86)\The Creative Bots\Article Factory\autobots.exe a variant of MSIL/Ubot.D potentially unsafe application
C:\Program Files (x86)\The Creative Bots\Article Factory\silomonster.exe a variant of MSIL/Ubot.D potentially unsafe application
C:\Program Files (x86)\The Creative Bots Inc\Keywords Demon\KDUbot.exe a variant of MSIL/Ubot.D potentially unsafe application
C:\Users\user\Desktop\ArticleFactoryPro-Installshield.exe a variant of MSIL/Ubot.D potentially unsafe application
C:\Users\user\Desktop\ccsetup508.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\user\Desktop\Auto Facebook Marketer\Auto Facebook Marketer.exe a variant of MSIL/Ubot.D potentially unsafe application
C:\Users\user\Desktop\Camtasia.Studio.v7.1.0.1631\keygen.exe a variant of Win32/Keygen.CZ potentially unsafe application
C:\Users\user\Desktop\_stuff\AFM12-6-2013.zip a variant of MSIL/Ubot.D potentially unsafe application
C:\Users\user\Desktop\_stuff\ccsetup408.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\user\Desktop\_stuff\KeywordsDemonInstallShield.exe a variant of MSIL/Ubot.D potentially unsafe application
C:\Users\user\Desktop\_stuff\SoftAMF11-20-2013.zip a variant of MSIL/Ubot.D potentially unsafe application
C:\Users\user\Desktop\_stuff\upload-monster.zip a variant of MSIL/Ubot.D potentially unsafe application
C:\Users\user\Desktop\_stuff\oz-bonus\DomainValuator.zip a variant of MSIL/Ubot.C potentially unsafe application
C:\Users\user\Desktop\__downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\user\Desktop\___software\ccsetup409.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\user\Desktop\___software\ccsetup411.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\user\Desktop\___software\FB-Engage-setup.zip a variant of MSIL/Ubot.D potentially unsafe application
C:\Users\user\Documents\Google Talk Received Files\Camtasia.Studio.v7.1.0.1631.zip a variant of Win32/Keygen.CZ potentially unsafe application
Attached Files
File Type: txt mbam-log-160121.txt (1.0 KB, 27 views)
mavensophie is offline  
Old 01-23-2016, 02:26 PM   #12
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello mavensophie,

Thanks for the logs. Please do the following.

Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST64.exe

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
CreateRestorePoint:
C:\Users\user\Desktop\ccsetup508.exe
C:\Users\user\Desktop\Camtasia.Studio.v7.1.0.1631\keygen.exe
C:\Users\user\Desktop\_stuff\ccsetup408.exe
C:\Users\user\Desktop\__downloads\ccsetup416.exe
C:\Users\user\Desktop\___software\ccsetup409.exe
C:\Users\user\Desktop\___software\ccsetup411.exe
C:\Users\user\Documents\Google Talk Received Files\Camtasia.Studio.v7.1.0.1631.zip
EmptyTemp:
Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
tekir06 is offline  
Old 01-23-2016, 02:45 PM   #13
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

Fix result of Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by user (2016-01-23 17:31:18) Run:1
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & UpdatusUser & Sophie)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
C:\Users\user\Desktop\ccsetup508.exe
C:\Users\user\Desktop\Camtasia.Studio.v7.1.0.1631\keygen.exe
C:\Users\user\Desktop\_stuff\ccsetup408.exe
C:\Users\user\Desktop\__downloads\ccsetup416.exe
C:\Users\user\Desktop\___software\ccsetup409.exe
C:\Users\user\Desktop\___software\ccsetup411.exe
C:\Users\user\Documents\Google Talk Received Files\Camtasia.Studio.v7.1.0.1631.zip
EmptyTemp:
*****************

Restore point was successfully created.
C:\Users\user\Desktop\ccsetup508.exe => moved successfully
C:\Users\user\Desktop\Camtasia.Studio.v7.1.0.1631\keygen.exe => moved successfully
C:\Users\user\Desktop\_stuff\ccsetup408.exe => moved successfully
C:\Users\user\Desktop\__downloads\ccsetup416.exe => moved successfully
C:\Users\user\Desktop\___software\ccsetup409.exe => moved successfully
C:\Users\user\Desktop\___software\ccsetup411.exe => moved successfully
C:\Users\user\Documents\Google Talk Received Files\Camtasia.Studio.v7.1.0.1631.zip => moved successfully
EmptyTemp: => 430.6 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 17:34:08 ====
mavensophie is offline  
Old 01-23-2016, 02:58 PM   #14
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello mavensophie,

How is the machine behaving now? What problems do you still have?

Please re-run FRST tool and attach FRST.txt and Addition.txt.
__________________
tekir06 is offline  
Old 01-23-2016, 03:13 PM   #15
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

cursor is still hijacked
scan results attached
Attached Files
File Type: txt FRST.txt (40.6 KB, 25 views)
File Type: txt Addition.txt (47.2 KB, 25 views)
mavensophie is offline  
Old 01-25-2016, 04:48 AM   #16
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello movensophie,

Thanks for the logs. Please do the following.

Please download TDSSKiller here or here. to the desktop.
Right-click on TDSSKiller.exe and select Run as Administrator to start the program and follow the prompts.
Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
If a suspicious file is detected, the default action will be Skip, click on Continue.
Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
Copy and paste its contents in your next reply.
__________________
tekir06 is offline  
Old 01-25-2016, 07:00 AM   #17
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

09:53:15.0398 0x24d8 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
09:53:27.0259 0x24d8 ============================================================
09:53:27.0259 0x24d8 Current date / time: 2016/01/25 09:53:27.0259
09:53:27.0259 0x24d8 SystemInfo:
09:53:27.0259 0x24d8
09:53:27.0259 0x24d8 OS Version: 6.1.7601 ServicePack: 1.0
09:53:27.0259 0x24d8 Product type: Workstation
09:53:27.0259 0x24d8 ComputerName: USER-PC
09:53:27.0260 0x24d8 UserName: user
09:53:27.0260 0x24d8 Windows directory: C:\Windows
09:53:27.0260 0x24d8 System windows directory: C:\Windows
09:53:27.0260 0x24d8 Running under WOW64
09:53:27.0260 0x24d8 Processor architecture: Intel x64
09:53:27.0260 0x24d8 Number of processors: 2
09:53:27.0260 0x24d8 Page size: 0x1000
09:53:27.0260 0x24d8 Boot type: Normal boot
09:53:27.0260 0x24d8 ============================================================
09:53:29.0531 0x24d8 KLMD registered as C:\Windows\system32\drivers\54888941.sys
09:53:30.0291 0x24d8 System UUID: {0EF70F18-6EDA-00AA-AE8A-F39E2CFBB234}
09:53:31.0781 0x24d8 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:53:31.0813 0x24d8 ============================================================
09:53:31.0813 0x24d8 \Device\Harddisk0\DR0:
09:53:31.0825 0x24d8 MBR partitions:
09:53:31.0825 0x24d8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:53:31.0825 0x24d8 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
09:53:31.0825 0x24d8 ============================================================
09:53:31.0872 0x24d8 C: <-> \Device\Harddisk0\DR0\Partition2
09:53:31.0919 0x24d8 ============================================================
09:53:31.0919 0x24d8 Initialize success
09:53:31.0919 0x24d8 ============================================================
09:54:03.0572 0x2770 ============================================================
09:54:03.0572 0x2770 Scan started
09:54:03.0572 0x2770 Mode: Manual; SigCheck; TDLFS;
09:54:03.0572 0x2770 ============================================================
09:54:03.0572 0x2770 KSN ping started
09:54:06.0332 0x2770 KSN ping finished: true
09:54:07.0503 0x2770 ================ Scan system memory ========================
09:54:07.0503 0x2770 System memory - ok
09:54:07.0506 0x2770 ================ Scan services =============================
09:54:07.0884 0x2770 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:54:08.0148 0x2770 1394ohci - ok
09:54:08.0199 0x2770 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:54:08.0238 0x2770 ACPI - ok
09:54:08.0250 0x2770 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:54:08.0336 0x2770 AcpiPmi - ok
09:54:08.0384 0x2770 [ 3550BCEEEC4C9DAFC364440558E8AB06, 59E9268B637E1E3A44DA058956FC189FCCC796D680FB9649AEEF900E991FEE4F ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
09:54:08.0479 0x2770 ADIHdAudAddService - ok
09:54:08.0554 0x2770 [ 5DDC0A8D2CD60BDA593DDAF45821CE08, 5A1599702C132C71F043576F50A4115647754FA5F7A01D17B72E147958A06383 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
09:54:08.0577 0x2770 Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
09:54:11.0053 0x2770 Detect skipped due to KSN trusted
09:54:11.0053 0x2770 Adobe LM Service - ok
09:54:11.0140 0x2770 [ F2CEEE9ABBCEF207ACB103215AC28BC2, F8F8B8AF6317926D7AC0CA2CA23628B2C69327A2792D58D3328443C5ED9514E9 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:54:11.0155 0x2770 AdobeARMservice - ok
09:54:11.0275 0x2770 [ 295A5BFCE8D225D014DB4E6E69336279, F786F06F0EE3253FA936FA5D73FD9AC704FAB19BE76C60C65AEAD399DC93F9C5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:54:11.0307 0x2770 AdobeFlashPlayerUpdateSvc - ok
09:54:11.0354 0x2770 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:54:11.0398 0x2770 adp94xx - ok
09:54:11.0461 0x2770 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:54:11.0496 0x2770 adpahci - ok
09:54:11.0514 0x2770 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:54:11.0534 0x2770 adpu320 - ok
09:54:11.0567 0x2770 [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:54:11.0617 0x2770 AeLookupSvc - ok
09:54:11.0781 0x2770 [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD C:\Windows\system32\drivers\afd.sys
09:54:11.0831 0x2770 AFD - ok
09:54:11.0847 0x2770 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
09:54:11.0867 0x2770 agp440 - ok
09:54:11.0902 0x2770 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
09:54:11.0992 0x2770 ALG - ok
09:54:12.0024 0x2770 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
09:54:12.0038 0x2770 aliide - ok
09:54:12.0067 0x2770 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
09:54:12.0081 0x2770 amdide - ok
09:54:12.0096 0x2770 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:54:12.0147 0x2770 AmdK8 - ok
09:54:12.0163 0x2770 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
09:54:12.0189 0x2770 AmdPPM - ok
09:54:12.0216 0x2770 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:54:12.0233 0x2770 amdsata - ok
09:54:12.0253 0x2770 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
09:54:12.0272 0x2770 amdsbs - ok
09:54:12.0287 0x2770 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:54:12.0301 0x2770 amdxata - ok
09:54:12.0332 0x2770 [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID C:\Windows\system32\drivers\appid.sys
09:54:12.0378 0x2770 AppID - ok
09:54:12.0429 0x2770 [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:54:12.0458 0x2770 AppIDSvc - ok
09:54:12.0516 0x2770 [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo C:\Windows\System32\appinfo.dll
09:54:12.0567 0x2770 Appinfo - ok
09:54:12.0674 0x2770 [ 2D564BB1C4559A517B390A031955714D, 3048C187FD107C958D43DD8B954AB55FDD1BC538D3E0066CBFCB428C7A8A87E1 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:54:12.0690 0x2770 Apple Mobile Device Service - ok
09:54:12.0721 0x2770 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
09:54:12.0737 0x2770 arc - ok
09:54:12.0750 0x2770 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:54:12.0767 0x2770 arcsas - ok
09:54:12.0887 0x2770 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:54:12.0909 0x2770 aspnet_state - ok
09:54:12.0936 0x2770 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:54:13.0072 0x2770 AsyncMac - ok
09:54:13.0105 0x2770 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
09:54:13.0118 0x2770 atapi - ok
09:54:13.0167 0x2770 [ 5B38D6E5FEDBCC7925597412554798BB, 628FFA1F0C2F38E7AD631CEF509FA5A703CA4B6255FDC68DFA8271F6982ED7AB ] atchksrv C:\Program Files (x86)\Intel\AMT\atchksrv.exe
09:54:13.0177 0x2770 atchksrv - detected UnsignedFile.Multi.Generic ( 1 )
09:54:15.0676 0x2770 Detect skipped due to KSN trusted
09:54:15.0676 0x2770 atchksrv - ok
09:54:15.0732 0x2770 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:54:15.0807 0x2770 AudioEndpointBuilder - ok
09:54:15.0865 0x2770 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:54:15.0900 0x2770 AudioSrv - ok
09:54:16.0036 0x2770 [ 50C3C62FFE6337E6E4F2F01CB07DF63C, CC9C7D2827E872F22A2A79D42195530F61DF6EA6A1C8F520E25DB35537574FAB ] AVP16.0.0 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
09:54:16.0065 0x2770 AVP16.0.0 - ok
09:54:16.0101 0x2770 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:54:16.0230 0x2770 AxInstSV - ok
09:54:16.0309 0x2770 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
09:54:16.0421 0x2770 b06bdrv - ok
09:54:16.0471 0x2770 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:54:16.0547 0x2770 b57nd60a - ok
09:54:16.0578 0x2770 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
09:54:16.0657 0x2770 BDESVC - ok
09:54:16.0667 0x2770 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
09:54:16.0717 0x2770 Beep - ok
09:54:16.0769 0x2770 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
09:54:16.0839 0x2770 BFE - ok
09:54:16.0915 0x2770 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
09:54:17.0139 0x2770 BITS - ok
09:54:17.0188 0x2770 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:54:17.0222 0x2770 blbdrive - ok
09:54:17.0283 0x2770 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:54:17.0310 0x2770 bowser - ok
09:54:17.0322 0x2770 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
09:54:17.0382 0x2770 BrFiltLo - ok
09:54:17.0400 0x2770 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
09:54:17.0439 0x2770 BrFiltUp - ok
09:54:17.0490 0x2770 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
09:54:17.0552 0x2770 BridgeMP - ok
09:54:17.0588 0x2770 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
09:54:17.0650 0x2770 Browser - ok
09:54:17.0670 0x2770 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] Brpu3sapw C:\Windows\system32\drivers\wimmount.sys
09:54:17.0684 0x2770 Brpu3sapw - ok
09:54:17.0707 0x2770 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:54:17.0760 0x2770 Brserid - ok
09:54:17.0771 0x2770 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:54:17.0802 0x2770 BrSerWdm - ok
09:54:17.0820 0x2770 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:54:17.0849 0x2770 BrUsbMdm - ok
09:54:17.0872 0x2770 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:54:17.0913 0x2770 BrUsbSer - ok
09:54:17.0940 0x2770 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:54:18.0001 0x2770 BTHMODEM - ok
09:54:18.0037 0x2770 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
09:54:18.0087 0x2770 bthserv - ok
09:54:18.0125 0x2770 [ 32B94975BF6F101C27C43E90FF8ABBEB, B5475D9A705894CBFA583D6E9DAF969527A75800E98D0288182BAB2F10136642 ] busenum C:\Windows\system32\DRIVERS\busenum.sys
09:54:18.0139 0x2770 busenum - ok
09:54:18.0150 0x2770 catchme - ok
09:54:18.0177 0x2770 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:54:18.0237 0x2770 cdfs - ok
09:54:18.0262 0x2770 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:54:18.0307 0x2770 cdrom - ok
09:54:18.0335 0x2770 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
09:54:18.0379 0x2770 CertPropSvc - ok
09:54:18.0406 0x2770 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
09:54:18.0439 0x2770 circlass - ok
09:54:18.0525 0x2770 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
09:54:18.0562 0x2770 CLFS - ok
09:54:18.0665 0x2770 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:54:18.0681 0x2770 clr_optimization_v2.0.50727_32 - ok
09:54:18.0722 0x2770 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:54:18.0738 0x2770 clr_optimization_v2.0.50727_64 - ok
09:54:18.0810 0x2770 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:54:18.0830 0x2770 clr_optimization_v4.0.30319_32 - ok
09:54:18.0842 0x2770 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:54:18.0862 0x2770 clr_optimization_v4.0.30319_64 - ok
09:54:18.0875 0x2770 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
09:54:18.0904 0x2770 CmBatt - ok
09:54:18.0936 0x2770 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:54:18.0958 0x2770 cmdide - ok
09:54:19.0082 0x2770 [ B2A6D2A30E93B6F215F74AC7E1733C9C, 960299F7BF2501B46296EDEA050BF30313C17A9B785574B56B79C070BD1B6E1A ] cm_km C:\Windows\system32\DRIVERS\cm_km.sys
09:54:19.0130 0x2770 cm_km - ok
09:54:19.0197 0x2770 [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG C:\Windows\system32\Drivers\cng.sys
09:54:19.0242 0x2770 CNG - ok
09:54:19.0261 0x2770 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
09:54:19.0276 0x2770 Compbatt - ok
09:54:19.0299 0x2770 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
09:54:19.0355 0x2770 CompositeBus - ok
09:54:19.0363 0x2770 COMSysApp - ok
09:54:19.0387 0x2770 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:54:19.0405 0x2770 crcdisk - ok
09:54:19.0460 0x2770 [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:54:19.0558 0x2770 CryptSvc - ok
09:54:19.0608 0x2770 [ D9FA197432A684F889919C42EBD7D60A, 0FD53407C077CFC4F83455F093D5073882E8C6F8ED7404E378635BFF6B92C24C ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
09:54:19.0652 0x2770 CtClsFlt - ok
09:54:19.0720 0x2770 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:54:19.0793 0x2770 DcomLaunch - ok
09:54:19.0845 0x2770 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
09:54:19.0930 0x2770 defragsvc - ok
09:54:19.0967 0x2770 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:54:20.0040 0x2770 DfsC - ok
09:54:20.0058 0x2770 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:54:20.0116 0x2770 Dhcp - ok
09:54:20.0218 0x2770 [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack C:\Windows\system32\diagtrack.dll
09:54:20.0346 0x2770 DiagTrack - ok
09:54:20.0364 0x2770 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
09:54:20.0423 0x2770 discache - ok
09:54:20.0445 0x2770 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
09:54:20.0460 0x2770 Disk - ok
09:54:20.0535 0x2770 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:54:20.0565 0x2770 Dnscache - ok
09:54:20.0605 0x2770 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
09:54:20.0670 0x2770 dot3svc - ok
09:54:20.0686 0x2770 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
09:54:20.0748 0x2770 DPS - ok
09:54:20.0808 0x2770 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:54:20.0860 0x2770 drmkaud - ok
09:54:20.0955 0x2770 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:54:21.0008 0x2770 DXGKrnl - ok
09:54:21.0053 0x2770 [ 099E01A94167CA8BDA2CF72037AD0E28, 937501E15A9C8E195DC778DBC9C3A45EB5DD024AF9E4C188ED5B69F94EEC233D ] e1express C:\Windows\system32\DRIVERS\e1e6232e.sys
09:54:21.0085 0x2770 e1express - ok
09:54:21.0102 0x2770 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
09:54:21.0159 0x2770 EapHost - ok
09:54:21.0283 0x2770 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
09:54:21.0465 0x2770 ebdrv - ok
09:54:21.0505 0x2770 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] EFS C:\Windows\System32\lsass.exe
09:54:21.0556 0x2770 EFS - ok
09:54:21.0629 0x2770 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:54:21.0742 0x2770 ehRecvr - ok
09:54:21.0778 0x2770 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
09:54:21.0816 0x2770 ehSched - ok
09:54:21.0856 0x2770 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:54:21.0905 0x2770 elxstor - ok
09:54:21.0923 0x2770 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:54:21.0970 0x2770 ErrDev - ok
09:54:22.0029 0x2770 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
09:54:22.0081 0x2770 EventSystem - ok
09:54:22.0103 0x2770 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
09:54:22.0159 0x2770 exfat - ok
09:54:22.0192 0x2770 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:54:22.0246 0x2770 fastfat - ok
09:54:22.0269 0x2770 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
09:54:22.0300 0x2770 fdc - ok
09:54:22.0323 0x2770 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
09:54:22.0386 0x2770 fdPHost - ok
09:54:22.0402 0x2770 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
09:54:22.0462 0x2770 FDResPub - ok
09:54:22.0494 0x2770 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:54:22.0509 0x2770 FileInfo - ok
09:54:22.0520 0x2770 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:54:22.0575 0x2770 Filetrace - ok
09:54:22.0591 0x2770 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
09:54:22.0622 0x2770 flpydisk - ok
09:54:22.0654 0x2770 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:54:22.0676 0x2770 FltMgr - ok
09:54:22.0750 0x2770 [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache C:\Windows\system32\FntCache.dll
09:54:22.0868 0x2770 FontCache - ok
09:54:22.0930 0x2770 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:54:22.0945 0x2770 FontCache3.0.0.0 - ok
09:54:22.0960 0x2770 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:54:22.0985 0x2770 FsDepends - ok
09:54:23.0024 0x2770 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:54:23.0042 0x2770 Fs_Rec - ok
09:54:23.0087 0x2770 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:54:23.0112 0x2770 fvevol - ok
09:54:23.0132 0x2770 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:54:23.0149 0x2770 gagp30kx - ok
09:54:23.0197 0x2770 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:54:23.0209 0x2770 GEARAspiWDM - ok
09:54:23.0263 0x2770 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
09:54:23.0360 0x2770 gpsvc - ok
09:54:23.0387 0x2770 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:54:23.0485 0x2770 hcw85cir - ok
09:54:23.0542 0x2770 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:54:23.0583 0x2770 HdAudAddService - ok
09:54:23.0600 0x2770 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:54:23.0623 0x2770 HDAudBus - ok
09:54:23.0648 0x2770 [ 3CE9668E4AD154424B39EFAC30C49DEB, 07688EA0C01C91FD0E5F49BE015F5B67333B97D4295FBB3389D9EF875BE09A49 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
09:54:23.0663 0x2770 HECIx64 - ok
09:54:23.0683 0x2770 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
09:54:23.0699 0x2770 HidBatt - ok
09:54:23.0713 0x2770 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:54:23.0751 0x2770 HidBth - ok
09:54:23.0771 0x2770 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
09:54:23.0807 0x2770 HidIr - ok
09:54:23.0837 0x2770 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
09:54:23.0897 0x2770 hidserv - ok
09:54:23.0937 0x2770 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:54:23.0961 0x2770 HidUsb - ok
09:54:23.0989 0x2770 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:54:24.0031 0x2770 hkmsvc - ok
09:54:24.0051 0x2770 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:54:24.0131 0x2770 HomeGroupListener - ok
09:54:24.0168 0x2770 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:54:24.0200 0x2770 HomeGroupProvider - ok
09:54:24.0226 0x2770 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:54:24.0241 0x2770 HpSAMD - ok
09:54:24.0313 0x2770 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:54:24.0380 0x2770 HTTP - ok
09:54:24.0405 0x2770 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:54:24.0418 0x2770 hwpolicy - ok
09:54:24.0448 0x2770 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:54:24.0472 0x2770 i8042prt - ok
09:54:24.0529 0x2770 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:54:24.0566 0x2770 iaStorV - ok
09:54:24.0642 0x2770 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:54:24.0693 0x2770 idsvc - ok
09:54:24.0722 0x2770 IEEtwCollectorService - ok
09:54:24.0956 0x2770 [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
09:54:25.0251 0x2770 igfx - ok
09:54:25.0289 0x2770 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:54:25.0311 0x2770 iirsp - ok
09:54:25.0394 0x2770 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
09:54:25.0447 0x2770 IKEEXT - ok
09:54:25.0472 0x2770 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
09:54:25.0486 0x2770 intelide - ok
09:54:25.0510 0x2770 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:54:25.0531 0x2770 intelppm - ok
09:54:25.0565 0x2770 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:54:25.0630 0x2770 IPBusEnum - ok
09:54:25.0655 0x2770 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:54:25.0709 0x2770 IpFilterDriver - ok
09:54:25.0761 0x2770 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:54:25.0817 0x2770 iphlpsvc - ok
09:54:25.0833 0x2770 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:54:25.0863 0x2770 IPMIDRV - ok
09:54:25.0890 0x2770 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:54:25.0956 0x2770 IPNAT - ok
09:54:26.0085 0x2770 [ BD713ED20CFD71C32C4BE1928423AE9A, E0EE95FEA3930EA335D9B1FF74EEFAA61ECEC89AEBB1D0E43A1E1088F9990273 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:54:26.0132 0x2770 iPod Service - ok
09:54:26.0143 0x2770 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:54:26.0187 0x2770 IRENUM - ok
09:54:26.0209 0x2770 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:54:26.0224 0x2770 isapnp - ok
09:54:26.0269 0x2770 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:54:26.0290 0x2770 iScsiPrt - ok
09:54:26.0317 0x2770 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:54:26.0333 0x2770 kbdclass - ok
09:54:26.0365 0x2770 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:54:26.0394 0x2770 kbdhid - ok
09:54:26.0419 0x2770 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] KeyIso C:\Windows\system32\lsass.exe
09:54:26.0433 0x2770 KeyIso - ok
09:54:26.0488 0x2770 [ BEE1682DA217A4AD46C36896769AA580, 4D853D78E459F7BFE4F4217FCAD47CDACFAC19C2F6CF8261FBAA46BDB387FFDC ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
09:54:26.0536 0x2770 kl1 - ok
09:54:26.0571 0x2770 [ 86F40D79CE80ACBE6BEBAC8CE89D75A0, 8B800425160D1AF3C32EF7B5CA794658EE09CD3EE782473D8D38E1C7706076B3 ] klbackupdisk C:\Windows\system32\DRIVERS\klbackupdisk.sys
09:54:26.0586 0x2770 klbackupdisk - ok
09:54:26.0625 0x2770 [ C80861511ADA03A65DC12FAA207592F8, 2B50E009DB0D050099E558B7510104B930966EE8BB94CC0F62D1BFD765D5C7AD ] klbackupflt C:\Windows\system32\DRIVERS\klbackupflt.sys
09:54:26.0653 0x2770 klbackupflt - ok
09:54:26.0691 0x2770 [ 1557DF622127972EDB3DD3A61E7763CC, F6E8F31760B549B882180EB6FB45B40CA6CEDC5E61B11E02609C26E053F7C902 ] kldisk C:\Windows\system32\DRIVERS\kldisk.sys
09:54:26.0707 0x2770 kldisk - ok
09:54:26.0747 0x2770 [ DE7D2DEDE9C9D5219AA439172BA8D21C, B4573553DF8605A6C9417683B6AA12A596E8777175C39567B91BF03CE895D625 ] klflt C:\Windows\system32\DRIVERS\klflt.sys
09:54:26.0768 0x2770 klflt - ok
09:54:26.0806 0x2770 [ C62B714428FD30DD7B3115566C3F470B, 991CA0FCA02D744BAB29FF3F0029BC99EF85C7D8B8024EF5EF51589639191B05 ] klhk C:\Windows\system32\DRIVERS\klhk.sys
09:54:26.0827 0x2770 klhk - ok
09:54:26.0897 0x2770 [ DFF69C0DB50E1211E82541835448A1CE, 9EE94CCE492262F79B5AF8D9BF9B3F1AA62645465F537EE734F66832BDB67166 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
09:54:26.0936 0x2770 KLIF - ok
09:54:26.0949 0x2770 [ 3553584440A11136C899B67ACC8CBE9D, B3D6D2E78B0FF0AF5A98E708D977978EA81E99D78F2E9CA2145B466AB4B11342 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
09:54:26.0964 0x2770 KLIM6 - ok
09:54:27.0001 0x2770 [ 22C4E9381C60DA78161FA042FDBA6873, B6CC05C1401E788BCCC8CF668216D9B78A8B51409D3CFBF419047933195062E0 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
09:54:27.0016 0x2770 klkbdflt - ok
09:54:27.0053 0x2770 [ D792857D47B8DF5BFEC02534C1933BE2, BDD483FA8E2DC50DB4E54D475867455F0D7E115494E2A31CD27A065C7EC26951 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
09:54:27.0069 0x2770 klmouflt - ok
09:54:27.0147 0x2770 [ F610F5F17BC87D61EF8954CCD793BAE4, A77FE26B4A474FE799C3D569BDD7858319C57FC14C1BB43ECFAB1FDB19AF5DC6 ] klpd C:\Windows\system32\DRIVERS\klpd.sys
09:54:27.0172 0x2770 klpd - ok
09:54:27.0209 0x2770 [ B36DEE2A91F9388C4D3ED744592DE81D, 78D64539A375C80250FB9FA5E1DDA208B331A85916E19ED1353623DDF750EC58 ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
09:54:27.0227 0x2770 kltdi - ok
09:54:27.0271 0x2770 [ 2AA3537309C2B9A7F120FB9E6A38250A, 6FD904542E0A21C4D6E46FB3EE11789938B90151D24531EB5319E62759D225DF ] Klwtp C:\Windows\system32\DRIVERS\klwtp.sys
09:54:27.0303 0x2770 Klwtp - ok
09:54:27.0338 0x2770 [ 1686DE8288052316EFDD49EEA8929065, AD43D6ACCD8693BD76F218E1A4EE088BA061C1309A3E7DAA7EC94D875985D895 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
09:54:27.0361 0x2770 kneps - ok
09:54:27.0408 0x2770 [ BCC83F22805F560C8A487F2F296A78FE, B6729B9D85CC3B9377E3143FEF920EFAA82D152845A43074417E9266C9F5C1A8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:54:27.0427 0x2770 KSecDD - ok
09:54:27.0462 0x2770 [ 33D52A96BEEE8AFCE9E07EEC9FE0C9DB, 5367B46A43296792A0E6294906D40511079D5CAA23F08D5A7EDE02C06AD34484 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:54:27.0479 0x2770 KSecPkg - ok
09:54:27.0505 0x2770 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:54:27.0564 0x2770 ksthunk - ok
09:54:27.0607 0x2770 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
09:54:27.0690 0x2770 KtmRm - ok
09:54:27.0742 0x2770 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
09:54:27.0782 0x2770 LanmanServer - ok
09:54:27.0817 0x2770 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:54:27.0855 0x2770 LanmanWorkstation - ok
09:54:27.0877 0x2770 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:54:27.0930 0x2770 lltdio - ok
09:54:27.0959 0x2770 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:54:28.0032 0x2770 lltdsvc - ok
09:54:28.0063 0x2770 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:54:28.0130 0x2770 lmhosts - ok
09:54:28.0166 0x2770 [ CEDA82048C4958171674D0E9373B1A68, 3FB093DD108D2457A169CA9EE230A3299AC7483BBBC7565360C4E6AB2242368C ] LMS C:\Program Files (x86)\Intel\AMT\LMS.exe
09:54:28.0173 0x2770 LMS - detected UnsignedFile.Multi.Generic ( 1 )
09:54:30.0930 0x2770 Detect skipped due to KSN trusted
09:54:30.0930 0x2770 LMS - ok
09:54:30.0965 0x2770 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:54:30.0981 0x2770 LSI_FC - ok
09:54:31.0003 0x2770 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:54:31.0022 0x2770 LSI_SAS - ok
09:54:31.0038 0x2770 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
09:54:31.0055 0x2770 LSI_SAS2 - ok
09:54:31.0073 0x2770 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:54:31.0090 0x2770 LSI_SCSI - ok
09:54:31.0106 0x2770 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
09:54:31.0162 0x2770 luafv - ok
09:54:31.0210 0x2770 [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:54:31.0224 0x2770 MBAMProtector - ok
09:54:31.0326 0x2770 [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
09:54:31.0493 0x2770 MBAMScheduler - ok
09:54:31.0545 0x2770 [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
09:54:31.0618 0x2770 MBAMService - ok
09:54:31.0679 0x2770 [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
09:54:31.0698 0x2770 MBAMSwissArmy - ok
09:54:31.0714 0x2770 [ D61070CFAD43038DC56AEAD9BFE9CE2A, BD77AEF60E7FD2015CB14A464799304359547146C14A47F8D25274ACFA2E42D5 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
09:54:31.0727 0x2770 MBAMWebAccessControl - ok
09:54:31.0745 0x2770 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:54:31.0764 0x2770 Mcx2Svc - ok
09:54:31.0864 0x2770 [ E3AD7C396002C00BBDD346BA43418FA5, 748D80330AAC26EFF4CBAC07E62FB13099C45DADAFC32D3CF74CBD7EBE5F8185 ] MediatekRegistryWriter C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe
09:54:31.0898 0x2770 MediatekRegistryWriter - ok
09:54:31.0946 0x2770 [ A4A92227408FF2A694AC01FCBE4F4432, A9438B985FA89F6E211A3DB8801C34CAD4E4435DA832DBE4972BF33FA553A6C5 ] MediatekRegistryWriter64 C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe
09:54:31.0980 0x2770 MediatekRegistryWriter64 - ok
09:54:31.0998 0x2770 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
09:54:32.0014 0x2770 megasas - ok
09:54:32.0046 0x2770 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
09:54:32.0070 0x2770 MegaSR - ok
09:54:32.0090 0x2770 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
09:54:32.0154 0x2770 MMCSS - ok
09:54:32.0181 0x2770 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
09:54:32.0242 0x2770 Modem - ok
09:54:32.0271 0x2770 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:54:32.0305 0x2770 monitor - ok
09:54:32.0324 0x2770 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:54:32.0338 0x2770 mouclass - ok
09:54:32.0357 0x2770 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:54:32.0382 0x2770 mouhid - ok
09:54:32.0419 0x2770 [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:54:32.0435 0x2770 mountmgr - ok
09:54:32.0502 0x2770 [ 98DA127D0AB8B6CB5773546AF60D9217, BB07F34552342CA40E843F80AA32C928C29EF81789605E53C795EFD564F2DA7F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:54:32.0523 0x2770 MozillaMaintenance - ok
09:54:32.0548 0x2770 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
09:54:32.0566 0x2770 mpio - ok
09:54:32.0605 0x2770 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:54:32.0644 0x2268 Object required for P2P: [ 295A5BFCE8D225D014DB4E6E69336279 ] AdobeFlashPlayerUpdateSvc
09:54:32.0672 0x2770 mpsdrv - ok
09:54:32.0730 0x2770 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:54:32.0800 0x2770 MpsSvc - ok
09:54:32.0861 0x2770 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:54:32.0914 0x2770 MRxDAV - ok
09:54:32.0951 0x2770 [ 73ADDCC406B86E7DA4416691E8E74BDA, 4EC970B9095E6DAA79BF7EFB92DF3F2C0AB0C46739AA36C171A262E05B63CBB5 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:54:33.0027 0x2770 mrxsmb - ok
09:54:33.0070 0x2770 [ 7C81098FBAF2EAF5B54B939F832B0F61, 999435DF4638ECB136D5BF1B84305A84B215BAB542E4D5301E57D28D507E11B3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:54:33.0096 0x2770 mrxsmb10 - ok
09:54:33.0116 0x2770 [ ACB763673BCCE6C7B3B8F858C9FE4F1F, CCD49558F8A01A225AEAE60BF299BCA6E9399E39F4F553FABC36CADB164BBBC0 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:54:33.0148 0x2770 mrxsmb20 - ok
09:54:33.0185 0x2770 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
09:54:33.0200 0x2770 msahci - ok
09:54:33.0227 0x2770 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:54:33.0252 0x2770 msdsm - ok
09:54:33.0271 0x2770 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
09:54:33.0330 0x2770 MSDTC - ok
09:54:33.0368 0x2770 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:54:33.0474 0x2770 Msfs - ok
09:54:33.0489 0x2770 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:54:33.0547 0x2770 mshidkmdf - ok
09:54:33.0570 0x2770 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:54:33.0603 0x2770 msisadrv - ok
09:54:33.0633 0x2770 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:54:33.0711 0x2770 MSiSCSI - ok
09:54:33.0716 0x2770 msiserver - ok
09:54:33.0735 0x2770 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:54:33.0771 0x2770 MSKSSRV - ok
09:54:33.0782 0x2770 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:54:33.0831 0x2770 MSPCLOCK - ok
09:54:33.0859 0x2770 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:54:33.0916 0x2770 MSPQM - ok
09:54:33.0938 0x2770 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:54:34.0044 0x2770 MsRPC - ok
09:54:34.0057 0x2770 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
09:54:34.0073 0x2770 mssmbios - ok
09:54:34.0086 0x2770 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:54:34.0133 0x2770 MSTEE - ok
09:54:34.0148 0x2770 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
09:54:34.0207 0x2770 MTConfig - ok
09:54:34.0225 0x2770 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
09:54:34.0243 0x2770 Mup - ok
09:54:34.0282 0x2770 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
09:54:34.0346 0x2770 napagent - ok
09:54:34.0372 0x2770 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:54:34.0409 0x2770 NativeWifiP - ok
09:54:34.0480 0x2770 [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:54:34.0555 0x2770 NDIS - ok
09:54:34.0567 0x2770 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:54:34.0604 0x2770 NdisCap - ok
09:54:34.0628 0x2770 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:54:34.0683 0x2770 NdisTapi - ok
09:54:34.0704 0x2770 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:54:34.0740 0x2770 Ndisuio - ok
09:54:34.0768 0x2770 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:54:34.0831 0x2770 NdisWan - ok
09:54:34.0865 0x2770 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:54:34.0924 0x2770 NDProxy - ok
09:54:34.0945 0x2770 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:54:34.0996 0x2770 NetBIOS - ok
09:54:35.0031 0x2770 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:54:35.0085 0x2770 NetBT - ok
09:54:35.0106 0x2770 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] Netlogon C:\Windows\system32\lsass.exe
09:54:35.0120 0x2770 Netlogon - ok
09:54:35.0162 0x2770 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
09:54:35.0206 0x2770 Netman - ok
09:54:35.0264 0x2770 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:54:35.0283 0x2770 NetMsmqActivator - ok
09:54:35.0308 0x2770 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:54:35.0327 0x2770 NetPipeActivator - ok
09:54:35.0364 0x2770 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
09:54:35.0372 0x2268 Object send P2P result: true
09:54:35.0495 0x2770 netprofm - ok
09:54:35.0619 0x2770 [ 6CC3ECA56D266D571A1FB3BBC3F2D904, 76B11CDFB770C0920A1C3FADB8FB3700F3B3B6356D575288EF0081205DF4F3E9 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
09:54:35.0725 0x2770 netr28ux - ok
09:54:35.0746 0x2770 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:54:35.0764 0x2770 NetTcpActivator - ok
09:54:35.0771 0x2770 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:54:35.0789 0x2770 NetTcpPortSharing - ok
09:54:35.0813 0x2770 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

part two is in the next post
mavensophie is offline  
Old 01-25-2016, 07:03 AM   #18
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

this is part two of the tds killer report. full report is attached

09:54:35.0828 0x2770 nfrd960 - ok
09:54:35.0871 0x2770 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
09:54:35.0946 0x2770 NlaSvc - ok
09:54:35.0970 0x2770 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:54:36.0022 0x2770 Npfs - ok
09:54:36.0057 0x2770 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
09:54:36.0097 0x2770 nsi - ok
09:54:36.0113 0x2770 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:54:36.0163 0x2770 nsiproxy - ok
09:54:36.0254 0x2770 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:54:36.0353 0x2770 Ntfs - ok
09:54:36.0379 0x2770 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
09:54:36.0415 0x2770 Null - ok
09:54:36.0834 0x2770 [ FE2909F7DFB12B9A20AD207FE23B7E96, FC34F5052CC147BEAE2D0C7F1005183A0B39116BBA8D690918FF4CEE3B17F4D9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:54:37.0309 0x2770 nvlddmkm - ok
09:54:37.0376 0x2770 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:54:37.0395 0x2770 nvraid - ok
09:54:37.0429 0x2770 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:54:37.0472 0x2770 nvstor - ok
09:54:37.0566 0x2770 [ 3341D2C91989BC87C3C0BAA97C27253B, D056278751E5DE9CAC488B60D4C203611227845494B85AFD6EBA328DB4FE34D0 ] nvsvc C:\Windows\system32\nvvsvc.exe
09:54:37.0622 0x2770 nvsvc - ok
09:54:37.0725 0x2770 [ 551CE34DAD2DFF0A480781E68B286E4D, 01F1D83350715BF23C246E3CBBBB4556FAC72DEF66F5173586A1FC0D3058FEF0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
09:54:37.0810 0x2770 nvUpdatusService - ok
09:54:37.0843 0x2770 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:54:37.0861 0x2770 nv_agp - ok
09:54:37.0936 0x2770 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:54:37.0970 0x2770 odserv - ok
09:54:37.0988 0x2770 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:54:38.0011 0x2770 ohci1394 - ok
09:54:38.0124 0x2770 [ 2EB5B86440EB012C483D68E728F4AEAD, 29B0569107D492F6CA627D96E0F4A173F6CE13AC659C0A3EE93D29EB8A7CC8B6 ] OpenVPNService C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe
09:54:38.0139 0x2770 OpenVPNService - ok
09:54:38.0188 0x2770 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:54:38.0221 0x2770 ose - ok
09:54:38.0273 0x2770 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:54:38.0347 0x2770 p2pimsvc - ok
09:54:38.0380 0x2770 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
09:54:38.0417 0x2770 p2psvc - ok
09:54:38.0437 0x2770 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:54:38.0471 0x2770 Parport - ok
09:54:38.0514 0x2770 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:54:38.0529 0x2770 partmgr - ok
09:54:38.0560 0x2770 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:54:38.0621 0x2770 PcaSvc - ok
09:54:38.0657 0x2770 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
09:54:38.0675 0x2770 pci - ok
09:54:38.0704 0x2770 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
09:54:38.0718 0x2770 pciide - ok
09:54:38.0740 0x2770 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:54:38.0760 0x2770 pcmcia - ok
09:54:38.0803 0x2770 [ A2AC545AB59AB2A564058B9A60F6456F, 776C34F6E4C6CE35CC197CEE5B736B8ED0356512E88AC1E53D5D58442D3ED9C6 ] PCPitstop Scheduling C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
09:54:38.0816 0x2770 PCPitstop Scheduling - ok
09:54:38.0834 0x2770 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
09:54:38.0856 0x2770 pcw - ok
09:54:38.0921 0x2770 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:54:38.0971 0x2770 PEAUTH - ok
09:54:39.0041 0x2770 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:54:39.0058 0x2770 PerfHost - ok
09:54:39.0145 0x2770 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
09:54:39.0242 0x2770 pla - ok
09:54:39.0293 0x2770 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:54:39.0338 0x2770 PlugPlay - ok
09:54:39.0358 0x2770 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:54:39.0399 0x2770 PNRPAutoReg - ok
09:54:39.0460 0x2770 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:54:39.0484 0x2770 PNRPsvc - ok
09:54:39.0527 0x2770 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:54:39.0627 0x2770 PolicyAgent - ok
09:54:39.0667 0x2770 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
09:54:39.0785 0x2770 Power - ok
09:54:39.0821 0x2770 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:54:39.0885 0x2770 PptpMiniport - ok
09:54:39.0912 0x2770 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
09:54:39.0930 0x2770 Processor - ok
09:54:39.0988 0x2770 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
09:54:40.0035 0x2770 ProfSvc - ok
09:54:40.0054 0x2770 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:54:40.0071 0x2770 ProtectedStorage - ok
09:54:40.0103 0x2770 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:54:40.0152 0x2770 Psched - ok
09:54:40.0210 0x2770 [ AED797CCA02783296C68AA10D0CFF8A9, DAD0ECDA3DE4F8A95B6DB8E447E484CD13A14133D39D766E7D0FB166E29216E8 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
09:54:40.0243 0x2770 PxHlpa64 - ok
09:54:40.0320 0x2770 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:54:40.0399 0x2770 ql2300 - ok
09:54:40.0440 0x2770 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:54:40.0457 0x2770 ql40xx - ok
09:54:40.0488 0x2770 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
09:54:40.0530 0x2770 QWAVE - ok
09:54:40.0557 0x2770 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:54:40.0599 0x2770 QWAVEdrv - ok
09:54:40.0624 0x2770 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:54:40.0680 0x2770 RasAcd - ok
09:54:40.0716 0x2770 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:54:40.0768 0x2770 RasAgileVpn - ok
09:54:40.0797 0x2770 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
09:54:40.0853 0x2770 RasAuto - ok
09:54:40.0876 0x2770 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:54:40.0929 0x2770 Rasl2tp - ok
09:54:40.0952 0x2770 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
09:54:41.0028 0x2770 RasMan - ok
09:54:41.0054 0x2770 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:54:41.0125 0x2770 RasPppoe - ok
09:54:41.0147 0x2770 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:54:41.0185 0x2770 RasSstp - ok
09:54:41.0246 0x2770 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:54:41.0302 0x2770 rdbss - ok
09:54:41.0319 0x2770 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
09:54:41.0366 0x2770 rdpbus - ok
09:54:41.0392 0x2770 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:54:41.0448 0x2770 RDPCDD - ok
09:54:41.0482 0x2770 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:54:41.0611 0x2770 RDPENCDD - ok
09:54:41.0638 0x2770 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:54:41.0714 0x2770 RDPREFMP - ok
09:54:41.0816 0x2770 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:54:41.0899 0x2770 RdpVideoMiniport - ok
09:54:41.0934 0x2770 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:54:41.0985 0x2770 RDPWD - ok
09:54:42.0006 0x2770 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:54:42.0026 0x2770 rdyboost - ok
09:54:42.0076 0x2770 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:54:42.0118 0x2770 RemoteAccess - ok
09:54:42.0162 0x2770 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:54:42.0212 0x2770 RemoteRegistry - ok
09:54:42.0244 0x2770 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:54:42.0313 0x2770 RpcEptMapper - ok
09:54:42.0338 0x2770 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
09:54:42.0375 0x2770 RpcLocator - ok
09:54:42.0407 0x2770 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
09:54:42.0456 0x2770 RpcSs - ok
09:54:42.0483 0x2770 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:54:42.0520 0x2770 rspndr - ok
09:54:42.0528 0x2770 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] SamSs C:\Windows\system32\lsass.exe
09:54:42.0542 0x2770 SamSs - ok
09:54:42.0559 0x2770 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:54:42.0576 0x2770 sbp2port - ok
09:54:42.0604 0x2770 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:54:42.0647 0x2770 SCardSvr - ok
09:54:42.0659 0x2770 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:54:42.0712 0x2770 scfilter - ok
09:54:42.0768 0x2770 [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll
09:54:42.0862 0x2770 Schedule - ok
09:54:42.0897 0x2770 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
09:54:42.0932 0x2770 SCPolicySvc - ok
09:54:42.0950 0x2770 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:54:43.0104 0x2770 SDRSVC - ok
09:54:43.0249 0x2770 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:54:43.0358 0x2770 secdrv - ok
09:54:43.0376 0x2770 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
09:54:43.0426 0x2770 seclogon - ok
09:54:43.0454 0x2770 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
09:54:43.0556 0x2770 SENS - ok
09:54:43.0586 0x2770 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:54:43.0639 0x2770 SensrSvc - ok
09:54:43.0653 0x2770 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:54:43.0693 0x2770 Serenum - ok
09:54:43.0720 0x2770 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:54:43.0760 0x2770 Serial - ok
09:54:43.0776 0x2770 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:54:43.0805 0x2770 sermouse - ok
09:54:43.0834 0x2770 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
09:54:43.0896 0x2770 SessionEnv - ok
09:54:43.0912 0x2770 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:54:43.0948 0x2770 sffdisk - ok
09:54:43.0968 0x2770 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:54:43.0986 0x2770 sffp_mmc - ok
09:54:44.0013 0x2770 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:54:44.0042 0x2770 sffp_sd - ok
09:54:44.0067 0x2770 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
09:54:44.0082 0x2770 sfloppy - ok
09:54:44.0125 0x2770 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:54:44.0208 0x2770 SharedAccess - ok
09:54:44.0248 0x2770 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:54:44.0295 0x2770 ShellHWDetection - ok
09:54:44.0309 0x2770 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
09:54:44.0325 0x2770 SiSRaid2 - ok
09:54:44.0335 0x2770 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:54:44.0353 0x2770 SiSRaid4 - ok
09:54:44.0450 0x2770 [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:54:44.0488 0x2770 SkypeUpdate - ok
09:54:44.0535 0x2770 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:54:44.0595 0x2770 Smb - ok
09:54:44.0623 0x2770 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:54:44.0664 0x2770 SNMPTRAP - ok
09:54:44.0712 0x2770 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
09:54:44.0726 0x2770 spldr - ok
09:54:44.0788 0x2770 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
09:54:44.0835 0x2770 Spooler - ok
09:54:44.0980 0x2770 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
09:54:45.0198 0x2770 sppsvc - ok
09:54:45.0219 0x2770 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:54:45.0258 0x2770 sppuinotify - ok
09:54:45.0349 0x2770 [ EAD5300C93946B0250A309E2BF2BE4CF, 6B9131D94ED31F838B1820EE67F068C4741B69D5C655587C89C9477986BD270F ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
09:54:45.0370 0x2770 SQLWriter - ok
09:54:45.0416 0x2770 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:54:45.0501 0x2770 srv - ok
09:54:45.0567 0x2770 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:54:45.0614 0x2770 srv2 - ok
09:54:45.0651 0x2770 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:54:45.0716 0x2770 srvnet - ok
09:54:45.0750 0x2770 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:54:45.0813 0x2770 SSDPSRV - ok
09:54:45.0835 0x2770 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:54:45.0892 0x2770 SstpSvc - ok
09:54:45.0920 0x2770 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
09:54:45.0941 0x2770 stexstor - ok
09:54:45.0988 0x2770 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
09:54:46.0045 0x2770 stisvc - ok
09:54:46.0070 0x2770 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
09:54:46.0084 0x2770 swenum - ok
09:54:46.0113 0x2770 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
09:54:46.0197 0x2770 swprv - ok
09:54:46.0293 0x2770 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll
09:54:46.0418 0x2770 SysMain - ok
09:54:46.0445 0x2770 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:54:46.0505 0x2770 TabletInputService - ok
09:54:46.0547 0x2770 [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
09:54:46.0562 0x2770 tap0901 - ok
09:54:46.0581 0x2770 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
09:54:46.0637 0x2770 TapiSrv - ok
09:54:46.0652 0x2770 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
09:54:46.0706 0x2770 TBS - ok
09:54:46.0802 0x2770 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:54:46.0892 0x2770 Tcpip - ok
09:54:46.0963 0x2770 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:54:47.0020 0x2770 TCPIP6 - ok
09:54:47.0069 0x2770 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:54:47.0084 0x2770 tcpipreg - ok
09:54:47.0111 0x2770 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:54:47.0172 0x2770 TDPIPE - ok
09:54:47.0195 0x2770 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:54:47.0223 0x2770 TDTCP - ok
09:54:47.0256 0x2770 [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:54:47.0279 0x2770 tdx - ok
09:54:47.0572 0x2770 [ 2AA61246A5B813C1B12BCCFAA6F23DD8, 74EE3DB839A0F4BC781294803281DB2248D013B8808FF05F2EE9597C14C6FEED ] TeamViewer C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
09:54:47.0832 0x2770 TeamViewer - ok
09:54:47.0875 0x2770 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
09:54:47.0895 0x2770 TermDD - ok
09:54:47.0955 0x2770 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
09:54:48.0035 0x2770 TermService - ok
09:54:48.0062 0x2770 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
09:54:48.0082 0x2770 Themes - ok
09:54:48.0123 0x2770 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
09:54:48.0160 0x2770 THREADORDER - ok
09:54:48.0177 0x2770 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
09:54:48.0219 0x2770 TrkWks - ok
09:54:48.0278 0x2770 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:54:48.0351 0x2770 TrustedInstaller - ok
09:54:48.0395 0x2770 [ 19BEDA57F3E0A06B8D5EB6D619BD5624, 952D5FAFD662C93628C12A6F7EB8E240A44216C0A15CBD2F5016BC357CBFE821 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:54:48.0486 0x2770 tssecsrv - ok
09:54:48.0526 0x2770 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:54:48.0570 0x2770 TsUsbFlt - ok
09:54:48.0597 0x2770 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
09:54:48.0633 0x2770 TsUsbGD - ok
09:54:48.0672 0x2770 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:54:48.0749 0x2770 tunnel - ok
09:54:48.0771 0x2770 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:54:48.0789 0x2770 uagp35 - ok
09:54:48.0813 0x2770 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:54:48.0889 0x2770 udfs - ok
09:54:48.0916 0x2770 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:54:48.0950 0x2770 UI0Detect - ok
09:54:48.0970 0x2770 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:54:48.0985 0x2770 uliagpkx - ok
09:54:48.0991 0x2770 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:54:49.0009 0x2770 umbus - ok
09:54:49.0025 0x2770 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
09:54:49.0042 0x2770 UmPass - ok
09:54:49.0191 0x2770 [ 641572746179865BA2AFD8FE2987541A, 9C3F1AF6874B637B239A02A6ADD40097DB0DDB576ABA45D6B07B642D74E2256A ] UNS C:\Program Files (x86)\Intel\AMT\UNS.exe
09:54:49.0322 0x2770 UNS - detected UnsignedFile.Multi.Generic ( 1 )
09:54:52.0084 0x2770 Detect skipped due to KSN trusted
09:54:52.0084 0x2770 UNS - ok
09:54:52.0139 0x2770 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
09:54:52.0198 0x2770 upnphost - ok
09:54:52.0247 0x2770 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
09:54:52.0272 0x2770 USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )
09:54:54.0718 0x2770 Detect skipped due to KSN trusted
09:54:54.0718 0x2770 USBAAPL64 - ok
09:54:54.0760 0x2770 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
09:54:54.0820 0x2770 usbaudio - ok
09:54:54.0848 0x2770 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:54:54.0905 0x2770 usbccgp - ok
09:54:54.0935 0x2770 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:54:54.0997 0x2770 usbcir - ok
09:54:55.0039 0x2770 [ 2773500AFE1BB7944C0F1D46C910B7DD, A842676FFDB84AD99BC4902821CC792B0401B0E39EA6BA53E9C6EA758414D365 ] UsbClientService C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
09:54:55.0065 0x2770 UsbClientService - detected UnsignedFile.Multi.Generic ( 1 )
09:54:57.0488 0x2770 Detect skipped due to KSN trusted
09:54:57.0488 0x2770 UsbClientService - ok
09:54:57.0523 0x2770 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:54:57.0556 0x2770 usbehci - ok
09:54:57.0608 0x2770 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:54:57.0648 0x2770 usbhub - ok
09:54:57.0692 0x2770 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:54:57.0739 0x2770 usbohci - ok
09:54:57.0781 0x2770 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
09:54:57.0824 0x2770 usbprint - ok
09:54:57.0872 0x2770 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:54:57.0941 0x2770 USBSTOR - ok
09:54:57.0975 0x2770 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:54:58.0001 0x2770 usbuhci - ok
09:54:58.0057 0x2770 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
09:54:58.0090 0x2770 usbvideo - ok
09:54:58.0113 0x2770 ute3otkw - ok
09:54:58.0130 0x2770 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
09:54:58.0183 0x2770 UxSms - ok
09:54:58.0234 0x2770 [ BCAD05667BF4B3388C8C72AC10F877E8, D7557B5E603F3AD9990E477F9944DC00BF42FAD3480B03F5E24CBB0525690C3B ] V0690Vid C:\Windows\system32\DRIVERS\V0690Vid.sys
09:54:58.0284 0x2770 V0690Vid - ok
09:54:58.0304 0x2770 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] VaultSvc C:\Windows\system32\lsass.exe
09:54:58.0319 0x2770 VaultSvc - ok
09:54:58.0332 0x2770 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:54:58.0347 0x2770 vdrvroot - ok
09:54:58.0414 0x2770 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
09:54:58.0591 0x2770 vds - ok
09:54:58.0630 0x2770 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:54:58.0650 0x2770 vga - ok
09:54:58.0669 0x2770 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:54:58.0709 0x2770 VgaSave - ok
09:54:58.0727 0x2770 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:54:58.0747 0x2770 vhdmp - ok
09:54:58.0783 0x2770 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
09:54:58.0799 0x2770 viaide - ok
09:54:58.0833 0x2770 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:54:58.0855 0x2770 volmgr - ok
09:54:58.0880 0x2770 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:54:58.0917 0x2770 volmgrx - ok
09:54:58.0942 0x2770 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:54:58.0974 0x2770 volsnap - ok
09:54:58.0992 0x2770 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:54:59.0010 0x2770 vsmraid - ok
09:54:59.0075 0x2770 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
09:54:59.0188 0x2770 VSS - ok
09:54:59.0348 0x2770 [ 79F4D90FAA0ACC1866F2F3E03E39CA89, EE08BCBF29A7E4AFFF520B8DF067281425F433EC275F8C86CE8F20F000E92E3D ] vssbrigde64 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe
09:54:59.0364 0x2770 vssbrigde64 - ok
09:54:59.0385 0x2770 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:54:59.0421 0x2770 vwifibus - ok
09:54:59.0444 0x2770 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:54:59.0491 0x2770 vwififlt - ok
09:54:59.0518 0x2770 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:54:59.0561 0x2770 vwifimp - ok
09:54:59.0664 0x2770 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
09:54:59.0720 0x2770 W32Time - ok
09:54:59.0738 0x2770 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:54:59.0782 0x2770 WacomPen - ok
09:54:59.0801 0x2770 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:54:59.0853 0x2770 WANARP - ok
09:54:59.0873 0x2770 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:54:59.0911 0x2770 Wanarpv6 - ok
09:54:59.0982 0x2770 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:55:00.0058 0x2770 WatAdminSvc - ok
09:55:00.0156 0x2770 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
09:55:00.0286 0x2770 wbengine - ok
09:55:00.0305 0x2770 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:55:00.0332 0x2770 WbioSrvc - ok
09:55:00.0376 0x2770 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:55:00.0438 0x2770 wcncsvc - ok
09:55:00.0466 0x2770 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:55:00.0556 0x2770 WcsPlugInService - ok
09:55:00.0576 0x2770 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
09:55:00.0591 0x2770 Wd - ok
09:55:00.0642 0x2770 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:55:00.0693 0x2770 Wdf01000 - ok
09:55:00.0747 0x2770 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:55:00.0803 0x2770 WdiServiceHost - ok
09:55:00.0813 0x2770 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:55:00.0833 0x2770 WdiSystemHost - ok
09:55:00.0878 0x2770 [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient C:\Windows\System32\webclnt.dll
09:55:00.0926 0x2770 WebClient - ok
09:55:00.0962 0x2770 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:55:01.0026 0x2770 Wecsvc - ok
09:55:01.0052 0x2770 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:55:01.0102 0x2770 wercplsupport - ok
09:55:01.0125 0x2770 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
09:55:01.0182 0x2770 WerSvc - ok
09:55:01.0209 0x2770 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:55:01.0266 0x2770 WfpLwf - ok
09:55:01.0292 0x2770 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:55:01.0307 0x2770 WIMMount - ok
09:55:01.0326 0x2770 WinDefend - ok
09:55:01.0334 0x2770 WinHttpAutoProxySvc - ok
09:55:01.0445 0x2770 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:55:01.0533 0x2770 Winmgmt - ok
09:55:01.0639 0x2770 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
09:55:01.0816 0x2770 WinRM - ok
09:55:01.0873 0x2770 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys
09:55:01.0935 0x2770 WinUsb - ok
09:55:02.0151 0x2770 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:55:02.0216 0x2770 Wlansvc - ok
09:55:02.0232 0x2770 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:55:02.0248 0x2770 WmiAcpi - ok
09:55:02.0275 0x2770 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:55:02.0295 0x2770 wmiApSrv - ok
09:55:02.0317 0x2770 WMPNetworkSvc - ok
09:55:02.0355 0x2770 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:55:02.0411 0x2770 WPCSvc - ok
09:55:02.0454 0x2770 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:55:02.0536 0x2770 WPDBusEnum - ok
09:55:02.0560 0x2770 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:55:02.0621 0x2770 ws2ifsl - ok
09:55:02.0653 0x2770 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
09:55:02.0687 0x2770 wscsvc - ok
09:55:02.0692 0x2770 WSearch - ok
09:55:02.0842 0x2770 [ 361845875ED8ED13086E7F37265C45DA, A0931DC1E35712036E93BBC3600530C0DA12E94E0D898787C818C526DFF240C2 ] wuauserv C:\Windows\system32\wuaueng.dll
09:55:02.0980 0x2770 wuauserv - ok
09:55:03.0025 0x2770 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:55:03.0049 0x2770 WudfPf - ok
09:55:03.0070 0x2770 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\drivers\WUDFRd.sys
09:55:03.0103 0x2770 WUDFRd - ok
09:55:03.0135 0x2770 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:55:03.0172 0x2770 wudfsvc - ok
09:55:03.0208 0x2770 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
09:55:03.0272 0x2770 WwanSvc - ok
09:55:03.0298 0x2770 ================ Scan global ===============================
09:55:03.0350 0x2770 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
09:55:03.0391 0x2770 [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll
09:55:03.0414 0x2770 [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll
09:55:03.0459 0x2770 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
09:55:03.0497 0x2770 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
09:55:03.0518 0x2770 [ Global ] - ok
09:55:03.0519 0x2770 ================ Scan MBR ==================================
09:55:03.0531 0x2770 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:55:04.0068 0x2770 \Device\Harddisk0\DR0 - ok
09:55:04.0069 0x2770 ================ Scan VBR ==================================
09:55:04.0072 0x2770 [ 4FD063FFE049F176B4F008E17FC3C1B8 ] \Device\Harddisk0\DR0\Partition1
09:55:04.0074 0x2770 \Device\Harddisk0\DR0\Partition1 - ok
09:55:04.0078 0x2770 [ 83C368C7CA6EAE05E0C8C85D34119E9F ] \Device\Harddisk0\DR0\Partition2
09:55:04.0080 0x2770 \Device\Harddisk0\DR0\Partition2 - ok
09:55:04.0081 0x2770 ================ Scan generic autorun ======================
09:55:04.0122 0x2770 [ 15F5969DD260FA5CE8A99E35AFD83624, 53AE0E35815C8F160DC3505BCC4C4D420DED88F7E32230E2D68096BC64038EA0 ] C:\Program Files (x86)\Intel\AMT\atchk.exe
09:55:04.0156 0x2770 atchk - detected UnsignedFile.Multi.Generic ( 1 )
09:55:06.0916 0x2770 Detect skipped due to KSN trusted
09:55:06.0916 0x2770 atchk - ok
09:55:06.0994 0x2770 [ FE18DDEA98D90DBF850AFCA0158ABEC8, 8EC0099B560CC23DA6D26A71A202667D1A7C4BC37CE0F9F3458EA40440541D06 ] C:\Program Files\Everything\Everything.exe
09:55:07.0063 0x2770 Everything - detected UnsignedFile.Multi.Generic ( 1 )
09:55:09.0484 0x2770 Detect skipped due to KSN trusted
09:55:09.0484 0x2770 Everything - ok
09:55:09.0561 0x2770 [ C7F017C9B163E7DAB864649E8241F683, F007F107FCA0E3A12D7E900101EBF02C2453D4AA56BE18769E86B592C88C5106 ] C:\Program Files\iTunes\iTunesHelper.exe
09:55:09.0576 0x2770 iTunesHelper - ok
09:55:09.0678 0x2770 [ 81AC5268574856C96D83C4519446864A, 96C159A67356EEA3255A2CAF0074396EDF931184EDCA43F5E984E411341C85D1 ] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
09:55:09.0771 0x2770 SoundMAXPnP - ok
09:55:09.0901 0x2770 [ BF457D66FECE21221910346A4D843C49, 522BDDA8870D77D4BF30A2E85C6075CF61D777ABF13340EB506E4FCC9F66FDFE ] C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe
09:55:09.0983 0x2770 Live! Central 3 - detected UnsignedFile.Multi.Generic ( 1 )
09:55:13.0943 0x2770 Live! Central 3 ( UnsignedFile.Multi.Generic ) - warning
09:55:13.0943 0x2770 Force sending object to P2P due to detect: C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe
09:55:16.0965 0x2770 Object send P2P result: true
09:55:19.0530 0x2770 [ E13B8ADBDAC56E4E4749DDED23E70740, 8D4C11EDEECB3AF466C272E645309787D4709540C4E8CDEFC7A354CEAD2B3B68 ] C:\Windows\V0690Mon.exe
09:55:19.0542 0x2770 V0690Mon.exe - ok
09:55:19.0628 0x2770 [ 7AA219D7AEAA8BADCAC7853AE6AE3BD5, 018F85DCD9EB33DC775CCCB58B999A640B6F8FEF37898EA45600B433E77CF9AE ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
09:55:19.0640 0x2770 APSDaemon - ok
09:55:19.0710 0x2770 [ 598781E4DDF84574834A3AA9E2C66EA6, E6BBC4A37336518682D7BCDC4127492784902299773CC5E0B252FE9A1D2EF9EC ] C:\Program Files (x86)\Logitech\H760\H760.exe
09:55:19.0727 0x2770 Logitech H760 - ok
09:55:19.0791 0x2770 [ 248FB4D46C7F4A39D601EA870EE55AC4, C9A3DA95F76AC9A6A032EE6DC18F9CA940B3A4A906B9DF983E5A8A6F1B8130A6 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
09:55:19.0826 0x2770 SunJavaUpdateSched - ok
09:55:19.0912 0x2770 [ 12A0A43DAE09BB84F942BBC3596F4C1A, C48295DA650EF6695AA67347292F014822A137A23738A40A29181530F48CE20E ] C:\Program Files (x86)\Citrix\GoToMeeting\4190\g2mstart.exe
09:55:19.0926 0x2770 GoToMeeting - ok
09:55:20.0091 0x2770 [ F8231D904D8DF316DEAFA08AB64BEB80, A6D5FA17F92F00683CEA936C91DDDA9A9E51804AC1104179A2A375A39EF13BF5 ] C:\Program Files (x86)\Classic Start Menu\ClassicStartMenu.exe
09:55:20.0263 0x2770 ClassicStartMenu - ok
09:55:20.0703 0x2770 [ 79F81FF72FC5D00515570CC8D2862A6A, E9F8D4C8987AB749173AF03F24956067D3E34B78A89ED9887FB0FAF0F83305CE ] C:\Program Files (x86)\Pamela\Pamela.exe
09:55:21.0166 0x2770 pamela.exe - ok
09:55:21.0496 0x2770 [ CE1DEC053DA24927E89D9AA196D31281, 39DD431CFCD10AA4E176062E33A0262FEE5806E192B37037C97439B1CEF232C8 ] C:\Program Files\CCleaner\CCleaner64.exe
09:55:21.0799 0x2770 CCleaner Monitoring - ok
09:55:21.0940 0x2770 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
09:55:21.0954 0x2770 Google Update - ok
09:55:22.0006 0x2770 Skype - ok
09:55:22.0057 0x2770 [ 36BF460E632A00D3621E555C1F49A2B8, 145ED5F77149C3CB3136990538F13015A9B20FF1C8009E552F729BDC2C3B79E4 ] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
09:55:22.0107 0x2770 RoboForm - ok
09:55:22.0185 0x2770 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:55:22.0328 0x2770 Sidebar - ok
09:55:22.0351 0x2770 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
09:55:22.0364 0x2770 Google Update - ok
09:55:22.0415 0x2770 [ F1B14F71252DE9AC763DBFBFBFC8C2DC, 796EA1D27ED5825E300C3C9505A87B2445886623235F3E41258DE90BA1604CD5 ] C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe
09:55:22.0432 0x2770 GoToMeeting - ok
09:55:22.0597 0x2770 [ F8231D904D8DF316DEAFA08AB64BEB80, A6D5FA17F92F00683CEA936C91DDDA9A9E51804AC1104179A2A375A39EF13BF5 ] C:\Program Files (x86)\Classic Start Menu\ClassicStartMenu.exe
09:55:22.0708 0x2770 ClassicStartMenu - ok
09:55:22.0724 0x2770 [ 36BF460E632A00D3621E555C1F49A2B8, 145ED5F77149C3CB3136990538F13015A9B20FF1C8009E552F729BDC2C3B79E4 ] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
09:55:22.0753 0x2770 RoboForm - ok
09:55:22.0754 0x2770 Xvid - ok
09:55:22.0790 0x2770 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:55:22.0878 0x2770 mctadmin - ok
09:55:22.0956 0x2770 [ CAFB55AA463C6DF8802122838D50D2BB, C500187AB0BAFE03622C8FC4754915ED4CD36F643E691BAF21C172C233660CC8 ] C:\Program Files (x86)\InstallShield Installation Information\{AC85CD9E-BC46-4874-90E6-ADB558DE7D9E}\Setup.exe
09:55:22.0969 0x2770 Inetreg - ok
09:55:23.0002 0x2770 CTPostBootSequencer - ok
09:55:23.0076 0x2770 [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
09:55:23.0169 0x2770 Sidebar - ok
09:55:23.0173 0x2770 Waiting for KSN requests completion. In queue: 18
09:55:24.0174 0x2770 Waiting for KSN requests completion. In queue: 18
09:55:25.0174 0x2770 Waiting for KSN requests completion. In queue: 18
09:55:26.0391 0x2770 AV detected via SS2: Kaspersky Total Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\wmiav.exe ( 16.0.0.614 ), 0x41000 ( enabled : updated )
09:55:26.0403 0x2770 FW detected via SS2: Kaspersky Total Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\wmiav.exe ( 16.0.0.614 ), 0x41010 ( enabled )
09:55:29.0253 0x2770 ============================================================
09:55:29.0253 0x2770 Scan finished
09:55:29.0253 0x2770 ============================================================
09:55:29.0262 0x26dc Detected object count: 1
09:55:29.0262 0x26dc Actual detected object count: 1
09:57:32.0336 0x26dc Live! Central 3 ( UnsignedFile.Multi.Generic ) - skipped by user
09:57:32.0336 0x26dc Live! Central 3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
Attached Files
File Type: txt tdsskiller-report.txt (104.3 KB, 25 views)
mavensophie is offline  
Old 01-26-2016, 03:57 AM   #19
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello movensophie,

As I have said before your logs are clean. The issue does not seem malware related. You can also ask for help from our forum about your problems.

Your reports are clear. Let's remove all tools and logs that we use.

CLEAN UP

Please download delfix to your desktop.
  • Close all other programs and start delfix.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Ensure Remove disinfection tools is ticked. Also tick: Create registry backup, Purge system restore
  • Click Run
  • delfix will now delete all found traces of our removal process.
Note: The program will run for a few moments and then notepad will open with a log. No need to post this log.

=========================================================

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System. Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help keep your computer from becoming vulnerable. It is best if you have these set to download automatically.

Turn ON Automatic Updates in Windows 7

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Backup and Restore - Microsoft Windows

------------------------------------------------------

PREVENTION

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
tekir06 is offline  
Old 01-26-2016, 01:05 PM   #20
Registered Member
 
Join Date: Aug 2009
Location: syracuse, ny
Posts: 187
OS: win7 64bit, xp (dead), 3 computers total


Send a message via Skype™ to mavensophie

thank you very much for your help. I appreciate it and I appreciate you.

Sophie
mavensophie is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Yandex.ru
Hi, I accidentally downloaded myself yandex.ru. I tried to update my sound drivers and then suddenly it was there. My bad, I know. But this yandex is now impossible to get rid of! Yeah, I followed every advice in the internet to disable yandex search bar and so on, but my Firefox is still in...
Keefan Resolved HJT Threads 64 12-11-2015 12:09 PM
Win 7 Homegroup - Settings Problem
I bought a new laptop, running Win 7 Home Premium, and I set up a Homegroup with another laptop, running Win 7 Pro. I took the Win 7 Pro laptop on a trip, and reconnected to the Homegroup when I returned. The Win 7 Pro laptop had no screen saver set up. The Win 7 Home Premium laptop was set up...
DocPit Windows 7 , Windows Vista Support 0 04-24-2011 07:35 PM
Your advices about app for Win phone
Hey guys! Recently, i started learning c# and developing for Win Phone 7.My idea is to create some kind of app for all travelers who are going to my country (Croatia).Beside regular things like history, cities and regions, coastline and islands, i am stuck with ideas what to implement...Do you...
imenica Offline 2 03-24-2011 04:40 AM
[SOLVED] Dual booting WinXP and Win 7
Hello all.Hope I am posting in the right spot.My apologies if not.I am looking for some help dual booting win xp and win 7.I was running win 7 ultimate 64 bit but was having some issues with games not having 64 bit support,so wanted to install XP 32 bit with Win 7 on dual boot,I created the...
CrazedCanadian Windows XP Support 2 03-07-2011 03:46 AM
How do install both win 7 and server 2003 OS in sony notebook ?
Hi Friends, I bought new Sony 64bit with win7 notebook recently (which I can back up the OS ). Now I need to install server 2003 as additional OS. When I do partition and installing 2003, not able to open win 7, itís missing. Hope as per my understanding, bootable files are overweighting with...
sri_01 Windows 7 , Windows Vista Support 1 01-02-2011 11:50 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 03:57 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts