Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winmonitor.exe - Computer freezing.


  • This topic is locked This topic is locked
45 replies to this topic

#1 Wenex

Wenex

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 23 March 2014 - 02:24 PM

Soo I noticed that winmonitor.exe trojan few days ago. I read about this virus, and now I'm sure it's freezing my computer. The problem is I can't get rid of it. My Avast sometimes telling me, that he found that trojan, but don't want to delete it nor place it in quarantine. 

 

Youtube videos are freezing. Entire system is freezing. When I canceled this process - "Winmonitor.exe" - in Manager of tasks, then it get better for a moment. Then that trojan come back after few hours...

Please help me!

 

Logs from dds.txt

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 11.0.2
Run by PC at 19:56:26 on 2014-03-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1045.18.3328.1651 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\BlueStacks\HD-LogRotatorService.exe
C:\Program Files\Hotspot Shield\bin\cmw_srv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Users\PC\AppData\Local\Temp\ToolbarUpdater.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\PC\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\PC\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
F:\Winamp\winamp.exe
C:\Program Files\Opera\18.0.1284.68\opera.exe
C:\Program Files\Opera\18.0.1284.68\opera_crashreporter.exe
C:\Program Files\Opera\18.0.1284.68\opera.exe
C:\Program Files\Opera\18.0.1284.68\opera.exe
C:\Program Files\Opera\18.0.1284.68\opera.exe
C:\Program Files\Opera\18.0.1284.68\opera.exe
C:\Program Files\Opera\18.0.1284.68\opera.exe
C:\Program Files\Opera\18.0.1284.68\opera.exe
C:\Program Files\Opera\18.0.1284.68\opera.exe
C:\Program Files\Opera\18.0.1284.68\opera.exe
C:\Program Files\Opera\18.0.1284.68\opera.exe
C:\Program Files\Opera\18.0.1284.68\opera.exe
C:\Program Files\Opera\18.0.1284.68\opera.exe
C:\Program Files\Wise PC Doctor\WisePcDoctor.exe
C:\Program Files\Opera\18.0.1284.68\opera.exe
C:\Program Files\Opera\18.0.1284.68\opera.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www1.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=086800FF522FE74B
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre8\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre8\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [GG] "c:\users\pc\appdata\local\gg\application\gghub.exe"
uRun: [xwidget] c:\program files\xwidget\xwidget.exe
uRun: [Desura] c:\program files\desura\desura.exe -autostart
uRun: [DriverMax] <no file>
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Nvtmru] "c:\program files\nvidia corporation\nvidia update core\nvtmru.exe"
mRun: [mobilegeni daemon] c:\program files\mobogenie\DaemonProcess.exe
mRun: [ShadowPlay] c:\windows\system32\rundll32.exe c:\windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
mRun: [BlueStacks Agent] c:\program files\bluestacks\HD-Agent.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &P&obierz &za pomocą BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: Pobierz wszystko za pomocą BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0640903B-1FFE-4EA1-8F31-FBE9B65EE89F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F219A11A-DAD8-448B-8894-3910EED25B53} : DHCPNameServer = 8.8.8.8
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.154\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pc\appdata\roaming\mozilla\firefox\profiles\ma2yh3os.default\
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\pc\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\pc\appdata\roaming\mozilla\firefox\profiles\ma2yh3os.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=086834810000000000000014858ef016&q=
FF - user.js: extensions.BabylonToolbar.id - 086834810000000000000014858ef016
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15736
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.7.2
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.7.2
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.22:15:34
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109718
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 0868348100000000000000ff522fe74b
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15814
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1623:32:58
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-8-14 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-8-14 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-1-30 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-1-30 369584]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-4-19 242240]
R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2013-9-29 41160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-1-30 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-1-30 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-8-14 46808]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\bluestacks\HD-Hypervisor-x86.sys [2014-3-6 113424]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\bluestacks\HD-LogRotatorService.exe [2014-3-6 385808]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2013-4-22 822504]
R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\cmw_srv.exe [2013-9-17 878888]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2013-9-17 556840]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe [2013-12-22 14652704]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2013-6-26 523944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-11-11 414496]
R2 TolbarUpdater;Toolbar Updater;c:\users\pc\appdata\local\temp\ToolbarUpdater.exe [2012-8-2 508416]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [2013-3-8 34432]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2013-1-31 22656]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-12-22 33568]
R3 RTL8167;Sterownik Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfswin7.sys [2013-6-26 584872]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaywin7.sys [2013-6-26 197800]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirwin7.sys [2013-6-26 24232]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolwin7.sys [2013-6-26 20136]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2013-6-26 207528]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2013-2-18 27136]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-9-17 37064]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\bluestacks\HD-Service.exe [2014-3-6 402192]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files\bluestacks\HD-UpdaterService.exe [2014-3-6 770832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\bitcomet\tools\bitcometservice.exe -service --> c:\program files\bitcomet\tools\BitCometService.exe -service [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\everest home edition\kerneld.wnt [2005-8-18 7168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-3-13 108032]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2013-2-18 745368]
S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\wat\WatAdminSvc.exe [2013-1-30 1343400]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
ShellExec: SC2Editor.exe: open="F:/hs/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="F:/hs/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-03-23 18:48:43 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b15bc492-a17a-42cc-8998-675cf62e2d74}\offreg.dll
2014-03-23 18:39:28 -------- d-----w- c:\program files\Wise PC Doctor
2014-03-21 13:27:56 7969936 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b15bc492-a17a-42cc-8998-675cf62e2d74}\mpengine.dll
2014-03-16 23:54:00 -------- d-----w- c:\users\pc\appdata\local\Bizarre Creations
2014-03-16 21:30:35 96664 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-03-16 04:32:26 -------- d-----w- c:\users\pc\appdata\roaming\RotMG.Production
2014-03-16 04:12:55 -------- d-----w- c:\program files\Steam
2014-03-13 15:20:58 469504 ----a-w- c:\program files\internet explorer\ieinstal.exe
2014-03-13 15:20:19 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-13 15:20:15 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-03-13 15:20:13 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-13 15:20:11 381440 ----a-w- c:\windows\system32\wer.dll
2014-03-13 01:10:27 -------- d-----w- c:\programdata\BlueStacks
2014-03-13 01:10:27 -------- d-----w- c:\program files\BlueStacks
2014-03-13 01:09:23 -------- d-----w- c:\programdata\BlueStacksSetup
2014-03-13 01:09:17 -------- d-----w- c:\users\pc\appdata\local\Bluestacks
2014-03-13 00:50:36 -------- d-----w- c:\users\pc\appdata\local\Smellyriver
2014-03-08 01:10:36 -------- d-----w- c:\users\pc\appdata\roaming\Fallout2
2014-03-02 04:24:48 -------- d-----w- c:\users\pc\appdata\roaming\Rovio
2014-02-27 01:44:58 -------- d-----w- c:\users\pc\appdata\roaming\UDP Software
2014-02-25 02:02:46 -------- d-----w- c:\windows\Migration
.
==================== Find3M  ====================
.
2014-03-12 19:38:47 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 19:38:47 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-01 04:11:20 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-03-01 04:10:48 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-01 03:52:43 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-01 03:38:23 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-01 03:37:35 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-01 03:31:30 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 03:14:15 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-03-01 03:00:08 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- c:\windows\system32\wininet.dll
2014-02-11 19:23:13 166400 ----a-w- c:\windows\system32\winmonitor.exe
2014-02-04 02:04:11 509440 ----a-w- c:\windows\system32\qedit.dll
2014-01-26 15:31:12 17864381 ----a-w- c:\windows\system32\libs.exe
2014-01-25 00:34:52 967 ----a-w- c:\windows\ScUnin.pif
2014-01-25 00:34:51 94208 ----a-w- c:\windows\ScUnin.exe
2014-01-07 11:06:59 137176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2014-01-07 11:06:41 268952 ----a-w- c:\windows\system32\PnkBstrB.xtr
2014-01-07 11:06:41 268952 ----a-w- c:\windows\system32\PnkBstrB.exe
2014-01-07 11:05:50 268952 ----a-w- c:\windows\system32\PnkBstrB.ex0
2014-01-07 11:02:10 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2014-01-07 10:51:48 22328 ----a-w- c:\users\pc\appdata\roaming\PnkBstrK.sys
2014-01-07 10:51:01 682280 ----a-w- c:\windows\system32\pbsvc.exe
2013-12-24 23:09:41 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-30 13:35:27 1093632 ----a-w- c:\program files\BESTplayer.exe
.
============= FINISH: 19:58:34,56 ===============
 
Attach.txt is in attach files.
I know that this winmonitor.exe is a trojan. Can you help me, please?

Attached Files


Edited by Wenex, 23 March 2014 - 02:40 PM.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 PM

Posted 23 March 2014 - 03:54 PM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Wenex

Wenex
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 23 March 2014 - 04:13 PM

22:11:11.0171 0x1174  TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
22:11:19.0652 0x1174  ============================================================
22:11:19.0652 0x1174  Current date / time: 2014/03/23 22:11:19.0652
22:11:19.0652 0x1174  SystemInfo:
22:11:19.0652 0x1174  
22:11:19.0653 0x1174  OS Version: 6.1.7601 ServicePack: 1.0
22:11:19.0653 0x1174  Product type: Workstation
22:11:19.0653 0x1174  ComputerName: PC-KOMPUTER
22:11:19.0654 0x1174  UserName: PC
22:11:19.0654 0x1174  Windows directory: C:\Windows
22:11:19.0654 0x1174  System windows directory: C:\Windows
22:11:19.0654 0x1174  Processor architecture: Intel x86
22:11:19.0654 0x1174  Number of processors: 1
22:11:19.0654 0x1174  Page size: 0x1000
22:11:19.0654 0x1174  Boot type: Normal boot
22:11:19.0654 0x1174  ============================================================
22:11:22.0168 0x1174  KLMD registered as C:\Windows\system32\drivers\21033637.sys
22:11:22.0723 0x1174  System UUID: {4182325C-CBB4-B85E-E0EB-A63192DC4466}
22:11:24.0335 0x1174  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
22:11:27.0408 0x1174  Drive \Device\Harddisk1\DR1 - Size: 0x12A1E0DE00 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:11:27.0417 0x1174  ============================================================
22:11:27.0417 0x1174  \Device\Harddisk0\DR0:
22:11:27.0433 0x1174  MBR partitions:
22:11:27.0433 0x1174  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:11:27.0433 0x1174  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31C800
22:11:27.0434 0x1174  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC34F2CC, BlocksNum 0x10E752B5
22:11:27.0434 0x1174  \Device\Harddisk1\DR1:
22:11:27.0434 0x1174  MBR partitions:
22:11:27.0434 0x1174  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x50014A7
22:11:27.0450 0x1174  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x5001525, BlocksNum 0x45090DB
22:11:27.0450 0x1174  ============================================================
22:11:27.0479 0x1174  C: <-> \Device\Harddisk0\DR0\Partition2
22:11:27.0508 0x1174  D: <-> \Device\Harddisk1\DR1\Partition1
22:11:27.0541 0x1174  E: <-> \Device\Harddisk1\DR1\Partition2
22:11:27.0578 0x1174  F: <-> \Device\Harddisk0\DR0\Partition3
22:11:27.0578 0x1174  ============================================================
22:11:27.0578 0x1174  Initialize success
22:11:27.0578 0x1174  ============================================================
22:11:37.0969 0x0d84  ============================================================
22:11:37.0969 0x0d84  Scan started
22:11:37.0969 0x0d84  Mode: Manual; 
22:11:37.0969 0x0d84  ============================================================
22:11:37.0969 0x0d84  KSN ping started
22:11:51.0966 0x0d84  KSN ping finished: true
22:11:54.0161 0x0d84  ================ Scan system memory ========================
22:11:54.0161 0x0d84  System memory - ok
22:11:54.0162 0x0d84  ================ Scan services =============================
22:11:54.0367 0x0d84  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
22:11:54.0383 0x0d84  1394ohci - ok
22:11:54.0499 0x0d84  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:11:54.0514 0x0d84  ACPI - ok
22:11:54.0543 0x0d84  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:11:54.0547 0x0d84  AcpiPmi - ok
22:11:54.0629 0x0d84  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:11:54.0636 0x0d84  AdobeARMservice - ok
22:11:54.0718 0x0d84  [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:11:54.0731 0x0d84  AdobeFlashPlayerUpdateSvc - ok
22:11:54.0818 0x0d84  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:11:54.0845 0x0d84  adp94xx - ok
22:11:54.0887 0x0d84  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:11:54.0903 0x0d84  adpahci - ok
22:11:54.0934 0x0d84  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:11:54.0944 0x0d84  adpu320 - ok
22:11:55.0047 0x0d84  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:11:55.0051 0x0d84  AeLookupSvc - ok
22:11:55.0112 0x0d84  [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD             C:\Windows\system32\drivers\afd.sys
22:11:55.0125 0x0d84  AFD - ok
22:11:55.0163 0x0d84  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
22:11:55.0167 0x0d84  agp440 - ok
22:11:55.0199 0x0d84  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
22:11:55.0205 0x0d84  aic78xx - ok
22:11:55.0236 0x0d84  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
22:11:55.0241 0x0d84  ALG - ok
22:11:55.0286 0x0d84  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:11:55.0290 0x0d84  aliide - ok
22:11:55.0313 0x0d84  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
22:11:55.0318 0x0d84  amdagp - ok
22:11:55.0365 0x0d84  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
22:11:55.0369 0x0d84  amdide - ok
22:11:55.0392 0x0d84  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:11:55.0399 0x0d84  AmdK8 - ok
22:11:55.0425 0x0d84  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
22:11:55.0434 0x0d84  AmdPPM - ok
22:11:55.0466 0x0d84  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:11:55.0472 0x0d84  amdsata - ok
22:11:55.0516 0x0d84  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
22:11:55.0534 0x0d84  amdsbs - ok
22:11:55.0555 0x0d84  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:11:55.0558 0x0d84  amdxata - ok
22:11:55.0585 0x0d84  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
22:11:55.0590 0x0d84  AppID - ok
22:11:55.0631 0x0d84  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:11:55.0635 0x0d84  AppIDSvc - ok
22:11:55.0694 0x0d84  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
22:11:55.0699 0x0d84  Appinfo - ok
22:11:55.0724 0x0d84  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\drivers\arc.sys
22:11:55.0731 0x0d84  arc - ok
22:11:55.0753 0x0d84  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:11:55.0759 0x0d84  arcsas - ok
22:11:55.0876 0x0d84  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:11:55.0881 0x0d84  aspnet_state - ok
22:11:55.0916 0x0d84  [ 4AF5F360BA1E8794D32B366E45A64A0A, 6AF5410168E06A6895237183AA9769576031FAF412ABFC46572A013432BE1F86 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
22:11:55.0932 0x0d84  aswFsBlk - ok
22:11:55.0956 0x0d84  [ 1F7094D4268D46F718C51286DC189791, 4820C1417876C45EBC1C33C66265AC16A6A016599256DDBA45D4D6E147DDE8A0 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
22:11:55.0960 0x0d84  aswMonFlt - ok
22:11:55.0984 0x0d84  [ FFE9A993B3EC2908FECB1DF2C39148BB, DD04D2DE54E9630CDE929E0513D3EE7C3D8EFFC40D559C8D63287A34C9E5C00A ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
22:11:55.0989 0x0d84  aswRdr - ok
22:11:56.0050 0x0d84  [ B680134BA1813B78B47FDD1DFF223CA5, 51B749766B8D1E75F8D652A9BDB8839A95A2637B05E1B2BFF4FF8B0E77A02D50 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
22:11:56.0054 0x0d84  aswRvrt - ok
22:11:56.0112 0x0d84  [ CCD565A8A72AF7D45F9A242013870926, 7E5A0EA32C5BAEA25C093A270CFEEE21E57272BC79221BDA58DDBF1CD9E9868C ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
22:11:56.0142 0x0d84  aswSnx - ok
22:11:56.0188 0x0d84  [ 937300BC7C4CDF7576BCCE44E19BBB9D, 2275DE904940042421D8A33ACC8C0E1C7FAED7E59FA4658938FB8DBE6D624634 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
22:11:56.0213 0x0d84  aswSP - ok
22:11:56.0245 0x0d84  [ 1F71F170D90E42EFDE9633D81D5E12DC, 62053E412F8269B4E906E482B905CADCFEA0D3296B525C1141944D5EA9B227A8 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
22:11:56.0251 0x0d84  aswTdi - ok
22:11:56.0297 0x0d84  [ 8CFAA2B965773A653F48F1207A9CB9C4, A4A58FAF10BB174A0400F3A25912A497300E5EEDF54B93B44FA67CA191047D06 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
22:11:56.0313 0x0d84  aswVmm - ok
22:11:56.0344 0x0d84  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:11:56.0349 0x0d84  AsyncMac - ok
22:11:56.0391 0x0d84  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
22:11:56.0393 0x0d84  atapi - ok
22:11:56.0474 0x0d84  [ 547F07839F71A4357A5E503646CAC2B0, 05FF433B76D5DB40C073F84565D037436DA94B85ABFF1FC84F1468F6EB19C03D ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
22:11:56.0479 0x0d84  atksgt - ok
22:11:56.0540 0x0d84  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:11:56.0566 0x0d84  AudioEndpointBuilder - ok
22:11:56.0608 0x0d84  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
22:11:56.0624 0x0d84  Audiosrv - ok
22:11:56.0673 0x0d84  [ 28D6701C710AD7BA3CB95E75F8F1A9AA, 66EE8BC56E5043B5A84E1BA37D591EAD132BD949F03CA8092FDCC3E196AB39D0 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:11:56.0678 0x0d84  avast! Antivirus - ok
22:11:56.0716 0x0d84  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:11:56.0722 0x0d84  AxInstSV - ok
22:11:56.0805 0x0d84  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
22:11:56.0830 0x0d84  b06bdrv - ok
22:11:56.0881 0x0d84  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
22:11:56.0899 0x0d84  b57nd60x - ok
22:11:56.0946 0x0d84  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
22:11:56.0954 0x0d84  BDESVC - ok
22:11:56.0982 0x0d84  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:11:56.0986 0x0d84  Beep - ok
22:11:57.0037 0x0d84  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
22:11:57.0103 0x0d84  BFE - ok
22:11:57.0156 0x0d84  BITCOMET_HELPER_SERVICE - ok
22:11:57.0220 0x0d84  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
22:11:57.0255 0x0d84  BITS - ok
22:11:57.0296 0x0d84  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:11:57.0309 0x0d84  blbdrive - ok
22:11:57.0347 0x0d84  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:11:57.0354 0x0d84  bowser - ok
22:11:57.0384 0x0d84  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
22:11:57.0388 0x0d84  BrFiltLo - ok
22:11:57.0414 0x0d84  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
22:11:57.0425 0x0d84  BrFiltUp - ok
22:11:57.0464 0x0d84  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
22:11:57.0472 0x0d84  Browser - ok
22:11:57.0532 0x0d84  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:11:57.0547 0x0d84  Brserid - ok
22:11:57.0587 0x0d84  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:11:57.0592 0x0d84  BrSerWdm - ok
22:11:57.0618 0x0d84  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:11:57.0621 0x0d84  BrUsbMdm - ok
22:11:57.0643 0x0d84  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:11:57.0646 0x0d84  BrUsbSer - ok
22:11:57.0762 0x0d84  [ 8779C3C1A4BF6526F8655D07B736E60B, 02F6A33355C348A49EA7CE84B644CB7CA7A201FC4D7B371EEE3CDAD5CB3AD5B2 ] BstHdAndroidSvc C:\Program Files\BlueStacks\HD-Service.exe
22:11:57.0782 0x0d84  BstHdAndroidSvc - ok
22:11:57.0861 0x0d84  [ 542F7EF024C68DC21715B4D8F1BF3B98, 420D685E02FCDF0E476326EB06B3927E83D9417B46AB5827A6DCFB6EB76D7B4F ] BstHdDrv        C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys
22:11:57.0868 0x0d84  BstHdDrv - ok
22:11:57.0958 0x0d84  [ D4D0C20A704E7F2461972D4B09C99B2F, F80BBCB9604CF1956DBE8F200EB96603E9573D55C4FB31B42DAD877852E93CEF ] BstHdLogRotatorSvc C:\Program Files\BlueStacks\HD-LogRotatorService.exe
22:11:57.0974 0x0d84  BstHdLogRotatorSvc - ok
22:11:58.0053 0x0d84  [ 253D86E6CEEFB5828C3DFF14D855E6C6, AFB750345809D1E0EBDC7BC24B05B0A08F0F576586CB2AF0E58C7DA7195FA45B ] BstHdUpdaterSvc C:\Program Files\BlueStacks\HD-UpdaterService.exe
22:11:58.0093 0x0d84  BstHdUpdaterSvc - ok
22:11:58.0126 0x0d84  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:11:58.0131 0x0d84  BTHMODEM - ok
22:11:58.0179 0x0d84  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
22:11:58.0186 0x0d84  bthserv - ok
22:11:58.0213 0x0d84  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:11:58.0220 0x0d84  cdfs - ok
22:11:58.0296 0x0d84  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:11:58.0304 0x0d84  cdrom - ok
22:11:58.0349 0x0d84  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
22:11:58.0356 0x0d84  CertPropSvc - ok
22:11:58.0385 0x0d84  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\drivers\circlass.sys
22:11:58.0390 0x0d84  circlass - ok
22:11:58.0431 0x0d84  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
22:11:58.0444 0x0d84  CLFS - ok
22:11:58.0513 0x0d84  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:11:58.0519 0x0d84  clr_optimization_v2.0.50727_32 - ok
22:11:58.0601 0x0d84  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:11:58.0608 0x0d84  clr_optimization_v4.0.30319_32 - ok
22:11:58.0652 0x0d84  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
22:11:58.0656 0x0d84  CmBatt - ok
22:11:58.0693 0x0d84  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:11:58.0696 0x0d84  cmdide - ok
22:11:58.0757 0x0d84  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
22:11:58.0783 0x0d84  CNG - ok
22:11:58.0819 0x0d84  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
22:11:58.0824 0x0d84  Compbatt - ok
22:11:58.0854 0x0d84  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
22:11:58.0858 0x0d84  CompositeBus - ok
22:11:58.0879 0x0d84  COMSysApp - ok
22:11:58.0912 0x0d84  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:11:58.0916 0x0d84  crcdisk - ok
22:11:58.0995 0x0d84  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:11:59.0020 0x0d84  CryptSvc - ok
22:11:59.0207 0x0d84  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:11:59.0243 0x0d84  cvhsvc - ok
22:11:59.0313 0x0d84  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:11:59.0340 0x0d84  DcomLaunch - ok
22:11:59.0392 0x0d84  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
22:11:59.0408 0x0d84  defragsvc - ok
22:11:59.0440 0x0d84  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:11:59.0454 0x0d84  DfsC - ok
22:11:59.0493 0x0d84  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:11:59.0507 0x0d84  Dhcp - ok
22:11:59.0530 0x0d84  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
22:11:59.0534 0x0d84  discache - ok
22:11:59.0573 0x0d84  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\drivers\disk.sys
22:11:59.0577 0x0d84  Disk - ok
22:11:59.0612 0x0d84  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:11:59.0623 0x0d84  Dnscache - ok
22:11:59.0667 0x0d84  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:11:59.0681 0x0d84  dot3svc - ok
22:11:59.0722 0x0d84  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
22:11:59.0735 0x0d84  DPS - ok
22:11:59.0790 0x0d84  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:11:59.0792 0x0d84  drmkaud - ok
22:11:59.0839 0x0d84  [ 687AF6BB383885FF6A64071B189A7F3E, 1C751B8DD27F63E88D0223A8434CED7589AC00EC6275938C59D1B954F0354F78 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:11:59.0872 0x0d84  dtsoftbus01 - ok
22:11:59.0955 0x0d84  [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:11:59.0997 0x0d84  DXGKrnl - ok
22:12:00.0019 0x0d84  EagleXNt - ok
22:12:00.0059 0x0d84  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
22:12:00.0067 0x0d84  EapHost - ok
22:12:00.0234 0x0d84  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
22:12:00.0378 0x0d84  ebdrv - ok
22:12:00.0438 0x0d84  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] EFS             C:\Windows\System32\lsass.exe
22:12:00.0572 0x0d84  EFS - ok
22:12:00.0648 0x0d84  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:12:00.0669 0x0d84  ehRecvr - ok
22:12:00.0698 0x0d84  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
22:12:00.0704 0x0d84  ehSched - ok
22:12:00.0761 0x0d84  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:12:00.0788 0x0d84  elxstor - ok
22:12:00.0817 0x0d84  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:12:00.0820 0x0d84  ErrDev - ok
22:12:00.0919 0x0d84  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
22:12:00.0945 0x0d84  EventSystem - ok
22:12:00.0995 0x0d84  [ 76984D46B2ABAA46F8B3FCEF82C9217D, F9DE3AADF3B3F9AC2485064D5601BE2693319C434D7406BE02BC7F80F8096A7A ] EverestDriver   C:\Program Files\EVEREST Home Edition\kerneld.wnt
22:12:00.0997 0x0d84  EverestDriver - ok
22:12:01.0034 0x0d84  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
22:12:01.0050 0x0d84  exfat - ok
22:12:01.0079 0x0d84  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:12:01.0087 0x0d84  fastfat - ok
22:12:01.0142 0x0d84  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
22:12:01.0175 0x0d84  Fax - ok
22:12:01.0225 0x0d84  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:12:01.0229 0x0d84  fdc - ok
22:12:01.0261 0x0d84  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
22:12:01.0267 0x0d84  fdPHost - ok
22:12:01.0297 0x0d84  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:12:01.0311 0x0d84  FDResPub - ok
22:12:01.0339 0x0d84  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:12:01.0347 0x0d84  FileInfo - ok
22:12:01.0377 0x0d84  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:12:01.0384 0x0d84  Filetrace - ok
22:12:01.0413 0x0d84  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:12:01.0416 0x0d84  flpydisk - ok
22:12:01.0451 0x0d84  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:12:01.0468 0x0d84  FltMgr - ok
22:12:01.0549 0x0d84  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
22:12:01.0627 0x0d84  FontCache - ok
22:12:01.0688 0x0d84  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:12:01.0697 0x0d84  FontCache3.0.0.0 - ok
22:12:01.0730 0x0d84  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:12:01.0734 0x0d84  FsDepends - ok
22:12:01.0776 0x0d84  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:12:01.0784 0x0d84  Fs_Rec - ok
22:12:01.0848 0x0d84  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:12:01.0865 0x0d84  fvevol - ok
22:12:01.0929 0x0d84  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:12:01.0941 0x0d84  gagp30kx - ok
22:12:02.0204 0x0d84  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:12:02.0272 0x0d84  gpsvc - ok
22:12:02.0348 0x0d84  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
22:12:02.0355 0x0d84  gupdate - ok
22:12:02.0381 0x0d84  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
22:12:02.0386 0x0d84  gupdatem - ok
22:12:02.0416 0x0d84  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:12:02.0419 0x0d84  hcw85cir - ok
22:12:02.0463 0x0d84  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:12:02.0480 0x0d84  HdAudAddService - ok
22:12:02.0513 0x0d84  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:12:02.0520 0x0d84  HDAudBus - ok
22:12:02.0548 0x0d84  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
22:12:02.0551 0x0d84  HidBatt - ok
22:12:02.0599 0x0d84  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:12:02.0612 0x0d84  HidBth - ok
22:12:02.0646 0x0d84  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:12:02.0652 0x0d84  HidIr - ok
22:12:02.0693 0x0d84  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
22:12:02.0708 0x0d84  hidserv - ok
22:12:02.0755 0x0d84  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
22:12:02.0758 0x0d84  HidUsb - ok
22:12:02.0796 0x0d84  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:12:02.0813 0x0d84  hkmsvc - ok
22:12:02.0848 0x0d84  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:12:02.0869 0x0d84  HomeGroupListener - ok
22:12:02.0914 0x0d84  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:12:02.0938 0x0d84  HomeGroupProvider - ok
22:12:03.0021 0x0d84  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:12:03.0027 0x0d84  HpSAMD - ok
22:12:03.0148 0x0d84  [ 44A86ACCA8530CC6002F83F701BA7484, 50B9E3C9A7D3F99AC621989707D5F75FBFBCB643D469E9A183F436C53F971652 ] hshld           C:\Program Files\Hotspot Shield\bin\cmw_srv.exe
22:12:03.0190 0x0d84  hshld - ok
22:12:03.0246 0x0d84  [ 514C22A94AF4EC5A15D030640D5CE115, E852D58A7ADFD493C03195DD3F957D045DC4C3FB120C0DCD9DBA8C1CC9DFCC20 ] HssDRV6         C:\Windows\system32\DRIVERS\hssdrv6.sys
22:12:03.0250 0x0d84  HssDRV6 - ok
22:12:03.0313 0x0d84  [ 8EA9CE2B1AC604A8995834E9B8F1E0DD, 0B9542A202D7802889B21D91339646C08692E1062A17201B21FAA084F59B1E60 ] HssTrayService  C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
22:12:03.0319 0x0d84  HssTrayService - ok
22:12:03.0368 0x0d84  [ 67A2B219D8D91C1BC66A6A5EF507CE6C, 0FEB240B23B5E24D895344CD610D9859B35B807B541988579A553691D26B65C4 ] HssWd           C:\Program Files\Hotspot Shield\bin\hsswd.exe
22:12:03.0400 0x0d84  HssWd - ok
22:12:03.0452 0x0d84  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:12:03.0479 0x0d84  HTTP - ok
22:12:03.0509 0x0d84  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:12:03.0511 0x0d84  hwpolicy - ok
22:12:03.0549 0x0d84  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:12:03.0554 0x0d84  i8042prt - ok
22:12:03.0607 0x0d84  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:12:03.0633 0x0d84  iaStorV - ok
22:12:03.0718 0x0d84  [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:12:03.0758 0x0d84  idsvc - ok
22:12:03.0803 0x0d84  IEEtwCollectorService - ok
22:12:03.0841 0x0d84  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:12:03.0848 0x0d84  iirsp - ok
22:12:03.0922 0x0d84  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
22:12:03.0970 0x0d84  IKEEXT - ok
22:12:04.0208 0x0d84  [ F586FEBDECF0F3AA9BC89772BD4C3F3D, E630DEF7253C547487929DFD775C2E00C54FA415DE822F1D00A3BA5B3A4ABC8C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:12:04.0364 0x0d84  IntcAzAudAddService - ok
22:12:04.0442 0x0d84  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:12:04.0447 0x0d84  intelide - ok
22:12:04.0487 0x0d84  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:12:04.0492 0x0d84  intelppm - ok
22:12:04.0552 0x0d84  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:12:04.0572 0x0d84  IPBusEnum - ok
22:12:04.0601 0x0d84  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:12:04.0607 0x0d84  IpFilterDriver - ok
22:12:04.0664 0x0d84  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:12:04.0702 0x0d84  iphlpsvc - ok
22:12:04.0739 0x0d84  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:12:04.0746 0x0d84  IPMIDRV - ok
22:12:04.0777 0x0d84  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:12:04.0786 0x0d84  IPNAT - ok
22:12:04.0813 0x0d84  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:12:04.0819 0x0d84  IRENUM - ok
22:12:04.0850 0x0d84  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:12:04.0857 0x0d84  isapnp - ok
22:12:04.0892 0x0d84  [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:12:04.0907 0x0d84  iScsiPrt - ok
22:12:04.0937 0x0d84  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:12:04.0942 0x0d84  kbdclass - ok
22:12:04.0969 0x0d84  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:12:04.0973 0x0d84  kbdhid - ok
22:12:05.0002 0x0d84  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] KeyIso          C:\Windows\system32\lsass.exe
22:12:05.0011 0x0d84  KeyIso - ok
22:12:05.0062 0x0d84  [ F286830298323272260332D6ABC905C1, FF4CD182A95CA53119B228690D682EE9214BE131A0DBCB09B6189FBEBBFF902C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:12:05.0070 0x0d84  KSecDD - ok
22:12:05.0115 0x0d84  [ D7C760D57B1656DD748B9E4AB6CB5A51, F8AE4185A6A9F7005DEFF1FDC03F395C6189825B482B8C650637FD29DE93AB68 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:12:05.0128 0x0d84  KSecPkg - ok
22:12:05.0181 0x0d84  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:12:05.0208 0x0d84  KtmRm - ok
22:12:05.0255 0x0d84  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:12:05.0272 0x0d84  LanmanServer - ok
22:12:05.0308 0x0d84  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:12:05.0324 0x0d84  LanmanWorkstation - ok
22:12:05.0445 0x0d84  [ F8A7212D0864EF5E9185FB95E6623F4D, 277EAA06BD3D1CB31E6CD7B9ECD3A4B7D4AB7A369DB5FFF04EC7D749DF26E3D2 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
22:12:05.0449 0x0d84  lirsgt - ok
22:12:05.0502 0x0d84  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:12:05.0507 0x0d84  lltdio - ok
22:12:05.0556 0x0d84  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:12:05.0572 0x0d84  lltdsvc - ok
22:12:05.0611 0x0d84  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:12:05.0627 0x0d84  lmhosts - ok
22:12:05.0668 0x0d84  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:12:05.0675 0x0d84  LSI_FC - ok
22:12:05.0707 0x0d84  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:12:05.0713 0x0d84  LSI_SAS - ok
22:12:05.0739 0x0d84  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
22:12:05.0744 0x0d84  LSI_SAS2 - ok
22:12:05.0774 0x0d84  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:12:05.0781 0x0d84  LSI_SCSI - ok
22:12:05.0852 0x0d84  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
22:12:05.0858 0x0d84  luafv - ok
22:12:05.0905 0x0d84  [ D8C0B2EB928D57C928522EFF500C4BA8, B7261AB2DD262140489087C1A8F1A1DA5EE6373D453E5BC8A3F7B93A5540CE6C ] ManyCam         C:\Windows\system32\DRIVERS\mcvidrv.sys
22:12:05.0909 0x0d84  ManyCam - ok
22:12:05.0973 0x0d84  [ DFAA87E30868FE4CB7D335837A4BF39C, 7BB65D4DC5CA2A4B4FE531F23E217CFA8BCFFE20E78BF18B04486345FC1E0B6E ] mcaudrv_simple  C:\Windows\system32\drivers\mcaudrv.sys
22:12:05.0977 0x0d84  mcaudrv_simple - ok
22:12:06.0015 0x0d84  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:12:06.0027 0x0d84  Mcx2Svc - ok
22:12:06.0069 0x0d84  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\drivers\megasas.sys
22:12:06.0074 0x0d84  megasas - ok
22:12:06.0108 0x0d84  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
22:12:06.0125 0x0d84  MegaSR - ok
22:12:06.0170 0x0d84  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
22:12:06.0188 0x0d84  MMCSS - ok
22:12:06.0220 0x0d84  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
22:12:06.0224 0x0d84  Modem - ok
22:12:06.0261 0x0d84  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:12:06.0265 0x0d84  monitor - ok
22:12:06.0291 0x0d84  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:12:06.0294 0x0d84  mouclass - ok
22:12:06.0327 0x0d84  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:12:06.0331 0x0d84  mouhid - ok
22:12:06.0365 0x0d84  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:12:06.0372 0x0d84  mountmgr - ok
22:12:06.0417 0x0d84  [ 825BF0E46B4470A463AEB641480C5FCA, 321F37EA5D2AF7E3F55399ABE94AC3788B90E254E4A6859059C6BB1C6BEF19D0 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:12:06.0433 0x0d84  MozillaMaintenance - ok
22:12:06.0489 0x0d84  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:12:06.0498 0x0d84  mpio - ok
22:12:06.0542 0x0d84  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:12:06.0552 0x0d84  mpsdrv - ok
22:12:06.0625 0x0d84  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:12:06.0664 0x0d84  MpsSvc - ok
22:12:06.0732 0x0d84  [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:12:06.0749 0x0d84  MRxDAV - ok
22:12:06.0788 0x0d84  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:12:06.0803 0x0d84  mrxsmb - ok
22:12:06.0841 0x0d84  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:12:06.0859 0x0d84  mrxsmb10 - ok
22:12:06.0889 0x0d84  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:12:06.0907 0x0d84  mrxsmb20 - ok
22:12:06.0940 0x0d84  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:12:06.0944 0x0d84  msahci - ok
22:12:06.0995 0x0d84  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:12:07.0003 0x0d84  msdsm - ok
22:12:07.0038 0x0d84  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
22:12:07.0053 0x0d84  MSDTC - ok
22:12:07.0117 0x0d84  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:12:07.0122 0x0d84  Msfs - ok
22:12:07.0150 0x0d84  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:12:07.0157 0x0d84  mshidkmdf - ok
22:12:07.0188 0x0d84  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:12:07.0192 0x0d84  msisadrv - ok
22:12:07.0242 0x0d84  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:12:07.0252 0x0d84  MSiSCSI - ok
22:12:07.0271 0x0d84  msiserver - ok
22:12:07.0309 0x0d84  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:12:07.0315 0x0d84  MSKSSRV - ok
22:12:07.0342 0x0d84  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:12:07.0346 0x0d84  MSPCLOCK - ok
22:12:07.0373 0x0d84  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:12:07.0376 0x0d84  MSPQM - ok
22:12:07.0410 0x0d84  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:12:07.0418 0x0d84  MsRPC - ok
22:12:07.0461 0x0d84  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:12:07.0465 0x0d84  mssmbios - ok
22:12:07.0490 0x0d84  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:12:07.0493 0x0d84  MSTEE - ok
22:12:07.0515 0x0d84  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
22:12:07.0518 0x0d84  MTConfig - ok
22:12:07.0541 0x0d84  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:12:07.0546 0x0d84  Mup - ok
22:12:07.0594 0x0d84  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
22:12:07.0644 0x0d84  napagent - ok
22:12:07.0682 0x0d84  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:12:07.0698 0x0d84  NativeWifiP - ok
22:12:07.0773 0x0d84  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:12:07.0810 0x0d84  NDIS - ok
22:12:07.0846 0x0d84  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:12:07.0850 0x0d84  NdisCap - ok
22:12:07.0944 0x0d84  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:12:07.0949 0x0d84  NdisTapi - ok
22:12:07.0974 0x0d84  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:12:07.0980 0x0d84  Ndisuio - ok
22:12:08.0018 0x0d84  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:12:08.0027 0x0d84  NdisWan - ok
22:12:08.0063 0x0d84  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:12:08.0069 0x0d84  NDProxy - ok
22:12:08.0115 0x0d84  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:12:08.0120 0x0d84  NetBIOS - ok
22:12:08.0162 0x0d84  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:12:08.0179 0x0d84  NetBT - ok
22:12:08.0209 0x0d84  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] Netlogon        C:\Windows\system32\lsass.exe
22:12:08.0218 0x0d84  Netlogon - ok
22:12:08.0301 0x0d84  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
22:12:08.0330 0x0d84  Netman - ok
22:12:08.0401 0x0d84  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:12:08.0418 0x0d84  NetMsmqActivator - ok
22:12:08.0459 0x0d84  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:12:08.0465 0x0d84  NetPipeActivator - ok
22:12:08.0519 0x0d84  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
22:12:08.0546 0x0d84  netprofm - ok
22:12:08.0584 0x0d84  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:12:08.0590 0x0d84  NetTcpActivator - ok
22:12:08.0638 0x0d84  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:12:08.0647 0x0d84  NetTcpPortSharing - ok
22:12:08.0694 0x0d84  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:12:08.0699 0x0d84  nfrd960 - ok
22:12:08.0749 0x0d84  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:12:08.0774 0x0d84  NlaSvc - ok
22:12:08.0806 0x0d84  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:12:08.0815 0x0d84  Npfs - ok
22:12:08.0851 0x0d84  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
22:12:08.0860 0x0d84  nsi - ok
22:12:08.0897 0x0d84  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:12:08.0900 0x0d84  nsiproxy - ok
22:12:09.0014 0x0d84  [ 5E43D2B0EE64123D4880DFA6626DEFDE, 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:12:09.0077 0x0d84  Ntfs - ok
22:12:09.0103 0x0d84  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
22:12:09.0106 0x0d84  Null - ok
22:12:09.0729 0x0d84  [ 50199B0578F7A4ADD5E16A42946CF34B, D4CB42C4FC42355BE007088FBB60B2B773188AB81FB9111861C0682DBCD79EFD ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:12:10.0299 0x0d84  nvlddmkm - ok
22:12:10.0488 0x0d84  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:12:10.0496 0x0d84  nvraid - ok
22:12:10.0544 0x0d84  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:12:10.0555 0x0d84  nvstor - ok
22:12:11.0407 0x0d84  [ 4D287BC6BAACA3983D8398391EB61764, 2FDC85173D1270E03F9587B42C699A211CFC7ED3D7B4DC9BF3718F939B406B97 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
22:12:12.0116 0x0d84  NvStreamSvc - ok
22:12:12.0355 0x0d84  [ 4BD107E339C9955708FA35A96BB8A8A8, 540A2C12B844491F5089CAEDA0EA57DAE03471081866AE1A08C5E65E592F772B ] nvsvc           C:\Windows\system32\nvvsvc.exe
22:12:12.0403 0x0d84  nvsvc - ok
22:12:12.0608 0x0d84  [ 815290E27B7B7D12AF013638819BE1B6, 83078B422954BBF9FFEF606EB1788EC78A1F69E7FF99F0588B72A07873797C98 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:12:12.0689 0x0d84  nvUpdatusService - ok
22:12:12.0749 0x0d84  [ 9AD1ABCD0CDC3C840EE7BFE3E4ED3830, C7BA8BCA9ADE235E20F4CB55F37204B5BDA5989D7E130589566C0934B052D63F ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad32v.sys
22:12:12.0753 0x0d84  nvvad_WaveExtensible - ok
22:12:12.0792 0x0d84  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:12:12.0801 0x0d84  nv_agp - ok
22:12:12.0831 0x0d84  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:12:12.0837 0x0d84  ohci1394 - ok
22:12:12.0917 0x0d84  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:12:12.0926 0x0d84  ose - ok
22:12:13.0216 0x0d84  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:12:13.0439 0x0d84  osppsvc - ok
22:12:13.0505 0x0d84  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:12:13.0530 0x0d84  p2pimsvc - ok
22:12:13.0584 0x0d84  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:12:13.0610 0x0d84  p2psvc - ok
22:12:13.0659 0x0d84  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:12:13.0666 0x0d84  Parport - ok
22:12:13.0704 0x0d84  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:12:13.0708 0x0d84  partmgr - ok
22:12:13.0733 0x0d84  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
22:12:13.0739 0x0d84  Parvdm - ok
22:12:13.0773 0x0d84  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:12:13.0789 0x0d84  PcaSvc - ok
22:12:13.0823 0x0d84  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
22:12:13.0839 0x0d84  pci - ok
22:12:13.0878 0x0d84  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
22:12:13.0881 0x0d84  pciide - ok
22:12:13.0924 0x0d84  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:12:13.0942 0x0d84  pcmcia - ok
22:12:13.0963 0x0d84  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:12:13.0992 0x0d84  pcw - ok
22:12:14.0039 0x0d84  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:12:14.0071 0x0d84  PEAUTH - ok
22:12:14.0215 0x0d84  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
22:12:14.0293 0x0d84  pla - ok
22:12:14.0357 0x0d84  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:12:14.0380 0x0d84  PlugPlay - ok
22:12:14.0430 0x0d84  [ 3A2BDD76E7D2A5F40A7174793D1BA794, 029EE2C2F71AEC7906600EEC4F855DC5648C1ECF53F11426079B04591F24D067 ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
22:12:14.0447 0x0d84  PnkBstrA - ok
22:12:14.0501 0x0d84  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:12:14.0518 0x0d84  PNRPAutoReg - ok
22:12:14.0554 0x0d84  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:12:14.0571 0x0d84  PNRPsvc - ok
22:12:14.0625 0x0d84  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:12:14.0651 0x0d84  PolicyAgent - ok
22:12:14.0725 0x0d84  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
22:12:14.0741 0x0d84  Power - ok
22:12:14.0787 0x0d84  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:12:14.0795 0x0d84  PptpMiniport - ok
22:12:14.0833 0x0d84  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\drivers\processr.sys
22:12:14.0838 0x0d84  Processor - ok
22:12:14.0884 0x0d84  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:12:14.0910 0x0d84  ProfSvc - ok
22:12:14.0948 0x0d84  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:12:14.0966 0x0d84  ProtectedStorage - ok
22:12:14.0999 0x0d84  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:12:15.0006 0x0d84  Psched - ok
22:12:15.0111 0x0d84  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:12:15.0172 0x0d84  ql2300 - ok
22:12:15.0226 0x0d84  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:12:15.0233 0x0d84  ql40xx - ok
22:12:15.0281 0x0d84  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
22:12:15.0307 0x0d84  QWAVE - ok
22:12:15.0333 0x0d84  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:12:15.0340 0x0d84  QWAVEdrv - ok
22:12:15.0377 0x0d84  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:12:15.0380 0x0d84  RasAcd - ok
22:12:15.0416 0x0d84  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:12:15.0422 0x0d84  RasAgileVpn - ok
22:12:15.0454 0x0d84  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
22:12:15.0470 0x0d84  RasAuto - ok
22:12:15.0508 0x0d84  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:12:15.0521 0x0d84  Rasl2tp - ok
22:12:15.0579 0x0d84  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
22:12:15.0614 0x0d84  RasMan - ok
22:12:15.0649 0x0d84  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:12:15.0654 0x0d84  RasPppoe - ok
22:12:15.0685 0x0d84  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:12:15.0697 0x0d84  RasSstp - ok
22:12:15.0741 0x0d84  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:12:15.0756 0x0d84  rdbss - ok
22:12:15.0809 0x0d84  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
22:12:15.0813 0x0d84  rdpbus - ok
22:12:15.0849 0x0d84  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:12:15.0852 0x0d84  RDPCDD - ok
22:12:15.0893 0x0d84  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:12:15.0896 0x0d84  RDPENCDD - ok
22:12:15.0931 0x0d84  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:12:15.0934 0x0d84  RDPREFMP - ok
22:12:16.0006 0x0d84  [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:12:16.0019 0x0d84  RDPWD - ok
22:12:16.0062 0x0d84  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:12:16.0074 0x0d84  rdyboost - ok
22:12:16.0127 0x0d84  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:12:16.0144 0x0d84  RemoteAccess - ok
22:12:16.0187 0x0d84  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:12:16.0212 0x0d84  RemoteRegistry - ok
22:12:16.0239 0x0d84  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:12:16.0256 0x0d84  RpcEptMapper - ok
22:12:16.0296 0x0d84  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
22:12:16.0327 0x0d84  RpcLocator - ok
22:12:16.0373 0x0d84  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
22:12:16.0395 0x0d84  RpcSs - ok
22:12:16.0435 0x0d84  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:12:16.0442 0x0d84  rspndr - ok
22:12:16.0471 0x0d84  [ 7DFD48E24479B68B258D8770121155A0, 3B5F7309403C46855DB888CF2058B07C9029690DBC7FB3224BAC7BE5547D2D57 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
22:12:16.0489 0x0d84  RTL8167 - ok
22:12:16.0514 0x0d84  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] SamSs           C:\Windows\system32\lsass.exe
22:12:16.0521 0x0d84  SamSs - ok
22:12:16.0553 0x0d84  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:12:16.0561 0x0d84  sbp2port - ok
22:12:16.0606 0x0d84  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:12:16.0631 0x0d84  SCardSvr - ok
22:12:16.0671 0x0d84  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:12:16.0677 0x0d84  scfilter - ok
22:12:16.0741 0x0d84  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
22:12:16.0792 0x0d84  Schedule - ok
22:12:16.0902 0x0d84  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:12:16.0907 0x0d84  SCPolicySvc - ok
22:12:16.0979 0x0d84  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:12:16.0995 0x0d84  SDRSVC - ok
22:12:17.0034 0x0d84  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:12:17.0039 0x0d84  secdrv - ok
22:12:17.0071 0x0d84  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
22:12:17.0083 0x0d84  seclogon - ok
22:12:17.0119 0x0d84  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
22:12:17.0131 0x0d84  SENS - ok
22:12:17.0168 0x0d84  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:12:17.0180 0x0d84  SensrSvc - ok
22:12:17.0250 0x0d84  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:12:17.0253 0x0d84  Serenum - ok
22:12:17.0283 0x0d84  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:12:17.0289 0x0d84  Serial - ok
22:12:17.0320 0x0d84  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:12:17.0324 0x0d84  sermouse - ok
22:12:17.0400 0x0d84  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:12:17.0417 0x0d84  SessionEnv - ok
22:12:17.0452 0x0d84  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:12:17.0466 0x0d84  sffdisk - ok
22:12:17.0497 0x0d84  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:12:17.0500 0x0d84  sffp_mmc - ok
22:12:17.0532 0x0d84  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:12:17.0536 0x0d84  sffp_sd - ok
22:12:17.0561 0x0d84  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:12:17.0565 0x0d84  sfloppy - ok
22:12:17.0703 0x0d84  [ F6C80D43D4724B0CCC29187B400654BF, 696D2D3873DEED1B13A889FADEDB6836FBA6E59EA26D0E2D61F123FE8FB040D5 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfswin7.sys
22:12:17.0735 0x0d84  Sftfs - ok
22:12:17.0812 0x0d84  [ 1AEBDC693C74EA55FE05D51FA6573EBC, 92E3A6C8D3B5193BD2831DD47C4C58419F72ABC2C21C71A9A690CCFC2D05CBB0 ] sftlist         C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
22:12:17.0838 0x0d84  sftlist - ok
22:12:17.0885 0x0d84  [ 77D865B6272A650CF161DC85F037CE2D, DC303C3F216DDB017F3BC5409F0E643F065C165CD167E2DC15EF82DD0C140136 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaywin7.sys
22:12:17.0898 0x0d84  Sftplay - ok
22:12:17.0932 0x0d84  [ E00EE27741059EADCAD73C623193B547, 1592AC3B016615CAE259D64F6C550D3D153008D65B7B8F829AFD1296F7115A98 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirwin7.sys
22:12:17.0946 0x0d84  Sftredir - ok
22:12:17.0993 0x0d84  [ 8A96436B4D19C2A17EEB4C4EA648C055, 071C9CA7D540B384D532DCD29013B41EB55EE0520CFB0B1F6E11F99760039832 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvolwin7.sys
22:12:17.0999 0x0d84  Sftvol - ok
22:12:18.0041 0x0d84  [ 19D34534176E62F35DDB7DC7B7FF2A87, DBBB9155B62482E4782E5302193586514880734BD3617FDCB51798EB404758D6 ] sftvsa          C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
22:12:18.0058 0x0d84  sftvsa - ok
22:12:18.0126 0x0d84  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:12:18.0153 0x0d84  SharedAccess - ok
22:12:18.0218 0x0d84  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:12:18.0244 0x0d84  ShellHWDetection - ok
22:12:18.0304 0x0d84  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
22:12:18.0310 0x0d84  sisagp - ok
22:12:18.0345 0x0d84  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
22:12:18.0352 0x0d84  SiSRaid2 - ok
22:12:18.0387 0x0d84  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:12:18.0393 0x0d84  SiSRaid4 - ok
22:12:18.0456 0x0d84  [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
22:12:18.0465 0x0d84  SkypeUpdate - ok
22:12:18.0498 0x0d84  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:12:18.0503 0x0d84  Smb - ok
22:12:18.0561 0x0d84  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:12:18.0579 0x0d84  SNMPTRAP - ok
22:12:18.0640 0x0d84  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:12:18.0644 0x0d84  spldr - ok
22:12:18.0704 0x0d84  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
22:12:18.0731 0x0d84  Spooler - ok
22:12:18.0993 0x0d84  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
22:12:19.0163 0x0d84  sppsvc - ok
22:12:19.0218 0x0d84  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:12:19.0246 0x0d84  sppuinotify - ok
22:12:19.0289 0x0d84  [ 112127C3B2E64D7680CC39CD0A39DD7E, ABE8B868CFE0EF4DAF886517047DBFD5A9C964983FAA499AC086CCD45BA46366 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:12:19.0314 0x0d84  srv - ok
22:12:19.0349 0x0d84  [ E5DD784A4EE5EBC72A86C677C988FCDB, 5D54C9AF291F8047DD66C31671F279A5D7EE8BCB5E55640F5F976E16211F59DD ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:12:19.0370 0x0d84  srv2 - ok
22:12:19.0407 0x0d84  [ CDBE627E16CC9E98F343D73F8E81D258, 25A68A6F943FCBA79A0D97ABC5B2EAEEB65C268F1CB2DD445ABF7E2758DF2802 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:12:19.0416 0x0d84  srvnet - ok
22:12:19.0444 0x0d84  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:12:19.0497 0x0d84  SSDPSRV - ok
22:12:19.0529 0x0d84  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:12:19.0552 0x0d84  SstpSvc - ok
22:12:19.0612 0x0d84  [ 2F3B5A3567FFB343D8867C3D34C687F1, D01971412506746B2EA1CBB0ACF9472889ABBC23318C1332BEC9C8256011183E ] Steam Client Service C:\Program Files\Common Files\Steam\SteamService.exe
22:12:19.0653 0x0d84  Steam Client Service - ok
22:12:19.0718 0x0d84  [ 49D9C17FDDFAC66F27FA735E94923216, 18C8FE5B794927989CDD3BB7A5500C73CCC23559470EEB37D42FD9AD04098C0D ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:12:19.0782 0x0d84  Stereo Service - ok
22:12:19.0835 0x0d84  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\drivers\stexstor.sys
22:12:19.0839 0x0d84  stexstor - ok
22:12:19.0904 0x0d84  [ EDB05BD63148796F23EA78506404A538, 8EBF623D3DEB6CCAC75AAFCF8B23271029A28BE29D459088E40FBF109E80AA17 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
22:12:19.0909 0x0d84  StillCam - ok
22:12:19.0973 0x0d84  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
22:12:20.0007 0x0d84  StiSvc - ok
22:12:20.0046 0x0d84  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:12:20.0059 0x0d84  swenum - ok
22:12:20.0234 0x0d84  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:12:20.0288 0x0d84  SwitchBoard - ok
22:12:20.0348 0x0d84  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
22:12:20.0374 0x0d84  swprv - ok
22:12:20.0455 0x0d84  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
22:12:20.0542 0x0d84  SysMain - ok
22:12:20.0588 0x0d84  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
22:12:20.0612 0x0d84  TabletInputService - ok
22:12:20.0654 0x0d84  [ B7AEE68D2E867CBF69B649B18FCEDBBB, 82814EEDBD2908DC2D6A2162C647FB323F95EA7D9EA49265DB44CA72468753A0 ] tap0901t        C:\Windows\system32\DRIVERS\tap0901t.sys
22:12:20.0658 0x0d84  tap0901t - ok
22:12:20.0708 0x0d84  [ 1C852573ACB98DA4C6679CE11361D242, 6016A1A531349A16A9259AA95C3B79BDDE03B3AD481B25C263D670A81DD6A7EF ] taphss6         C:\Windows\system32\DRIVERS\taphss6.sys
22:12:20.0712 0x0d84  taphss6 - ok
22:12:20.0747 0x0d84  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:12:20.0830 0x0d84  TapiSrv - ok
22:12:20.0864 0x0d84  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
22:12:20.0880 0x0d84  TBS - ok
22:12:21.0039 0x0d84  [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:12:21.0137 0x0d84  Tcpip - ok
22:12:21.0246 0x0d84  [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:12:21.0312 0x0d84  TCPIP6 - ok
22:12:21.0386 0x0d84  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:12:21.0391 0x0d84  tcpipreg - ok
22:12:21.0443 0x0d84  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:12:21.0447 0x0d84  TDPIPE - ok
22:12:21.0496 0x0d84  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:12:21.0500 0x0d84  TDTCP - ok
22:12:21.0532 0x0d84  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:12:21.0549 0x0d84  tdx - ok
22:12:21.0583 0x0d84  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:12:21.0591 0x0d84  TermDD - ok
22:12:21.0663 0x0d84  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll
22:12:21.0712 0x0d84  TermService - ok
22:12:21.0742 0x0d84  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
22:12:21.0758 0x0d84  Themes - ok
22:12:21.0788 0x0d84  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
22:12:21.0806 0x0d84  THREADORDER - ok
22:12:22.0073 0x0d84  [ 0C7C9113437BD67DD77874FAFFF5A184, C5D739B6F8D446A4E722240FDF2F013794AAD30C2ADB8303EFD14881929CE6DD ] TolbarUpdater   C:\Users\PC\AppData\Local\Temp\ToolbarUpdater.exe
22:12:22.0168 0x0d84  TolbarUpdater - ok
22:12:22.0218 0x0d84  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
22:12:22.0236 0x0d84  TrkWks - ok
22:12:22.0332 0x0d84  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:12:22.0351 0x0d84  TrustedInstaller - ok
22:12:22.0412 0x0d84  [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:12:22.0422 0x0d84  tssecsrv - ok
22:12:22.0462 0x0d84  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:12:22.0467 0x0d84  TsUsbFlt - ok
22:12:22.0495 0x0d84  [ 01246F0BAAD7B68EC0F472AA41E33282, 51F975AF029AD015576FFFA3E88F5DBB8B40C7CD30ECDEDE8AFABCB08C954199 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
22:12:22.0499 0x0d84  TsUsbGD - ok
22:12:22.0532 0x0d84  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:12:22.0540 0x0d84  tunnel - ok
22:12:22.0624 0x0d84  [ 2FD0FE0A0C721C8E47C5A3AE16E519B1, C0DE61AF32F01CF9BDA3E325F5F15D249C0FA4BB5FF720ED1916214907B4AF55 ] TunngleService  C:\Program Files\Tunngle\TnglCtrl.exe
22:12:22.0662 0x0d84  TunngleService - ok
22:12:22.0722 0x0d84  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:12:22.0728 0x0d84  uagp35 - ok
22:12:22.0773 0x0d84  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:12:22.0790 0x0d84  udfs - ok
22:12:22.0851 0x0d84  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:12:22.0866 0x0d84  UI0Detect - ok
22:12:22.0904 0x0d84  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:12:22.0914 0x0d84  uliagpkx - ok
22:12:22.0943 0x0d84  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:12:22.0948 0x0d84  umbus - ok
22:12:22.0981 0x0d84  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\drivers\umpass.sys
22:12:22.0985 0x0d84  UmPass - ok
22:12:23.0032 0x0d84  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
22:12:23.0060 0x0d84  upnphost - ok
22:12:23.0109 0x0d84  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
22:12:23.0116 0x0d84  usbccgp - ok
22:12:23.0333 0x0d84  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:12:23.0340 0x0d84  usbcir - ok
22:12:23.0375 0x0d84  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:12:23.0381 0x0d84  usbehci - ok
22:12:23.0424 0x0d84  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:12:23.0437 0x0d84  usbhub - ok
22:12:23.0480 0x0d84  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:12:23.0510 0x0d84  usbohci - ok
22:12:23.0553 0x0d84  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
22:12:23.0559 0x0d84  usbprint - ok
22:12:23.0609 0x0d84  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:12:23.0632 0x0d84  USBSTOR - ok
22:12:23.0665 0x0d84  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
22:12:23.0668 0x0d84  usbuhci - ok
22:12:23.0722 0x0d84  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
22:12:23.0739 0x0d84  UxSms - ok
22:12:23.0769 0x0d84  [ 803B370865D907EA21DC0C2B6A8936B5, E98F0BA1D94786E061A3EA2CC76041FF6BE0ADF47C6205D5572C03BF0E29CA78 ] VaultSvc        C:\Windows\system32\lsass.exe
22:12:23.0786 0x0d84  VaultSvc - ok
22:12:23.0809 0x0d84  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:12:23.0815 0x0d84  vdrvroot - ok
22:12:23.0864 0x0d84  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
22:12:23.0897 0x0d84  vds - ok
22:12:23.0931 0x0d84  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:12:23.0936 0x0d84  vga - ok
22:12:23.0988 0x0d84  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:12:23.0997 0x0d84  VgaSave - ok
22:12:24.0037 0x0d84  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:12:24.0046 0x0d84  vhdmp - ok
22:12:24.0085 0x0d84  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
22:12:24.0093 0x0d84  viaagp - ok
22:12:24.0134 0x0d84  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
22:12:24.0144 0x0d84  ViaC7 - ok
22:12:24.0196 0x0d84  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:12:24.0200 0x0d84  viaide - ok
22:12:24.0237 0x0d84  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:12:24.0244 0x0d84  volmgr - ok
22:12:24.0286 0x0d84  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:12:24.0306 0x0d84  volmgrx - ok
22:12:24.0349 0x0d84  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:12:24.0371 0x0d84  volsnap - ok
22:12:24.0414 0x0d84  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:12:24.0422 0x0d84  vsmraid - ok
22:12:24.0509 0x0d84  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
22:12:24.0583 0x0d84  VSS - ok
22:12:24.0612 0x0d84  vtany - ok
22:12:24.0641 0x0d84  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
22:12:24.0650 0x0d84  vwifibus - ok
22:12:24.0690 0x0d84  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
22:12:24.0728 0x0d84  W32Time - ok
22:12:24.0778 0x0d84  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:12:24.0782 0x0d84  WacomPen - ok
22:12:24.0820 0x0d84  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:12:24.0833 0x0d84  WANARP - ok
22:12:24.0862 0x0d84  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:12:24.0866 0x0d84  Wanarpv6 - ok
22:12:24.0973 0x0d84  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
22:12:25.0041 0x0d84  WatAdminSvc - ok
22:12:25.0230 0x0d84  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
22:12:25.0290 0x0d84  wbengine - ok
22:12:25.0381 0x0d84  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:12:25.0409 0x0d84  WbioSrvc - ok
22:12:25.0449 0x0d84  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:12:25.0469 0x0d84  wcncsvc - ok
22:12:25.0500 0x0d84  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:12:25.0517 0x0d84  WcsPlugInService - ok
22:12:25.0558 0x0d84  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\drivers\wd.sys
22:12:25.0564 0x0d84  Wd - ok
22:12:25.0641 0x0d84  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:12:25.0680 0x0d84  Wdf01000 - ok
22:12:25.0730 0x0d84  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:12:25.0749 0x0d84  WdiServiceHost - ok
22:12:25.0779 0x0d84  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:12:25.0792 0x0d84  WdiSystemHost - ok
22:12:25.0852 0x0d84  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
22:12:25.0878 0x0d84  WebClient - ok
22:12:25.0983 0x0d84  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:12:26.0000 0x0d84  Wecsvc - ok
22:12:26.0031 0x0d84  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:12:26.0047 0x0d84  wercplsupport - ok
22:12:26.0080 0x0d84  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
22:12:26.0103 0x0d84  WerSvc - ok
22:12:26.0150 0x0d84  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:12:26.0154 0x0d84  WfpLwf - ok
22:12:26.0192 0x0d84  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:12:26.0198 0x0d84  WIMMount - ok
22:12:26.0300 0x0d84  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
22:12:26.0375 0x0d84  WinDefend - ok
22:12:26.0470 0x0d84  WinHttpAutoProxySvc - ok
22:12:26.0542 0x0d84  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:12:26.0560 0x0d84  Winmgmt - ok
22:12:26.0651 0x0d84  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
22:12:26.0724 0x0d84  WinRM - ok
22:12:26.0827 0x0d84  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:12:26.0894 0x0d84  Wlansvc - ok
22:12:26.0933 0x0d84  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:12:26.0938 0x0d84  WmiAcpi - ok
22:12:26.0993 0x0d84  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:12:27.0004 0x0d84  wmiApSrv - ok
22:12:27.0118 0x0d84  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
22:12:27.0172 0x0d84  WMPNetworkSvc - ok
22:12:27.0212 0x0d84  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:12:27.0238 0x0d84  WPCSvc - ok
22:12:27.0268 0x0d84  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:12:27.0291 0x0d84  WPDBusEnum - ok
22:12:27.0321 0x0d84  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:12:27.0325 0x0d84  ws2ifsl - ok
22:12:27.0358 0x0d84  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
22:12:27.0376 0x0d84  wscsvc - ok
22:12:27.0417 0x0d84  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9, 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
22:12:27.0421 0x0d84  WSDPrintDevice - ok
22:12:27.0453 0x0d84  WSearch - ok
22:12:27.0608 0x0d84  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:12:27.0748 0x0d84  wuauserv - ok
22:12:27.0796 0x0d84  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:12:27.0810 0x0d84  WudfPf - ok
22:12:27.0845 0x0d84  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:12:27.0862 0x0d84  WUDFRd - ok
22:12:27.0902 0x0d84  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:12:27.0927 0x0d84  wudfsvc - ok
22:12:27.0989 0x0d84  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:12:28.0022 0x0d84  WwanSvc - ok
22:12:28.0041 0x0d84  xhunter1 - ok
22:12:28.0091 0x0d84  ================ Scan global ===============================
22:12:28.0135 0x0d84  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
22:12:28.0190 0x0d84  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
22:12:28.0240 0x0d84  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
22:12:28.0280 0x0d84  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
22:12:28.0358 0x0d84  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
22:12:28.0381 0x0d84  [ Global ] - ok
22:12:28.0387 0x0d84  ================ Scan MBR ==================================
22:12:28.0399 0x0d84  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:12:28.0754 0x0d84  \Device\Harddisk0\DR0 - ok
22:12:28.0769 0x0d84  [ 32052574BF9F325AE309ABC7BFD04460 ] \Device\Harddisk1\DR1
22:12:29.0134 0x0d84  \Device\Harddisk1\DR1 - ok
22:12:29.0141 0x0d84  ================ Scan VBR ==================================
22:12:29.0149 0x0d84  [ 0826C750A69BE916ECF31C7566B294BC ] \Device\Harddisk0\DR0\Partition1
22:12:29.0152 0x0d84  \Device\Harddisk0\DR0\Partition1 - ok
22:12:29.0175 0x0d84  [ 2C3863F4759D2E01D9C082C5D2CA5910 ] \Device\Harddisk0\DR0\Partition2
22:12:29.0226 0x0d84  \Device\Harddisk0\DR0\Partition2 - ok
22:12:29.0241 0x0d84  [ 5CEEA25749D3777DEE032288BA29AC9F ] \Device\Harddisk0\DR0\Partition3
22:12:29.0244 0x0d84  \Device\Harddisk0\DR0\Partition3 - ok
22:12:29.0260 0x0d84  [ C2DB86BEDB90A9AB9819D00B249DAA53 ] \Device\Harddisk1\DR1\Partition1
22:12:29.0262 0x0d84  \Device\Harddisk1\DR1\Partition1 - ok
22:12:29.0282 0x0d84  [ 655B4DB3CDC7268F804C6B4F61D470C6 ] \Device\Harddisk1\DR1\Partition2
22:12:29.0284 0x0d84  \Device\Harddisk1\DR1\Partition2 - ok
22:12:29.0293 0x0d84  Waiting for KSN requests completion. In queue: 60
22:12:30.0293 0x0d84  Waiting for KSN requests completion. In queue: 60
22:12:31.0293 0x0d84  Waiting for KSN requests completion. In queue: 60
22:12:32.0581 0x0d84  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 8.0.1489.300 ), 0x41000 ( enabled : updated )
22:12:32.0626 0x0d84  Win FW state via NFP2: enabled
22:12:35.0416 0x0d84  ============================================================
22:12:35.0416 0x0d84  Scan finished
22:12:35.0416 0x0d84  ============================================================
22:12:35.0445 0x1c0c  Detected object count: 0
22:12:35.0445 0x1c0c  Actual detected object count: 0


#4 Wenex

Wenex
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 24 March 2014 - 07:46 AM

One question: It may not be that easy, but I found winmonitor.exe in my C:/windows/win32 folder. Is this safe to delete it? Will it help me?



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 PM

Posted 24 March 2014 - 10:51 AM

Don´t delete anything - it would return...

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 Wenex

Wenex
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 24 March 2014 - 11:50 AM

Hey Marius. Thanks for replying.

 

Here's the logs:

 

ComboFix 14-03-24.01 - PC 2014-03-24  17:06:34.1.1 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1045.18.3328.1610 [GMT 1:00]
Uruchomiony z: c:\users\PC\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\PC\videos\crossfire_downloader.exe
c:\windows\system32\components
c:\windows\system32\components\binary.manifest
F:\install.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_TolbarUpdater
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2014-02-24 do 2014-03-24  )))))))))))))))))))))))))))))))
.
.
2014-03-24 16:34 . 2014-03-24 16:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-03-24 16:34 . 2014-03-24 16:34 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-03-24 16:34 . 2014-03-24 16:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-24 16:34 . 2014-03-24 16:34 -------- d-----w- c:\users\Asia\AppData\Local\temp
2014-03-24 12:38 . 2014-03-24 12:38 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B15BC492-A17A-42CC-8998-675CF62E2D74}\offreg.dll
2014-03-23 18:39 . 2014-03-23 18:39 -------- d-----w- c:\program files\Wise PC Doctor
2014-03-21 15:44 . 2014-03-21 15:44 -------- d-----w- c:\program files\Common Files\Java
2014-03-21 13:27 . 2014-03-07 04:35 7969936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B15BC492-A17A-42CC-8998-675CF62E2D74}\mpengine.dll
2014-03-16 23:54 . 2014-03-16 23:54 -------- d-----w- c:\users\PC\AppData\Local\Bizarre Creations
2014-03-16 21:32 . 2014-03-16 21:32 -------- d-----w- c:\users\PC\AppData\Roaming\Oracle
2014-03-16 21:30 . 2014-03-21 15:42 96664 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-03-16 04:32 . 2014-03-16 04:32 -------- d-----w- c:\users\PC\AppData\Roaming\RotMG.Production
2014-03-16 04:12 . 2014-03-24 09:55 -------- d-----w- c:\program files\Steam
2014-03-13 15:20 . 2014-03-01 03:14 469504 ----a-w- c:\program files\Internet Explorer\ieinstal.exe
2014-03-13 15:20 . 2014-01-28 02:07 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-13 15:20 . 2014-02-07 01:07 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-03-13 15:20 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-13 15:20 . 2014-01-29 02:06 381440 ----a-w- c:\windows\system32\wer.dll
2014-03-13 01:10 . 2014-03-13 01:10 -------- d-----w- c:\programdata\BlueStacks
2014-03-13 01:10 . 2014-03-13 01:10 -------- d-----w- c:\program files\BlueStacks
2014-03-13 01:09 . 2014-03-13 01:09 -------- d-----w- c:\users\PC\AppData\Local\Bluestacks
2014-03-13 00:50 . 2014-03-13 00:50 -------- d-----w- c:\users\PC\AppData\Local\Smellyriver
2014-03-08 01:10 . 2014-03-08 01:18 -------- d-----w- c:\users\PC\AppData\Roaming\Fallout2
2014-03-02 04:24 . 2014-03-02 04:24 -------- d-----w- c:\users\PC\AppData\Roaming\Rovio
2014-02-27 01:44 . 2014-02-27 01:44 -------- d-----w- c:\users\PC\AppData\Roaming\UDP Software
2014-02-25 02:02 . 2014-02-25 02:02 -------- d-----w- c:\windows\Migration
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 19:38 . 2013-01-30 13:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 19:38 . 2013-01-30 13:32 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-11 19:23 . 2014-01-26 15:31 166400 ----a-w- c:\windows\system32\winmonitor.exe
2014-01-26 15:31 . 2014-01-26 15:31 17864381 ----a-w- c:\windows\system32\libs.exe
2014-01-25 00:34 . 2014-01-24 23:07 967 ----a-w- c:\windows\ScUnin.pif
2014-01-25 00:34 . 2014-01-24 23:07 94208 ----a-w- c:\windows\ScUnin.exe
2014-01-07 11:06 . 2013-02-01 17:27 137176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2014-01-07 11:06 . 2013-02-01 17:26 268952 ----a-w- c:\windows\system32\PnkBstrB.exe
2014-01-07 11:06 . 2013-02-01 17:26 268952 ----a-w- c:\windows\system32\PnkBstrB.xtr
2014-01-07 11:05 . 2013-02-01 17:26 268952 ----a-w- c:\windows\system32\PnkBstrB.ex0
2014-01-07 11:02 . 2013-02-01 17:26 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2014-01-07 10:51 . 2013-04-21 04:31 22328 ----a-w- c:\users\PC\AppData\Roaming\PnkBstrK.sys
2014-01-07 10:51 . 2014-01-07 10:51 682280 ----a-w- c:\windows\system32\pbsvc.exe
2013-12-24 23:09 . 2014-02-13 22:00 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-30 13:35 . 2013-01-30 13:35 1093632 ----a-w- c:\program files\BESTplayer.exe
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1]
@="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2]
@="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3]
@="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4]
@="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"suchypowiadamiacz"="c:\users\PC\AppData\Roaming\Suchy Powiadamiacz\0.5.5175.39317\SuchyPowiadamiacz.exe" [2014-03-11 1012736]
"Akamai NetSession Interface"="c:\users\PC\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"Steam"="c:\program files\Steam\Steam.exe" [2014-02-25 1821888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-05-28 10988176]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2012-09-25 1163264]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-14 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2013-11-14 955168]
"BlueStacks Agent"="c:\program files\BlueStacks\HD-Agent.exe" [2014-03-06 819984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-03-04 224128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\EVEREST Home Edition\kerneld.wnt [2005-08-17 7168]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2012-11-26 745368]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-30 1343400]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-04-19 242240]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2013-09-17 41160]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [2014-03-06 113424]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [2014-03-06 385808]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files\BlueStacks\HD-UpdaterService.exe [2014-03-06 770832]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\cmw_srv.exe [2013-09-17 878888]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2013-09-17 556840]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-14 14652704]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-11 414496]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [2012-10-11 34432]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2013-01-31 22656]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-11-14 33568]
S3 RTL8167;Sterownik Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys [2013-06-26 584872]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys [2013-06-26 197800]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys [2013-06-26 24232]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys [2013-06-26 20136]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-09-17 37064]
.
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 17:45 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2014-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-31 19:38]
.
2014-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-01 00:21]
.
2014-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-01 00:21]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www1.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=086800FF522FE74B
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &P&obierz &za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ma2yh3os.default\
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=086834810000000000000014858ef016&q=
FF - user.js: extensions.BabylonToolbar.id - 086834810000000000000014858ef016
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15736
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.7.2
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.7.2
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.22:15
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109718
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 0868348100000000000000ff522fe74b
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15814
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1623:32
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKCU-Run-xwidget - c:\program files\XWidget\xwidget.exe
HKCU-Run-Desura - c:\program files\Desura\desura.exe
HKCU-Run-DriverMax - (no file)
HKCU-Run-DriverMax_RESTART - (no file)
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe
AddRemove-BaboViolent 2_is1 - c:\program files\RndLabs\BaboViolent 2\unins000.exe
AddRemove-Fallout New Vegas_is1 - d:\fallout new vegas\Fallout New Vegas\unins000.exe
AddRemove-GOGPACKPAPERSPLEASE_is1 - c:\gog games\Papers
AddRemove-LIMBO - c:\program files\LIMBO\Desintalar.exe
AddRemove-ManyCam - c:\program files\ManyCam\uninstall.exe
AddRemove-S.T.A.L.K.E.R. - Clear Sky_is1 - e:\s.t.a.l.k.e.r. - clear sky\unins000.exe
AddRemove-Scribblenauts Unmasked A DC Comics Adventure_is1 - e:\scribblenauts unmasked\unins000.exe
AddRemove-Spelunky HD 1.0 - c:\spelunky hd\Uninstall.exe
AddRemove-Torchlight II © Runic Games_is1 - f:\torchlight ii\unins000.exe
AddRemove-Turbo Sliders - c:\program files\Jollygood Games\Turbo Sliders\uninstall.exe
AddRemove-VGhlV29sZkFtb25nVXM=_is1 - c:\program files\The Wolf Among Us\unins000.exe
AddRemove-Wolfenstein - Enemy Territory - c:\program files\Wolfenstein - Enemy Territory\uninstall.exe
AddRemove-{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1 - f:\wot\unins000.exe
AddRemove-{1EAC1D02-C6AC-4FA6-9A44-96258C37C813EU}_is1 - f:\world_of_warplanes\unins000.exe
AddRemove-{3DE19DBA-6F79-4E14-AE0B-1833B26DD184}_is1 - c:\solace\unins000.exe
AddRemove-{B789FA51-6A71-408F-92DE-EDE4A517B8F9}_is1 - d:\rar password unlocker\unins000.exe
AddRemove-Papers, Please PL - c:\papers please 1.0.41\uninstallgs.exe
AddRemove-{9F101691-69D3-422E-BB5C-8CAD7110781B}_is1 - c:\robocraft\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\EVEREST Home Edition\kerneld.wnt"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-632434008-909267790-2204689488-1000\Software\SecuROM\License information*]
"datasecu"=hex:23,ce,fb,bd,20,b3,51,46,c3,80,f4,69,23,a6,53,dc,df,de,1e,87,32,
   f6,12,63,2c,7f,db,c7,5e,ff,21,93,c9,ef,a0,5c,fb,4c,82,9d,da,35,87,01,cd,f8,\
"rkeysecu"=hex:87,da,90,0d,aa,c6,05,42,8f,ce,10,fa,1b,49,79,6c
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\BlueStacks\HD-Service.exe
c:\program files\BlueStacks\HD-Network.exe
c:\windows\system32\conhost.exe
c:\program files\BlueStacks\HD-BlockDevice.exe
c:\windows\system32\conhost.exe
c:\program files\BlueStacks\HD-SharedFolder.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Czas ukończenia: 2014-03-24  17:45:42 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2014-03-24 16:45
.
Przed: 35 530 072 064 bajtów wolnych
Po: 35 952 201 728 bajtów wolnych
.
- - End Of File - - 9EC632DDAFE79152D23FAFF71ACA95C2
A36C5E4F47E84449FF07ED3517B43A31
 
 
 
 
I would like to notice that winmonitor.exe didn't appear this time in my Manager Task.
Waiting for another steps. Thanks for your help.

Edited by Wenex, 24 March 2014 - 12:02 PM.


#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 PM

Posted 24 March 2014 - 12:11 PM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 Wenex

Wenex
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 24 March 2014 - 12:59 PM

So yhm. I did like you said. 

 

I run Combofix. It started working and after few minutes the communicate appear. It said that program want to send some "infected" files into the server. I clicked OK. After few minutes another communicate appear and said: Servers are temporary offline. The file was saved, so I can try to send these files again, when they are up.

 

Sooo confused right now.

Anyway, after this log.txt appear.

 

Here's logs:

 

ComboFix 14-03-24.01 - PC 2014-03-24  18:22:00.2.1 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1045.18.3328.1975 [GMT 1:00]
Uruchomiony z: c:\users\PC\Desktop\ComboFix.exe
Użyto następujących komend :: c:\users\PC\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
file zipped: c:\windows\System32\winmonitor.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
c:\windows\system32\roboot.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2014-02-24 do 2014-03-24  )))))))))))))))))))))))))))))))
.
.
2014-03-24 17:45 . 2014-03-24 17:45 -------- d-----w- c:\users\PC\AppData\Local\temp
2014-03-24 17:45 . 2014-03-24 17:45 -------- d-----w- c:\users\wangzhisong\AppData\Local\temp
2014-03-24 17:45 . 2014-03-24 17:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-03-24 17:45 . 2014-03-24 17:45 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-03-24 17:45 . 2014-03-24 17:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-24 17:45 . 2014-03-24 17:45 -------- d-----w- c:\users\Asia\AppData\Local\temp
2014-03-24 12:38 . 2014-03-24 12:38 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B15BC492-A17A-42CC-8998-675CF62E2D74}\offreg.dll
2014-03-23 18:39 . 2014-03-23 18:39 -------- d-----w- c:\program files\Wise PC Doctor
2014-03-21 15:44 . 2014-03-21 15:44 -------- d-----w- c:\program files\Common Files\Java
2014-03-21 13:27 . 2014-03-07 04:35 7969936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B15BC492-A17A-42CC-8998-675CF62E2D74}\mpengine.dll
2014-03-16 23:54 . 2014-03-16 23:54 -------- d-----w- c:\users\PC\AppData\Local\Bizarre Creations
2014-03-16 21:32 . 2014-03-16 21:32 -------- d-----w- c:\users\PC\AppData\Roaming\Oracle
2014-03-16 21:30 . 2014-03-21 15:42 96664 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-03-16 04:32 . 2014-03-16 04:32 -------- d-----w- c:\users\PC\AppData\Roaming\RotMG.Production
2014-03-16 04:12 . 2014-03-24 09:55 -------- d-----w- c:\program files\Steam
2014-03-13 15:20 . 2014-03-01 03:14 469504 ----a-w- c:\program files\Internet Explorer\ieinstal.exe
2014-03-13 15:20 . 2014-01-28 02:07 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-13 15:20 . 2014-02-07 01:07 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-03-13 15:20 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-13 15:20 . 2014-01-29 02:06 381440 ----a-w- c:\windows\system32\wer.dll
2014-03-13 01:10 . 2014-03-13 01:10 -------- d-----w- c:\programdata\BlueStacks
2014-03-13 01:10 . 2014-03-13 01:10 -------- d-----w- c:\program files\BlueStacks
2014-03-13 01:09 . 2014-03-13 01:09 -------- d-----w- c:\users\PC\AppData\Local\Bluestacks
2014-03-13 00:50 . 2014-03-13 00:50 -------- d-----w- c:\users\PC\AppData\Local\Smellyriver
2014-03-08 01:10 . 2014-03-08 01:18 -------- d-----w- c:\users\PC\AppData\Roaming\Fallout2
2014-03-02 04:24 . 2014-03-02 04:24 -------- d-----w- c:\users\PC\AppData\Roaming\Rovio
2014-02-27 01:44 . 2014-02-27 01:44 -------- d-----w- c:\users\PC\AppData\Roaming\UDP Software
2014-02-25 02:02 . 2014-02-25 02:02 -------- d-----w- c:\windows\Migration
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 19:38 . 2013-01-30 13:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 19:38 . 2013-01-30 13:32 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-11 19:23 . 2014-01-26 15:31 166400 ----a-w- c:\windows\system32\winmonitor.exe
2014-01-26 15:31 . 2014-01-26 15:31 17864381 ----a-w- c:\windows\system32\libs.exe
2014-01-25 00:34 . 2014-01-24 23:07 967 ----a-w- c:\windows\ScUnin.pif
2014-01-25 00:34 . 2014-01-24 23:07 94208 ----a-w- c:\windows\ScUnin.exe
2014-01-07 11:06 . 2013-02-01 17:27 137176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2014-01-07 11:06 . 2013-02-01 17:26 268952 ----a-w- c:\windows\system32\PnkBstrB.exe
2014-01-07 11:06 . 2013-02-01 17:26 268952 ----a-w- c:\windows\system32\PnkBstrB.xtr
2014-01-07 11:05 . 2013-02-01 17:26 268952 ----a-w- c:\windows\system32\PnkBstrB.ex0
2014-01-07 11:02 . 2013-02-01 17:26 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2014-01-07 10:51 . 2013-04-21 04:31 22328 ----a-w- c:\users\PC\AppData\Roaming\PnkBstrK.sys
2014-01-07 10:51 . 2014-01-07 10:51 682280 ----a-w- c:\windows\system32\pbsvc.exe
2013-12-24 23:09 . 2014-02-13 22:00 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-30 13:35 . 2013-01-30 13:35 1093632 ----a-w- c:\program files\BESTplayer.exe
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1]
@="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2]
@="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3]
@="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4]
@="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"suchypowiadamiacz"="c:\users\PC\AppData\Roaming\Suchy Powiadamiacz\0.5.5175.39317\SuchyPowiadamiacz.exe" [2014-03-11 1012736]
"Akamai NetSession Interface"="c:\users\PC\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"Steam"="c:\program files\Steam\Steam.exe" [2014-02-25 1821888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-05-28 10988176]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2012-09-25 1163264]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-14 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2013-11-14 955168]
"BlueStacks Agent"="c:\program files\BlueStacks\HD-Agent.exe" [2014-03-06 819984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-03-04 224128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\EVEREST Home Edition\kerneld.wnt [2005-08-17 7168]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2012-11-26 745368]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-30 1343400]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-04-19 242240]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2013-09-17 41160]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [2014-03-06 113424]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [2014-03-06 385808]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files\BlueStacks\HD-UpdaterService.exe [2014-03-06 770832]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\cmw_srv.exe [2013-09-17 878888]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2013-09-17 556840]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-14 14652704]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-11 414496]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [2012-10-11 34432]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2013-01-31 22656]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-11-14 33568]
S3 RTL8167;Sterownik Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys [2013-06-26 584872]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys [2013-06-26 197800]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys [2013-06-26 24232]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys [2013-06-26 20136]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-09-17 37064]
.
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 17:45 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2014-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-31 19:38]
.
2014-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-01 00:21]
.
2014-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-01 00:21]
.
.
------- Skan uzupełniający -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &P&obierz &za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ma2yh3os.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\EVEREST Home Edition\kerneld.wnt"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-632434008-909267790-2204689488-1000\Software\SecuROM\License information*]
"datasecu"=hex:23,ce,fb,bd,20,b3,51,46,c3,80,f4,69,23,a6,53,dc,df,de,1e,87,32,
   f6,12,63,2c,7f,db,c7,5e,ff,21,93,c9,ef,a0,5c,fb,4c,82,9d,da,35,87,01,cd,f8,\
"rkeysecu"=hex:87,da,90,0d,aa,c6,05,42,8f,ce,10,fa,1b,49,79,6c
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2014-03-24  18:48:50
ComboFix-quarantined-files.txt  2014-03-24 17:48
ComboFix2.txt  2014-03-24 16:45
.
Przed: 35 915 857 920 bajtów wolnych
Po: 36 017 504 256 bajtów wolnych
.
- - End Of File - - ABC265B6FD95F79BFDB552494543A713
A36C5E4F47E84449FF07ED3517B43A31

Edited by Wenex, 24 March 2014 - 12:59 PM.


#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 PM

Posted 25 March 2014 - 07:22 AM

Please upload the file as explained - I´ve adviced CF to send a copy of the file to me for deeper analyzation.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 Wenex

Wenex
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 25 March 2014 - 10:08 AM

Okay, I think I send it this time. Not sure if a right file :(



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 PM

Posted 25 March 2014 - 10:26 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is saved to.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 Wenex

Wenex
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 25 March 2014 - 12:06 PM

Logs from Combofix. I will post from Malwarebytes after it finish.

 

ComboFix 14-03-24.01 - PC 2014-03-25  17:16:15.3.1 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1045.18.3328.2341 [GMT 1:00]
Uruchomiony z: c:\users\PC\Desktop\ComboFix.exe
Użyto następujących komend :: c:\users\PC\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\winmonitor.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\winmonitor.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2014-02-25 do 2014-03-25  )))))))))))))))))))))))))))))))
.
.
2014-03-25 16:39 . 2014-03-25 16:39 -------- d-----w- c:\users\PC\AppData\Local\temp
2014-03-25 16:39 . 2014-03-25 16:39 -------- d-----w- c:\users\wangzhisong\AppData\Local\temp
2014-03-25 16:39 . 2014-03-25 16:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-03-25 16:39 . 2014-03-25 16:39 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-03-25 16:39 . 2014-03-25 16:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-25 16:39 . 2014-03-25 16:39 -------- d-----w- c:\users\Asia\AppData\Local\temp
2014-03-25 16:12 . 2014-03-25 16:12 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8CEE75B-8AF1-420B-8865-D89E85BDF142}\offreg.dll
2014-03-25 14:32 . 2014-03-07 04:35 7969936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8CEE75B-8AF1-420B-8865-D89E85BDF142}\mpengine.dll
2014-03-23 18:39 . 2014-03-23 18:39 -------- d-----w- c:\program files\Wise PC Doctor
2014-03-21 15:44 . 2014-03-21 15:44 -------- d-----w- c:\program files\Common Files\Java
2014-03-16 23:54 . 2014-03-16 23:54 -------- d-----w- c:\users\PC\AppData\Local\Bizarre Creations
2014-03-16 21:32 . 2014-03-16 21:32 -------- d-----w- c:\users\PC\AppData\Roaming\Oracle
2014-03-16 21:30 . 2014-03-21 15:42 96664 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-03-16 04:32 . 2014-03-16 04:32 -------- d-----w- c:\users\PC\AppData\Roaming\RotMG.Production
2014-03-16 04:12 . 2014-03-25 14:37 -------- d-----w- c:\program files\Steam
2014-03-13 15:20 . 2014-03-01 03:14 469504 ----a-w- c:\program files\Internet Explorer\ieinstal.exe
2014-03-13 15:20 . 2014-01-28 02:07 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-13 15:20 . 2014-02-07 01:07 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-03-13 15:20 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-13 15:20 . 2014-01-29 02:06 381440 ----a-w- c:\windows\system32\wer.dll
2014-03-13 01:10 . 2014-03-13 01:10 -------- d-----w- c:\programdata\BlueStacks
2014-03-13 01:10 . 2014-03-13 01:10 -------- d-----w- c:\program files\BlueStacks
2014-03-13 01:09 . 2014-03-13 01:09 -------- d-----w- c:\users\PC\AppData\Local\Bluestacks
2014-03-13 00:50 . 2014-03-13 00:50 -------- d-----w- c:\users\PC\AppData\Local\Smellyriver
2014-03-08 01:10 . 2014-03-08 01:18 -------- d-----w- c:\users\PC\AppData\Roaming\Fallout2
2014-03-02 04:24 . 2014-03-02 04:24 -------- d-----w- c:\users\PC\AppData\Roaming\Rovio
2014-02-27 01:44 . 2014-02-27 01:44 -------- d-----w- c:\users\PC\AppData\Roaming\UDP Software
2014-02-25 02:02 . 2014-02-25 02:02 -------- d-----w- c:\windows\Migration
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 19:38 . 2013-01-30 13:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 19:38 . 2013-01-30 13:32 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-26 15:31 . 2014-01-26 15:31 17864381 ----a-w- c:\windows\system32\libs.exe
2014-01-25 00:34 . 2014-01-24 23:07 967 ----a-w- c:\windows\ScUnin.pif
2014-01-25 00:34 . 2014-01-24 23:07 94208 ----a-w- c:\windows\ScUnin.exe
2014-01-07 11:06 . 2013-02-01 17:27 137176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2014-01-07 11:06 . 2013-02-01 17:26 268952 ----a-w- c:\windows\system32\PnkBstrB.exe
2014-01-07 11:06 . 2013-02-01 17:26 268952 ----a-w- c:\windows\system32\PnkBstrB.xtr
2014-01-07 11:05 . 2013-02-01 17:26 268952 ----a-w- c:\windows\system32\PnkBstrB.ex0
2014-01-07 11:02 . 2013-02-01 17:26 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2014-01-07 10:51 . 2013-04-21 04:31 22328 ----a-w- c:\users\PC\AppData\Roaming\PnkBstrK.sys
2014-01-07 10:51 . 2014-01-07 10:51 682280 ----a-w- c:\windows\system32\pbsvc.exe
2013-01-30 13:35 . 2013-01-30 13:35 1093632 ----a-w- c:\program files\BESTplayer.exe
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1]
@="{E68D0A50-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2]
@="{E68D0A51-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3]
@="{E68D0A52-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4]
@="{E68D0A53-3C40-4712-B90D-DCFA93FF2534}"
[HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\programdata\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"suchypowiadamiacz"="c:\users\PC\AppData\Roaming\Suchy Powiadamiacz\0.5.5175.39317\SuchyPowiadamiacz.exe" [2014-03-11 1012736]
"Akamai NetSession Interface"="c:\users\PC\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"Steam"="c:\program files\Steam\Steam.exe" [2014-02-25 1821888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-05-28 10988176]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2012-09-25 1163264]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-14 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2013-11-14 955168]
"BlueStacks Agent"="c:\program files\BlueStacks\HD-Agent.exe" [2014-03-06 819984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-03-04 224128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"20131224"="c:\program files\AVAST Software\Avast\setup\emupdate\36570863-989b-49d3-8cb0-d4fd91f53461.exe" [2014-03-25 181136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\EVEREST Home Edition\kerneld.wnt [2005-08-17 7168]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2012-11-26 745368]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-30 1343400]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-04-19 242240]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2013-09-17 41160]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [2014-03-06 113424]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [2014-03-06 385808]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files\BlueStacks\HD-UpdaterService.exe [2014-03-06 770832]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\cmw_srv.exe [2013-09-17 878888]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2013-09-17 556840]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-14 14652704]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-11 414496]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [2012-10-11 34432]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2013-01-31 22656]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-11-14 33568]
S3 RTL8167;Sterownik Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys [2013-06-26 584872]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys [2013-06-26 197800]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys [2013-06-26 24232]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys [2013-06-26 20136]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-09-17 37064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 17:45 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2014-03-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-31 19:38]
.
2014-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-01 00:21]
.
2014-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-01 00:21]
.
.
------- Skan uzupełniający -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &P&obierz &za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ma2yh3os.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\EVEREST Home Edition\kerneld.wnt"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-632434008-909267790-2204689488-1000\Software\SecuROM\License information*]
"datasecu"=hex:23,ce,fb,bd,20,b3,51,46,c3,80,f4,69,23,a6,53,dc,df,de,1e,87,32,
   f6,12,63,2c,7f,db,c7,5e,ff,21,93,c9,ef,a0,5c,fb,4c,82,9d,da,35,87,01,cd,f8,\
"rkeysecu"=hex:87,da,90,0d,aa,c6,05,42,8f,ce,10,fa,1b,49,79,6c
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2014-03-25  17:42:32
ComboFix-quarantined-files.txt  2014-03-25 16:42
ComboFix2.txt  2014-03-24 17:48
ComboFix3.txt  2014-03-24 16:45
.
Przed: 35 318 841 344 bajtów wolnych
Po: 35 339 010 048 bajtów wolnych
.
- - End Of File - - 4E4675B24DFB955273F267363D9BAA5F
A36C5E4F47E84449FF07ED3517B43A31


#13 Wenex

Wenex
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 25 March 2014 - 12:13 PM

 

  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.

 

I don't know. There's no "perform fullscan". I found tab with all scans and it's called Threat Scan. Is this what should I do?


Edited by Wenex, 25 March 2014 - 12:15 PM.


#14 Wenex

Wenex
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 25 March 2014 - 05:22 PM

 

  • Be sure that everything is checked, and click Remove Selected.

 

Without waiting for an answer I did custom scan (checked every disc).

And I can only move threats to the quarantine. No option to remove them. 

 

Waiting for an answer from you. Don't know what should I do with it now.


Edited by Wenex, 25 March 2014 - 05:22 PM.


#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 PM

Posted 26 March 2014 - 04:50 AM

I just noticed that everything has changed with the rollout of the new MBAM version. I´m updating my instruction sets at the moment, please copy them to quarantine.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users