Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD, BOOT drive missing


  • This topic is locked This topic is locked
16 replies to this topic

#1 Chillydog91

Chillydog91

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Moore, Ok
  • Local time:08:31 PM

Posted 11 May 2014 - 06:50 PM

Hello,

Background info:

I was surfing (IE 11?)the web to find a free stream of an nba game, clicked a link and had several screens flash up saying stuff needed to be updated, X'ed out of two, did alt f4 on one. As i was trying to terminate the popups, screen immediately tore apart, BSOD, and the machine rebooted by itself. Upon reboot, no boot drive was found according to the black screen at start up, this occurred several times, we quickly unplugged the ethernet cable and shut the computer down and unplugged the other hard drives in the computer.

With only the dvd drive and the c boot drive plugged in, I restarted the computer and I inserted Windows 7 Ultimate disk and was unable to repair anything but did manage to restore a previous restore point from around September 13, 2013. System will boot but is acting strange and looks like its stripped. Desktop icons are gone, black wall paper and Norton is missing. I have not plugged the other hard drives back in at this time, so I don't know if documents are missing or corrupt at this point.

I did renew Norton in April 2014, so maybe that has something to with it, since the restore point is before the new version of Norton.

At this point, I'm guessing doing the restore was a mistake.

Any help would be greatly appreciated.

Thank you,

Gary

BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 PM

Posted 16 May 2014 - 06:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/534012 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Chillydog91

Chillydog91
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Moore, Ok
  • Local time:08:31 PM

Posted 17 May 2014 - 09:01 AM

I have plugged all hard drives back in and booted into safe mode.

DDS results below

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16686
Run by Gary at 8:45:53 on 2014-05-17
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8167.7274 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Gary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ZvRemote.lnk - C:\Program Files (x86)\ZeeVee\ZvRemote\ZvRemote.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MEDIAB~1.LNK - C:\Program Files (x86)\MediaBrowser\MediaBrowser\MediaBrowserService.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} - file:///D:/win/setup/iaieplay.dll
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://portal.sib.ok.gov/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{50D0B4F5-3B0D-48BF-9F3E-BD0436816892} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{907BA1A5-52AC-422E-87D5-E8DB66A311F5} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{DFAC9994-9405-4653-BE70-D56EDA4BF441} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AiChargerPlus;ASUS Charger Plus Driver;C:\Windows\System32\drivers\AiChargerPlus.sys [2011-11-16 14464]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-8-27 297000]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys [2013-6-17 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys [2013-6-17 1139800]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-2-24 126952]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-2-24 389608]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-13 28832]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-17 26136]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130924.001\BHDrvx64.sys [2013-9-23 1525848]
S1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys [2013-6-17 169048]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130927.002\IDSviA64.sys [2013-9-27 520280]
S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys [2013-6-17 224416]
S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-6-17 433752]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-11-25 203776]
S2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-6-13 922240]
S2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-1 915584]
S2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-11-16 586880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-16 13592]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2011-11-16 133800]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
S2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-6-17 144368]
S2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-12-15 65657]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-13 36000]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2011-3-13 51872]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-1-2 115216]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-13 298656]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-13 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-13 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-13 154272]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-13 280224]
S3 hcw89;hcw89 service;C:\Windows\System32\drivers\hcw89.sys [2011-7-5 1605376]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-11-16 317440]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr7364.sys [2010-2-24 726816]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-16 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-16 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-16 1255736]
.
=============== Created Last 30 ================
.
2014-05-03 23:50:56 -------- d-sh--w- C:\Users\Gary\AppData\Local\EmieUserList
2014-05-03 23:50:56 -------- d-sh--w- C:\Users\Gary\AppData\Local\EmieSiteList
.
==================== Find3M  ====================
.
.
============= FINISH:  8:46:00.23 ===============
 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:31 PM

Posted 18 May 2014 - 08:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#5 Chillydog91

Chillydog91
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Moore, Ok
  • Local time:08:31 PM

Posted 18 May 2014 - 04:13 PM

Hi nasdaq,

 

Thank you for helping me! :clapping:

 

AdwCleaner log:

 

# AdwCleaner v3.209 - Report created 18/05/2014 at 15:31:59
# Updated 18/05/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Gary - HTPC
# Running from : G:\Users\Gary\Desktop\adwcleaner_3.209.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

-\\ Google Chrome v29.0.1547.76

[ File : C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1745 octets] - [18/05/2014 15:14:22]
AdwCleaner[R1].txt - [875 octets] - [18/05/2014 15:29:50]
AdwCleaner[S0].txt - [1671 octets] - [18/05/2014 15:17:17]
AdwCleaner[S1].txt - [797 octets] - [18/05/2014 15:31:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [856 octets] ##########

 

 

FRST Log:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Gary (administrator) on HTPC on 18-05-2014 15:38:14
Running from G:\Users\Gary\Desktop\FARBAR
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Media Browser) C:\Program Files (x86)\MediaBrowser\MediaBrowser\MediaBrowserService.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
() C:\Program Files (x86)\ZeeVee\ZvRemote\ZvRemote.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()
HKLM-x32\...\Run: [ASUS ShellProcess Execute] => C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe [252544 2010-11-25] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [465536 2010-11-08] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-11-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-4177387199-661907778-4047009388-1000\...\Run: [Steam] => "C:\Program Files (x86)\Steam\steam.exe" -silent
HKU\S-1-5-21-4177387199-661907778-4047009388-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4177387199-661907778-4047009388-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4177387199-661907778-4047009388-1000\...\MountPoints2: {a599aadb-10bd-11e1-8447-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Media Browser Service.lnk
ShortcutTarget: Media Browser Service.lnk -> C:\Program Files (x86)\MediaBrowser\MediaBrowser\MediaBrowserService.exe (Media Browser)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.3 PE.lnk
ShortcutTarget: PHOTOfunSTUDIO 8.3 PE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZvRemote.lnk
ShortcutTarget: ZvRemote.lnk -> C:\Program Files (x86)\ZeeVee\ZvRemote\ZvRemote.exe ()
GroupPolicyUsers\S-1-5-21-4177387199-661907778-4047009388-1005\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4177387199-661907778-4047009388-1004\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4177387199-661907778-4047009388-1003\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEE1DCD51D463CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} file:///D:/win/setup/iaieplay.dll
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://portal.sib.ok.gov/dana-cached/sc/JuniperSetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Users\Gary\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn\
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFFPlgn\
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFFPlgn\ []

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll No File
CHR Plugin: (Norton Identity Safe) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Hulu Desktop) - C:\Users\Gary\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Extension: (Google Docs) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-23]
CHR Extension: (Google Drive) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-23]
CHR Extension: (YouTube) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-23]
CHR Extension: (Google Search) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-23]
CHR Extension: (Norton Identity Protection) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-02-23]
CHR Extension: (Google Wallet) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-23]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2013-02-23]

==================== Services (Whitelisted) =================

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [922240 2011-06-13] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-01] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-23] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] ()

==================== Drivers (Whitelisted) ====================

R0 AiChargerPlus; C:\Windows\System32\DRIVERS\AiChargerPlus.sys [14464 2010-11-08] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130924.001\BHDrvx64.sys [1525848 2013-09-23] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-26] (Symantec Corporation)
R3 hcw89; C:\Windows\System32\DRIVERS\hcw89.sys [1605376 2011-07-05] (Hauppauge Computer Works, Inc.)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130927.002\IDSvia64.sys [520280 2013-08-18] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130929.005\ENG64.SYS [126040 2013-08-29] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130929.005\EX64.SYS [2099288 2013-08-29] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-17] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-18 15:38 - 2014-05-18 15:38 - 00000000 ____D () C:\FRST
2014-05-18 15:33 - 2014-05-18 15:33 - 00000000 ___RD () C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-18 15:14 - 2014-05-18 15:32 - 00000000 ____D () C:\AdwCleaner
2014-05-18 15:14 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-03 18:50 - 2014-05-03 18:50 - 00000000 __SHD () C:\Users\Gary\AppData\Local\EmieUserList
2014-05-03 18:50 - 2014-05-03 18:50 - 00000000 __SHD () C:\Users\Gary\AppData\Local\EmieSiteList
2014-04-22 17:43 - 2014-04-22 17:43 - 00000000 ____D () C:\Users\dub_cm_auto

==================== One Month Modified Files and Folders =======

2014-05-18 15:38 - 2014-05-18 15:38 - 00000000 ____D () C:\FRST
2014-05-18 15:38 - 2011-11-16 20:51 - 01653112 _____ () C:\Windows\WindowsUpdate.log
2014-05-18 15:35 - 2009-07-14 00:13 - 00779306 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-18 15:33 - 2014-05-18 15:33 - 00000000 ___RD () C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-18 15:33 - 2013-02-20 17:45 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-18 15:33 - 2011-11-16 22:18 - 00038020 _____ () C:\Windows\PFRO.log
2014-05-18 15:33 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-18 15:33 - 2009-07-13 23:51 - 00118512 _____ () C:\Windows\setupact.log
2014-05-18 15:32 - 2014-05-18 15:14 - 00000000 ____D () C:\AdwCleaner
2014-05-18 15:32 - 2009-07-13 23:45 - 00015008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-18 15:32 - 2009-07-13 23:45 - 00015008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-18 15:30 - 2011-11-19 20:25 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-18 15:28 - 2013-02-20 17:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-18 15:20 - 2013-02-20 17:45 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-18 15:20 - 2013-02-20 17:45 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-11 18:17 - 2012-10-11 17:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-03 22:56 - 2013-06-24 08:17 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-05-03 22:56 - 2012-12-25 22:31 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-05-03 22:56 - 2012-11-17 14:40 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV
2014-05-03 22:56 - 2012-02-23 20:37 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-03 22:56 - 2011-11-22 20:57 - 00000000 ____D () C:\Users\Sarah
2014-05-03 22:56 - 2011-11-21 19:55 - 00000000 ____D () C:\Users\Jennifer
2014-05-03 22:56 - 2011-11-20 22:21 - 00000000 ____D () C:\Users\Zachary
2014-05-03 22:56 - 2011-11-16 22:07 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-05-03 22:56 - 2011-11-16 19:18 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-05-03 22:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-03 22:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-05-03 22:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-03 22:55 - 2014-03-23 13:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-05-03 22:55 - 2014-03-23 13:41 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-05-03 22:55 - 2014-03-23 13:41 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-05-03 22:55 - 2014-03-16 15:35 - 00000000 ____D () C:\ProgramData\Media Center Studio
2014-05-03 22:55 - 2013-10-11 03:49 - 00000000 ____D () C:\Windows\rescache
2014-05-03 22:55 - 2013-03-12 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-05-03 22:55 - 2013-03-12 20:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-03 22:55 - 2013-03-12 20:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-05-03 22:55 - 2013-02-20 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-03 22:55 - 2012-12-25 22:34 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-05-03 22:55 - 2012-11-17 14:40 - 00000000 ____D () C:\Program Files (x86)\MakeMKV
2014-05-03 22:55 - 2012-07-22 19:02 - 00000000 ____D () C:\ProgramData\MediaBrowser
2014-05-03 22:55 - 2011-11-16 22:07 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-05-03 22:55 - 2011-11-16 22:06 - 00000000 ____D () C:\ProgramData\Norton
2014-05-03 22:55 - 2011-11-16 22:06 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-05-03 22:55 - 2011-11-16 19:20 - 00000000 ____D () C:\ProgramData\Atheros
2014-05-03 22:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-05-03 22:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-05-03 22:49 - 2013-02-20 17:45 - 00000000 ____D () C:\Users\Gary\AppData\Local\Google
2014-05-03 22:49 - 2012-04-29 18:23 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\.minecraft
2014-05-03 22:48 - 2011-11-28 13:25 - 00000000 __RHD () C:\MSOCache
2014-05-03 21:06 - 2011-11-16 18:52 - 00000000 ____D () C:\Users\Gary
2014-05-03 18:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-05-03 18:50 - 2014-05-03 18:50 - 00000000 __SHD () C:\Users\Gary\AppData\Local\EmieUserList
2014-05-03 18:50 - 2014-05-03 18:50 - 00000000 __SHD () C:\Users\Gary\AppData\Local\EmieSiteList
2014-04-22 17:43 - 2014-04-22 17:43 - 00000000 ____D () C:\Users\dub_cm_auto
2014-04-18 08:36 - 2013-12-30 14:38 - 00000000 ____D () C:\ProgramData\Oracle

Files to move or delete:
====================
C:\Users\Gary\g2ax_customer_downloadhelper_win32_x86.exe

Some content of TEMP:
====================
C:\Users\Gary\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Gary\AppData\Local\Temp\install_reader10_en_air_gtba_aih.exe
C:\Users\Gary\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Gary\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Gary\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Gary\AppData\Local\Temp\Quarantine.exe
C:\Users\Gary\AppData\Local\Temp\r2wqmwym.dll
C:\Users\Gary\AppData\Local\Temp\_is24AF.exe
C:\Users\Gary\AppData\Local\Temp\_isB1C1.exe
C:\Users\Gary\AppData\Local\Temp\_isC17A.exe
C:\Users\Gary\AppData\Local\Temp\_isD76A.exe
C:\Users\Gary\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_20743.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-11 17:54

==================== End Of Log ============================

 

 

 

I'm booting in normal mode right now and have ran these scans.  I don't think I have any AV or firewall running and I keep getting script errors while accessing the Bleeping Computer web site.  I previously had Norton installed.

 

I'm not sure who User:dub_cm_auto is?

Attached Files



#6 Chillydog91

Chillydog91
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Moore, Ok
  • Local time:08:31 PM

Posted 18 May 2014 - 04:32 PM

nasdaq,

 

I'm also getting a prompt to install updates from windows, claiming I have never updated anything.  I have had the system set to automatically install windows and MS office updates and I remember seeing notifications in the past that updates were installed.  Should I go ahead and install those updates yet? Maybe when I did the restore it lost track of the updates?

 

Regarding Norton AV being turned off - I think I need to reinstall it but not sure.

 

I'm waiting for your directions before doing anything.

 

Thank you.

 

Gary



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:31 PM

Posted 19 May 2014 - 08:56 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
HKLM-x32\...\Run: [] => [X]
GroupPolicyUsers\S-1-5-21-4177387199-661907778-4047009388-1005\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4177387199-661907778-4047009388-1004\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4177387199-661907778-4047009388-1003\User: Group Policy restriction detected <======= ATTENTION
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll No File
CHR Plugin: (Norton Identity Safe) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\npcoplgn.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll No File
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Gary\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Gary\AppData\Local\Temp\install_reader10_en_air_gtba_aih.exe
C:\Users\Gary\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Gary\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Gary\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Gary\AppData\Local\Temp\r2wqmwym.dll
C:\Users\Gary\AppData\Local\Temp\_is24AF.exe
C:\Users\Gary\AppData\Local\Temp\_isB1C1.exe
C:\Users\Gary\AppData\Local\Temp\_isC17A.exe
C:\Users\Gary\AppData\Local\Temp\_isD76A.exe
C:\Users\Gary\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_20743.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Let me know what problem persists.

#8 Chillydog91

Chillydog91
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Moore, Ok
  • Local time:08:31 PM

Posted 19 May 2014 - 05:55 PM

FRST:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014
Ran by Gary at 2014-05-19 17:16:19 Run:1
Running from G:\Users\Gary\Desktop\FARBAR
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] => [X]
GroupPolicyUsers\S-1-5-21-4177387199-661907778-4047009388-1005\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4177387199-661907778-4047009388-1004\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4177387199-661907778-4047009388-1003\User: Group Policy restriction detected <======= ATTENTION
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll No File
CHR Plugin: (Norton Identity Safe) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\npcoplgn.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll No File
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Gary\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Gary\AppData\Local\Temp\install_reader10_en_air_gtba_aih.exe
C:\Users\Gary\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Gary\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Gary\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Gary\AppData\Local\Temp\r2wqmwym.dll
C:\Users\Gary\AppData\Local\Temp\_is24AF.exe
C:\Users\Gary\AppData\Local\Temp\_isB1C1.exe
C:\Users\Gary\AppData\Local\Temp\_isC17A.exe
C:\Users\Gary\AppData\Local\Temp\_isD76A.exe
C:\Users\Gary\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_20743.exe

End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-4177387199-661907778-4047009388-1005\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-4177387199-661907778-4047009388-1004\User => Moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-4177387199-661907778-4047009388-1003\User => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll not found.
C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\npcoplgn.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll not found.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Users\Gary\AppData\Local\Temp\FlashPlayerUpdate.exe => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\install_reader10_en_air_gtba_aih.exe => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\LMkRstPt.exe => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\r2wqmwym.dll => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_is24AF.exe => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_isB1C1.exe => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_isC17A.exe => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\_isD76A.exe => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_20743.exe => Moved successfully.

The system needed a reboot.

==== End of Fixlog ====

 

 

Checkup:

 

 Results of screen317's Security Check version 0.99.83 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Norton Internet Security  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java™ SE Development Kit 6 Update 34
 Java version out of Date!
  Adobe Flash Player 11.8.800.168 Flash Player out of Date! 
 Google Chrome 29.0.1547.76 
 Google Chrome 34.0.1847.137 
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

 

 

My hard drive is an SSD.

 

I'm going to reboot and see how the system is working.  I will post another update shortly.

 

 

 

 



#9 Chillydog91

Chillydog91
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Moore, Ok
  • Local time:08:31 PM

Posted 19 May 2014 - 06:19 PM

The black screen at start up flashes "no boot drive found" and it seems like it runs through the boot process again and windows come up to the login screen.  After entering password, screen flashes purples for a second and then bring up the desktop.

 

Once at the desktop everything seems ok.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:31 PM

Posted 20 May 2014 - 09:21 AM


Lets check the Master Boot Record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

#11 Chillydog91

Chillydog91
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Moore, Ok
  • Local time:08:31 PM

Posted 20 May 2014 - 05:24 PM

TDSS Results:

 

17:05:44.0342 0x16e8 TDSS rootkit removing tool 3.0.0.34 Apr 29 2014 18:20:10

17:05:57.0165 0x16e8 ============================================================

17:05:57.0165 0x16e8 Current date / time: 2014/05/20 17:05:57.0165

17:05:57.0165 0x16e8 SystemInfo:

17:05:57.0165 0x16e8

17:05:57.0165 0x16e8 OS Version: 6.1.7601 ServicePack: 1.0

17:05:57.0165 0x16e8 Product type: Workstation

17:05:57.0165 0x16e8 ComputerName: HTPC

17:05:57.0165 0x16e8 UserName: Gary

17:05:57.0165 0x16e8 Windows directory: C:\Windows

17:05:57.0165 0x16e8 System windows directory: C:\Windows

17:05:57.0165 0x16e8 Running under WOW64

17:05:57.0165 0x16e8 Processor architecture: Intel x64

17:05:57.0165 0x16e8 Number of processors: 4

17:05:57.0165 0x16e8 Page size: 0x1000

17:05:57.0165 0x16e8 Boot type: Normal boot

17:05:57.0165 0x16e8 ============================================================

17:05:57.0212 0x16e8 KLMD registered as C:\Windows\system32\drivers\51776199.sys

17:05:57.0243 0x16e8 System UUID: {0F9FCD8A-6168-5466-FAF0-3A40F5D3EA41}

17:05:57.0477 0x16e8 Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:05:57.0477 0x16e8 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:05:57.0477 0x16e8 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:05:57.0477 0x16e8 Drive \Device\Harddisk3\DR3 - Size: 0x2BAA1476000 (2794.52 Gb), SectorSize: 0x200, Cylinders: 0x59101, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:05:57.0773 0x16e8 ============================================================

17:05:57.0773 0x16e8 \Device\Harddisk0\DR0:

17:05:57.0773 0x16e8 MBR partitions:

17:05:57.0773 0x16e8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

17:05:57.0773 0x16e8 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x770D800

17:05:57.0773 0x16e8 \Device\Harddisk1\DR1:

17:05:57.0773 0x16e8 MBR partitions:

17:05:57.0773 0x16e8 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800

17:05:57.0773 0x16e8 \Device\Harddisk2\DR2:

17:05:57.0773 0x16e8 MBR partitions:

17:05:57.0773 0x16e8 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800

17:05:57.0773 0x16e8 \Device\Harddisk3\DR3:

17:05:57.0773 0x16e8 GPT partitions:

17:05:57.0773 0x16e8 \Device\Harddisk3\DR3\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {8B11D23B-089A-4A4F-9A67-AA8765A73923}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000

17:05:57.0773 0x16e8 \Device\Harddisk3\DR3\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {95A14E5C-52E8-48E6-BF10-A581862933B2}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x5D4C9800

17:05:57.0773 0x16e8 MBR partitions:

17:05:57.0773 0x16e8 ============================================================

17:05:57.0773 0x16e8 C: <-> \Device\Harddisk0\DR0\Partition2

17:05:57.0789 0x16e8 F: <-> \Device\Harddisk1\DR1\Partition1

17:05:57.0805 0x16e8 G: <-> \Device\Harddisk2\DR2\Partition1

17:05:57.0836 0x16e8 H: <-> \Device\Harddisk3\DR3\Partition2

17:05:57.0836 0x16e8 ============================================================

17:05:57.0836 0x16e8 Initialize success

17:05:57.0836 0x16e8 ============================================================

17:06:14.0933 0x12c0 ============================================================

17:06:14.0933 0x12c0 Scan started

17:06:14.0933 0x12c0 Mode: Manual;

17:06:14.0933 0x12c0 ============================================================

17:06:14.0933 0x12c0 KSN ping started

17:06:28.0880 0x12c0 KSN ping finished: true

17:06:28.0942 0x12c0 ================ Scan system memory ========================

17:06:28.0942 0x12c0 System memory - ok

17:06:28.0942 0x12c0 ================ Scan services =============================

17:06:28.0973 0x12c0 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

17:06:28.0973 0x12c0 1394ohci - ok

17:06:28.0989 0x12c0 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys

17:06:28.0989 0x12c0 ACPI - ok

17:06:28.0989 0x12c0 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

17:06:29.0005 0x12c0 AcpiPmi - ok

17:06:29.0005 0x12c0 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

17:06:29.0005 0x12c0 AdobeARMservice - ok

17:06:29.0020 0x12c0 [ 24A0876D07EF356DCBC1D7A7929354AB, 765653E856EC5841DB851363E7C7CFC332D3605789ECD0998762F60ADD56A0D8 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

17:06:29.0036 0x12c0 AdobeFlashPlayerUpdateSvc - ok

17:06:29.0036 0x12c0 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

17:06:29.0051 0x12c0 adp94xx - ok

17:06:29.0051 0x12c0 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

17:06:29.0067 0x12c0 adpahci - ok

17:06:29.0067 0x12c0 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

17:06:29.0067 0x12c0 adpu320 - ok

17:06:29.0083 0x12c0 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

17:06:29.0083 0x12c0 AeLookupSvc - ok

17:06:29.0083 0x12c0 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys

17:06:29.0098 0x12c0 AFD - ok

17:06:29.0098 0x12c0 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys

17:06:29.0098 0x12c0 agp440 - ok

17:06:29.0098 0x12c0 [ 8B6625D53C18774F0102F690E285B5E8, C088C5A6584E95B52CB28D5D31A70A684C01C85248DF1AC39F14EDFE0DB54432 ] AiChargerPlus C:\Windows\system32\DRIVERS\AiChargerPlus.sys

17:06:29.0098 0x12c0 AiChargerPlus - ok

17:06:29.0114 0x12c0 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe

17:06:29.0114 0x12c0 ALG - ok

17:06:29.0114 0x12c0 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys

17:06:29.0114 0x12c0 aliide - ok

17:06:29.0114 0x12c0 [ A359974EAAC83A435497C52F62A2E590, 7A7AFFE1CCE8732C478AE3EA630AA46C94DE0DBFE19EE63E3FB99B0D3338F038 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

17:06:29.0114 0x12c0 AMD External Events Utility - ok

17:06:29.0129 0x12c0 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys

17:06:29.0129 0x12c0 amdide - ok

17:06:29.0129 0x12c0 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

17:06:29.0129 0x12c0 AmdK8 - ok

17:06:29.0301 0x12c0 [ 60216B0E704584DE6D5A9F59E9C34C47, CC3E9F09FB28E50FDFCC5E6A996E28CB4E721DDDD50E23710DC74C5B0F7CE3E3 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

17:06:29.0441 0x12c0 amdkmdag - ok

17:06:29.0457 0x12c0 [ 6B4E9261B613B047A9A145F328889968, E5C6611E88381A9D40AD1CE80BFDDBDA733F4A8D3602AAE25A155D2C39B3B7FD ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

17:06:29.0457 0x12c0 amdkmdap - ok

17:06:29.0473 0x12c0 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

17:06:29.0473 0x12c0 AmdPPM - ok

17:06:29.0473 0x12c0 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys

17:06:29.0473 0x12c0 amdsata - ok

17:06:29.0473 0x12c0 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

17:06:29.0488 0x12c0 amdsbs - ok

17:06:29.0488 0x12c0 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys

17:06:29.0488 0x12c0 amdxata - ok

17:06:29.0488 0x12c0 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys

17:06:29.0488 0x12c0 AppID - ok

17:06:29.0488 0x12c0 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll

17:06:29.0488 0x12c0 AppIDSvc - ok

17:06:29.0488 0x12c0 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll

17:06:29.0504 0x12c0 Appinfo - ok

17:06:29.0504 0x12c0 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll

17:06:29.0504 0x12c0 AppMgmt - ok

17:06:29.0504 0x12c0 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys

17:06:29.0519 0x12c0 arc - ok

17:06:29.0519 0x12c0 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

17:06:29.0519 0x12c0 arcsas - ok

17:06:29.0535 0x12c0 [ 6E3F4538B33BC19259E99BE1826286A3, 90B85FB8CD90451F4B09082EDEC835652A46030CC33C587F502C27342FEE7454 ] asComSvc C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe

17:06:29.0551 0x12c0 asComSvc - ok

17:06:29.0566 0x12c0 [ A63173897EA1A73A75D0E65036DE5B15, 07A83172B525DFC895056612F542420F4DF3C6192624C5B3141C726501163912 ] asHmComSvc C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe

17:06:29.0582 0x12c0 asHmComSvc - ok

17:06:29.0582 0x12c0 [ FEF9DD9EA587F8886ADE43C1BEFBDAFE, DDE6F28B3F7F2ABBEE59D4864435108791631E9CB4CDFB1F178E5AA9859956D8 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys

17:06:29.0582 0x12c0 AsIO - ok

17:06:29.0597 0x12c0 [ 954950D11ADA98AC1B7EE3C770E4622C, D6D4700D7359AB84FB362305FBF2389B4EF51B4190EC2E0D4C7FEF80A06A0D0B ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys

17:06:29.0597 0x12c0 asmthub3 - ok

17:06:29.0597 0x12c0 [ 01DBB05DB1DB95803E3C9F2B49AFE79C, 286310787F7EB7B237CB0082567BDA2F57D8F88C37015F6637FF6A6775CAA5AE ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys

17:06:29.0613 0x12c0 asmtxhci - ok

17:06:29.0613 0x12c0 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

17:06:29.0629 0x12c0 aspnet_state - ok

17:06:29.0629 0x12c0 [ 5C31DFB196CB3A488A041881634D86D2, 419ABEED7FB7CEBBA264802D2F727D18F999CEDA566A0830C38A69AC1680F3EA ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

17:06:29.0644 0x12c0 AsSysCtrlService - ok

17:06:29.0644 0x12c0 [ 1392B92179B07B672720763D9B1028A5, B4D47EA790920A4531E3DF5A4B4B0721B7FEA6B49A35679F0652F1E590422602 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys

17:06:29.0644 0x12c0 AsUpIO - ok

17:06:29.0644 0x12c0 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

17:06:29.0644 0x12c0 AsyncMac - ok

17:06:29.0660 0x12c0 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys

17:06:29.0660 0x12c0 atapi - ok

17:06:29.0660 0x12c0 [ CBE61B4494165F458BD87E37181EE934, E95654DCC0F977A3604B6BE435BEE109AC8F9F7494FD3A132F5FB477BBF7B105 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys

17:06:29.0660 0x12c0 AthBTPort - ok

17:06:29.0660 0x12c0 [ 4119870B90E1B5E7797D6433D21F9216, 5CDA3748A6C89B1046173F20D857D164F4170A5028370B5BB9843212CEA86C8F ] ATHDFU C:\Windows\system32\Drivers\AthDfu.sys

17:06:29.0660 0x12c0 ATHDFU - ok

17:06:29.0660 0x12c0 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47, 172240231981162F67DD2CF13C6D8C807EFFCE9C24B476F2942BC3E1F41C1A71 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys

17:06:29.0675 0x12c0 AtiHDAudioService - ok

17:06:29.0675 0x12c0 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

17:06:29.0691 0x12c0 AudioEndpointBuilder - ok

17:06:29.0707 0x12c0 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll

17:06:29.0707 0x12c0 AudioSrv - ok

17:06:29.0722 0x12c0 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll

17:06:29.0722 0x12c0 AxInstSV - ok

17:06:29.0738 0x12c0 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

17:06:29.0738 0x12c0 b06bdrv - ok

17:06:29.0753 0x12c0 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

17:06:29.0753 0x12c0 b57nd60a - ok

17:06:29.0753 0x12c0 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll

17:06:29.0753 0x12c0 BDESVC - ok

17:06:29.0753 0x12c0 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys

17:06:29.0753 0x12c0 Beep - ok

17:06:29.0769 0x12c0 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll

17:06:29.0785 0x12c0 BFE - ok

17:06:29.0816 0x12c0 [ 4AD1940DAAAC84036B65EF78BAE42208, C17B159554A4CC11B432AB00819972836529A0EFE48B8B6E5ADE7CF7FDD1A148 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130924.001\BHDrvx64.sys

17:06:29.0831 0x12c0 BHDrvx64 - ok

17:06:29.0847 0x12c0 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll

17:06:29.0863 0x12c0 BITS - ok

17:06:29.0878 0x12c0 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

17:06:29.0878 0x12c0 blbdrive - ok

17:06:29.0878 0x12c0 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

17:06:29.0878 0x12c0 bowser - ok

17:06:29.0878 0x12c0 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

17:06:29.0878 0x12c0 BrFiltLo - ok

17:06:29.0878 0x12c0 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

17:06:29.0878 0x12c0 BrFiltUp - ok

17:06:29.0894 0x12c0 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll

17:06:29.0894 0x12c0 Browser - ok

17:06:29.0894 0x12c0 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys

17:06:29.0909 0x12c0 Brserid - ok

17:06:29.0909 0x12c0 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

17:06:29.0909 0x12c0 BrSerWdm - ok

17:06:29.0909 0x12c0 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

17:06:29.0909 0x12c0 BrUsbMdm - ok

17:06:29.0909 0x12c0 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

17:06:29.0909 0x12c0 BrUsbSer - ok

17:06:29.0925 0x12c0 [ FE70889A85C57A9268101B2DB0474509, 9E957390A52BE4E5642724FEC06A201682F93DD1C6F2C00A5F57351460CF5AE0 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys

17:06:29.0925 0x12c0 BTATH_A2DP - ok

17:06:29.0925 0x12c0 [ A83A91D07D1FE6BBE7A9DB46CA00434B, 9EF851047189E13954C0F6A325E4843914C423C0D1EDAE21A34AB3A962BBD5AC ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys

17:06:29.0925 0x12c0 BTATH_BUS - ok

17:06:29.0941 0x12c0 [ C864FF85EE16D61C2BDD5EF76824625F, 6D2FE57688D9E8B4277BF6DA9C219DEB367274364FBE17EFC353CEDB2D7EA35D ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys

17:06:29.0941 0x12c0 BTATH_HCRP - ok

17:06:29.0941 0x12c0 [ 0DEA505EFB5D771826D177EF8B8A208F, FD8027DA791F04077490749AC5A08F73CCBA1731462579AA9008CD8DD82FBBBC ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys

17:06:29.0941 0x12c0 BTATH_LWFLT - ok

17:06:29.0941 0x12c0 [ 724C8088C96EFE7A3E63FEC21D4681C0, 4F9B258BE0FEA634A0D93B3892F2F039A7CAD184C9A81DFC2B67B0D4B39C5035 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys

17:06:29.0941 0x12c0 BTATH_RCP - ok

17:06:29.0956 0x12c0 [ AA0F5AFCF077C5246589B32ECEEAE566, 158C44C53B054890574B32F7D10E507902CCFB006323A850A2E6F78B2565E518 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys

17:06:29.0956 0x12c0 BtFilter - ok

17:06:29.0956 0x12c0 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

17:06:29.0956 0x12c0 BthEnum - ok

17:06:29.0972 0x12c0 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

17:06:29.0972 0x12c0 BTHMODEM - ok

17:06:29.0972 0x12c0 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

17:06:29.0972 0x12c0 BthPan - ok

17:06:29.0987 0x12c0 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys

17:06:30.0003 0x12c0 BTHPORT - ok

17:06:30.0003 0x12c0 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll

17:06:30.0003 0x12c0 bthserv - ok

17:06:30.0003 0x12c0 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys

17:06:30.0003 0x12c0 BTHUSB - ok

17:06:30.0019 0x12c0 [ 56685951208AC81CF923B9B08BEDF3B7, F5FF438B9A54AD8D54E82DE60E1771C9685A95D5E590D69EB1E4E78D3B9B7769 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys

17:06:30.0019 0x12c0 ccSet_NIS - ok

17:06:30.0019 0x12c0 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

17:06:30.0019 0x12c0 cdfs - ok

17:06:30.0019 0x12c0 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

17:06:30.0034 0x12c0 cdrom - ok

17:06:30.0034 0x12c0 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll

17:06:30.0034 0x12c0 CertPropSvc - ok

17:06:30.0034 0x12c0 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys

17:06:30.0034 0x12c0 circlass - ok

17:06:30.0050 0x12c0 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys

17:06:30.0050 0x12c0 CLFS - ok

17:06:30.0050 0x12c0 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:06:30.0065 0x12c0 clr_optimization_v2.0.50727_32 - ok

17:06:30.0065 0x12c0 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

17:06:30.0065 0x12c0 clr_optimization_v2.0.50727_64 - ok

17:06:30.0081 0x12c0 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

17:06:30.0081 0x12c0 clr_optimization_v4.0.30319_32 - ok

17:06:30.0097 0x12c0 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

17:06:30.0112 0x12c0 clr_optimization_v4.0.30319_64 - ok

17:06:30.0112 0x12c0 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

17:06:30.0112 0x12c0 CmBatt - ok

17:06:30.0112 0x12c0 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys

17:06:30.0112 0x12c0 cmdide - ok

17:06:30.0128 0x12c0 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys

17:06:30.0128 0x12c0 CNG - ok

17:06:30.0128 0x12c0 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

17:06:30.0128 0x12c0 Compbatt - ok

17:06:30.0143 0x12c0 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

17:06:30.0143 0x12c0 CompositeBus - ok

17:06:30.0143 0x12c0 COMSysApp - ok

17:06:30.0143 0x12c0 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

17:06:30.0143 0x12c0 crcdisk - ok

17:06:30.0143 0x12c0 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll

17:06:30.0159 0x12c0 CryptSvc - ok

17:06:30.0159 0x12c0 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys

17:06:30.0175 0x12c0 CSC - ok

17:06:30.0190 0x12c0 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll

17:06:30.0190 0x12c0 CscService - ok

17:06:30.0206 0x12c0 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll

17:06:30.0221 0x12c0 DcomLaunch - ok

17:06:30.0221 0x12c0 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll

17:06:30.0237 0x12c0 defragsvc - ok

17:06:30.0237 0x12c0 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys

17:06:30.0237 0x12c0 DfsC - ok

17:06:30.0237 0x12c0 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll

17:06:30.0253 0x12c0 Dhcp - ok

17:06:30.0253 0x12c0 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys

17:06:30.0253 0x12c0 discache - ok

17:06:30.0253 0x12c0 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys

17:06:30.0253 0x12c0 Disk - ok

17:06:30.0268 0x12c0 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll

17:06:30.0268 0x12c0 Dnscache - ok

17:06:30.0268 0x12c0 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll

17:06:30.0284 0x12c0 dot3svc - ok

17:06:30.0284 0x12c0 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll

17:06:30.0284 0x12c0 DPS - ok

17:06:30.0284 0x12c0 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

17:06:30.0284 0x12c0 drmkaud - ok

17:06:30.0315 0x12c0 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

17:06:30.0315 0x12c0 DXGKrnl - ok

17:06:30.0331 0x12c0 [ 6BAFD9819D9FEC2EDBAEBC8493C711A4, 689A30C9F881D8C49F90A6C75DA816055B43B84776E815C1DE80B3933ADBB174 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys

17:06:30.0331 0x12c0 e1cexpress - ok

17:06:30.0331 0x12c0 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll

17:06:30.0346 0x12c0 EapHost - ok

17:06:30.0393 0x12c0 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

17:06:30.0440 0x12c0 ebdrv - ok

17:06:30.0455 0x12c0 [ A2DA3D8E0B336E13F7A155B5789B58CF, D492E24807857547F62E69B8F2935ABC48113C28832B1155AB3186D04A63DEF1 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

17:06:30.0471 0x12c0 eeCtrl - ok

17:06:30.0471 0x12c0 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe

17:06:30.0471 0x12c0 EFS - ok

17:06:30.0487 0x12c0 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

17:06:30.0502 0x12c0 ehRecvr - ok

17:06:30.0502 0x12c0 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe

17:06:30.0502 0x12c0 ehSched - ok

17:06:30.0518 0x12c0 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

17:06:30.0518 0x12c0 elxstor - ok

17:06:30.0518 0x12c0 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys

17:06:30.0518 0x12c0 ErrDev - ok

17:06:30.0533 0x12c0 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll

17:06:30.0549 0x12c0 EventSystem - ok

17:06:30.0549 0x12c0 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys

17:06:30.0549 0x12c0 exfat - ok

17:06:30.0565 0x12c0 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys

17:06:30.0565 0x12c0 fastfat - ok

17:06:30.0580 0x12c0 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe

17:06:30.0580 0x12c0 Fax - ok

17:06:30.0596 0x12c0 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys

17:06:30.0596 0x12c0 fdc - ok

17:06:30.0596 0x12c0 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll

17:06:30.0596 0x12c0 fdPHost - ok

17:06:30.0596 0x12c0 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll

17:06:30.0596 0x12c0 FDResPub - ok

17:06:30.0596 0x12c0 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

17:06:30.0596 0x12c0 FileInfo - ok

17:06:30.0611 0x12c0 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

17:06:30.0611 0x12c0 Filetrace - ok

17:06:30.0611 0x12c0 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

17:06:30.0611 0x12c0 flpydisk - ok

17:06:30.0611 0x12c0 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

17:06:30.0627 0x12c0 FltMgr - ok

17:06:30.0643 0x12c0 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll

17:06:30.0658 0x12c0 FontCache - ok

17:06:30.0658 0x12c0 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

17:06:30.0658 0x12c0 FontCache3.0.0.0 - ok

17:06:30.0674 0x12c0 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

17:06:30.0674 0x12c0 FsDepends - ok

17:06:30.0674 0x12c0 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

17:06:30.0674 0x12c0 Fs_Rec - ok

17:06:30.0674 0x12c0 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

17:06:30.0689 0x12c0 fvevol - ok

17:06:30.0689 0x12c0 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

17:06:30.0689 0x12c0 gagp30kx - ok

17:06:30.0705 0x12c0 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll

17:06:30.0721 0x12c0 gpsvc - ok

17:06:30.0721 0x12c0 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

17:06:30.0721 0x12c0 gupdate - ok

17:06:30.0721 0x12c0 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

17:06:30.0736 0x12c0 gupdatem - ok

17:06:30.0736 0x12c0 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

17:06:30.0736 0x12c0 gusvc - ok

17:06:30.0736 0x12c0 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

17:06:30.0736 0x12c0 hcw85cir - ok

17:06:30.0767 0x12c0 [ 927D1055C42E844A2B854F32996F3913, 42FE785BDF8C75A89F2995061F4CB0C52D30457FB9531BD1293DD869D70C04BB ] hcw89 C:\Windows\system32\DRIVERS\hcw89.sys

17:06:30.0799 0x12c0 hcw89 - ok

17:06:30.0799 0x12c0 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

17:06:30.0814 0x12c0 HdAudAddService - ok

17:06:30.0814 0x12c0 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

17:06:30.0814 0x12c0 HDAudBus - ok

17:06:30.0814 0x12c0 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

17:06:30.0830 0x12c0 HidBatt - ok

17:06:30.0830 0x12c0 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

17:06:30.0830 0x12c0 HidBth - ok

17:06:30.0830 0x12c0 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

17:06:30.0830 0x12c0 HidIr - ok

17:06:30.0845 0x12c0 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll

17:06:30.0845 0x12c0 hidserv - ok

17:06:30.0845 0x12c0 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys

17:06:30.0845 0x12c0 HidUsb - ok

17:06:30.0845 0x12c0 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll

17:06:30.0845 0x12c0 hkmsvc - ok

17:06:30.0861 0x12c0 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

17:06:30.0861 0x12c0 HomeGroupListener - ok

17:06:30.0861 0x12c0 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

17:06:30.0877 0x12c0 HomeGroupProvider - ok

17:06:30.0877 0x12c0 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

17:06:30.0877 0x12c0 HpSAMD - ok

17:06:30.0892 0x12c0 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys

17:06:30.0908 0x12c0 HTTP - ok

17:06:30.0908 0x12c0 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

17:06:30.0908 0x12c0 hwpolicy - ok

17:06:30.0908 0x12c0 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

17:06:30.0908 0x12c0 i8042prt - ok

17:06:30.0923 0x12c0 [ 2FDAEC4B02729C48C0FD1B0B4695995B, 87331D91FA3A23257B9913067B7B16D08710408070795B638058DBF728BBB288 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

17:06:30.0923 0x12c0 iaStor - ok

17:06:30.0939 0x12c0 [ D41861E56E7552C13674D7F147A02464, A361AE723FEEFD8D34D259F667ED14EEEC3B8ED6458522AC5D50C08E281B298B ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

17:06:30.0939 0x12c0 IAStorDataMgrSvc - ok

17:06:30.0939 0x12c0 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

17:06:30.0955 0x12c0 iaStorV - ok

17:06:30.0955 0x12c0 [ C1010ADD3DDAE1196ED21057AF7B2AAE, 68196851855AD395008D7F29FCEB28BA4BEB1F062B1844A60813E7DD102ACB1C ] ICCWDT C:\Windows\system32\DRIVERS\ICCWDT.sys

17:06:30.0955 0x12c0 ICCWDT - ok

17:06:30.0955 0x12c0 [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

17:06:30.0955 0x12c0 IDriverT - ok

17:06:30.0986 0x12c0 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

17:06:30.0986 0x12c0 idsvc - ok

17:06:31.0001 0x12c0 [ A1258065E8B16E23E2AFDE72FB5559BC, 22819A822035C4378E5DD40E7829BBC54973BB49734B7E021EF7C7A5F0A5A55A ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130927.002\IDSvia64.sys

17:06:31.0017 0x12c0 IDSVia64 - ok

17:06:31.0220 0x12c0 [ 0D1B8C64BDF0E5CDC523A1409FFB5EF0, 92F264325C3B1F70E0ACDBC886F7DC4C32371759EA94CE359B0FABD89573DCA4 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

17:06:31.0423 0x12c0 igfx - ok

17:06:31.0423 0x12c0 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

17:06:31.0423 0x12c0 iirsp - ok

17:06:31.0454 0x12c0 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll

17:06:31.0454 0x12c0 IKEEXT - ok

17:06:31.0501 0x12c0 [ 589B94A9B73A0E819FF873743A480834, 49FA8EC38F1C78F38F818CC28F2734802739247F0B89A971D65FDAF3110041A8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

17:06:31.0532 0x12c0 IntcAzAudAddService - ok

17:06:31.0547 0x12c0 [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

17:06:31.0547 0x12c0 IntcDAud - ok

17:06:31.0563 0x12c0 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys

17:06:31.0563 0x12c0 intelide - ok

17:06:31.0563 0x12c0 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

17:06:31.0563 0x12c0 intelppm - ok

17:06:31.0563 0x12c0 [ 068EC06F3B6DD7B81B365D8FD2CE27E6, EDAD8F5B3F929C7C6200F38B862B2A03F310ADB55A04007DB6FF5F4F698547A4 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe

17:06:31.0563 0x12c0 Intel® PROSet Monitoring Service - ok

17:06:31.0579 0x12c0 [ D9DA7B3117BF5EFF921C0CDED4D58050, D51A2AFC0E310C5A0EE1540A9E6353F5F7C9E76711187FAD91EEB0B3254EE935 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

17:06:31.0579 0x12c0 IntuitUpdateServiceV4 - ok

17:06:31.0579 0x12c0 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll

17:06:31.0579 0x12c0 IPBusEnum - ok

17:06:31.0579 0x12c0 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:06:31.0579 0x12c0 IpFilterDriver - ok

17:06:31.0594 0x12c0 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

17:06:31.0610 0x12c0 iphlpsvc - ok

17:06:31.0610 0x12c0 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

17:06:31.0610 0x12c0 IPMIDRV - ok

17:06:31.0610 0x12c0 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys

17:06:31.0625 0x12c0 IPNAT - ok

17:06:31.0625 0x12c0 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys

17:06:31.0625 0x12c0 IRENUM - ok

17:06:31.0625 0x12c0 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys

17:06:31.0625 0x12c0 isapnp - ok

17:06:31.0625 0x12c0 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

17:06:31.0641 0x12c0 iScsiPrt - ok

17:06:31.0641 0x12c0 [ A577F5DB30F70ECA9708C07C2EACBD9D, F301D6779BE81F3778417EAAE6D950BF95822EC6426FF3F516D383ADE08DF8CA ] JRAID C:\Windows\system32\DRIVERS\jraid.sys

17:06:31.0641 0x12c0 JRAID - ok

17:06:31.0641 0x12c0 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

17:06:31.0641 0x12c0 kbdclass - ok

17:06:31.0657 0x12c0 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

17:06:31.0657 0x12c0 kbdhid - ok

17:06:31.0657 0x12c0 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe

17:06:31.0657 0x12c0 KeyIso - ok

17:06:31.0657 0x12c0 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

17:06:31.0657 0x12c0 KSecDD - ok

17:06:31.0657 0x12c0 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

17:06:31.0672 0x12c0 KSecPkg - ok

17:06:31.0672 0x12c0 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

17:06:31.0672 0x12c0 ksthunk - ok

17:06:31.0672 0x12c0 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll

17:06:31.0688 0x12c0 KtmRm - ok

17:06:31.0688 0x12c0 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll

17:06:31.0688 0x12c0 LanmanServer - ok

17:06:31.0703 0x12c0 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

17:06:31.0703 0x12c0 LanmanWorkstation - ok

17:06:31.0719 0x12c0 [ 7772DFAB22611050B79504E671B06E6E, 331FE235EDBCF48EE96A5A9D5D0560457CD85FA3FD7BEACD3700055F815D9F13 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

17:06:31.0719 0x12c0 LBTServ - ok

17:06:31.0719 0x12c0 [ ED7EC050CD6C20E1A93A4DAFB7EFD14D, 9B3B9FA23788680D13E3DC2EEA2F127591A368578AEAB70F03AC379BA7379184 ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys

17:06:31.0719 0x12c0 LEqdUsb - ok

17:06:31.0719 0x12c0 [ 3267BC698E29474A8381E68904EB0390, A653ED6364D4B7E02FB7087D364E33D029B15A92E0FAAB176877DE5F93B36B65 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys

17:06:31.0735 0x12c0 LHidEqd - ok

17:06:31.0735 0x12c0 [ 241F2648ADF090E2A10095BD6D6F5DCB, D31F50F7A70A62E3CA45071F75C56FFA21464BFAF4CA4A3AD2482D7477D78D4E ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys

17:06:31.0735 0x12c0 LHidFilt - ok

17:06:31.0735 0x12c0 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

17:06:31.0735 0x12c0 lltdio - ok

17:06:31.0750 0x12c0 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll

17:06:31.0750 0x12c0 lltdsvc - ok

17:06:31.0750 0x12c0 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll

17:06:31.0750 0x12c0 lmhosts - ok

17:06:31.0750 0x12c0 [ 342ED5A4B3326014438F36D22D803737, 45488402BD919D84729A19E618B3595D615EB1F73FB9BC77675A21E7DB80AB6C ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys

17:06:31.0750 0x12c0 LMouFilt - ok

17:06:31.0766 0x12c0 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

17:06:31.0766 0x12c0 LSI_FC - ok

17:06:31.0766 0x12c0 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

17:06:31.0766 0x12c0 LSI_SAS - ok

17:06:31.0766 0x12c0 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

17:06:31.0781 0x12c0 LSI_SAS2 - ok

17:06:31.0781 0x12c0 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

17:06:31.0781 0x12c0 LSI_SCSI - ok

17:06:31.0781 0x12c0 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys

17:06:31.0781 0x12c0 luafv - ok

17:06:31.0781 0x12c0 [ 29C733E1DE824670DC9315CFC9BDBCD3, 8CFC987FEB174D91E415DEC89437D31D7AA5F6B7685641372EF26790E1444610 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys

17:06:31.0797 0x12c0 LUsbFilt - ok

17:06:31.0797 0x12c0 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

17:06:31.0797 0x12c0 Mcx2Svc - ok

17:06:31.0797 0x12c0 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

17:06:31.0797 0x12c0 megasas - ok

17:06:31.0813 0x12c0 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

17:06:31.0813 0x12c0 MegaSR - ok

17:06:31.0813 0x12c0 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

17:06:31.0813 0x12c0 MEIx64 - ok

17:06:31.0813 0x12c0 Microsoft SharePoint Workspace Audit Service - ok

17:06:31.0828 0x12c0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll

17:06:31.0828 0x12c0 MMCSS - ok

17:06:31.0828 0x12c0 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys

17:06:31.0828 0x12c0 Modem - ok

17:06:31.0828 0x12c0 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

17:06:31.0828 0x12c0 monitor - ok

17:06:31.0828 0x12c0 [ 785B2CBA23D374649D98715C3EE17B2A, 0FA187E0B83E1E968D315B32F65D157CC18D4CFB7B532A5413EA7BE317613D28 ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys

17:06:31.0828 0x12c0 motmodem - ok

17:06:31.0844 0x12c0 [ AC9D6E3629E4388A9EA9B4172493AAEE, 1AD5CBC2D34ADA8DEFB92D57F8306C46339EA0C131FAF626AB70FC12AA85721E ] Motorola Device Manager C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

17:06:31.0844 0x12c0 Motorola Device Manager - ok

17:06:31.0844 0x12c0 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

17:06:31.0844 0x12c0 mouclass - ok

17:06:31.0844 0x12c0 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

17:06:31.0844 0x12c0 mouhid - ok

17:06:31.0859 0x12c0 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

17:06:31.0859 0x12c0 mountmgr - ok

17:06:31.0859 0x12c0 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys

17:06:31.0859 0x12c0 mpio - ok

17:06:31.0859 0x12c0 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

17:06:31.0859 0x12c0 mpsdrv - ok

17:06:31.0875 0x12c0 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll

17:06:31.0891 0x12c0 MpsSvc - ok

17:06:31.0906 0x12c0 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

17:06:31.0906 0x12c0 MRxDAV - ok

17:06:31.0906 0x12c0 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

17:06:31.0906 0x12c0 mrxsmb - ok

17:06:31.0922 0x12c0 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:06:31.0922 0x12c0 mrxsmb10 - ok

17:06:31.0922 0x12c0 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:06:31.0937 0x12c0 mrxsmb20 - ok

17:06:31.0937 0x12c0 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys

17:06:31.0937 0x12c0 msahci - ok

17:06:31.0937 0x12c0 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys

17:06:31.0937 0x12c0 msdsm - ok

17:06:31.0953 0x12c0 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe

17:06:31.0953 0x12c0 MSDTC - ok

17:06:31.0953 0x12c0 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys

17:06:31.0953 0x12c0 Msfs - ok

17:06:31.0953 0x12c0 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

17:06:31.0953 0x12c0 mshidkmdf - ok

17:06:31.0953 0x12c0 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

17:06:31.0969 0x12c0 msisadrv - ok

17:06:31.0969 0x12c0 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

17:06:31.0969 0x12c0 MSiSCSI - ok

17:06:31.0969 0x12c0 msiserver - ok

17:06:31.0969 0x12c0 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

17:06:31.0969 0x12c0 MSKSSRV - ok

17:06:31.0969 0x12c0 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

17:06:31.0984 0x12c0 MSPCLOCK - ok

17:06:31.0984 0x12c0 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

17:06:31.0984 0x12c0 MSPQM - ok

17:06:31.0984 0x12c0 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

17:06:32.0000 0x12c0 MsRPC - ok

17:06:32.0000 0x12c0 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

17:06:32.0000 0x12c0 mssmbios - ok

17:06:32.0000 0x12c0 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

17:06:32.0000 0x12c0 MSTEE - ok

17:06:32.0000 0x12c0 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

17:06:32.0000 0x12c0 MTConfig - ok

17:06:32.0000 0x12c0 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys

17:06:32.0000 0x12c0 Mup - ok

17:06:32.0015 0x12c0 [ 34D08C9C64F657D194961E96C47E9C69, FB56083CDF23E1601EC7EC5A74ADFFF1BE304BF4F4B485DE2E9609C5C14FACC4 ] mv91xx C:\Windows\system32\DRIVERS\mv91xx.sys

17:06:32.0015 0x12c0 mv91xx - ok

17:06:32.0031 0x12c0 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll

17:06:32.0031 0x12c0 napagent - ok

17:06:32.0047 0x12c0 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

17:06:32.0047 0x12c0 NativeWifiP - ok

17:06:32.0047 0x12c0 [ 702E07EC32F96ACDB873E9A5465D4401, 2C6B1C8BA0BF4791AEA064062DCA3678AE4443DF19DB37D6CB55BA6297D8A238 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130929.005\ENG64.SYS

17:06:32.0062 0x12c0 NAVENG - ok

17:06:32.0093 0x12c0 [ 302EA314A1AF0D7CEF0A3D0195F79561, 046DBC2D9D028F2D2E8BAE745CA2ADEF42741689BFF743A13B81EA4228DDCDC6 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130929.005\EX64.SYS

17:06:32.0125 0x12c0 NAVEX15 - ok

17:06:32.0140 0x12c0 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys

17:06:32.0156 0x12c0 NDIS - ok

17:06:32.0156 0x12c0 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

17:06:32.0171 0x12c0 NdisCap - ok

17:06:32.0171 0x12c0 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

17:06:32.0171 0x12c0 NdisTapi - ok

17:06:32.0171 0x12c0 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

17:06:32.0171 0x12c0 Ndisuio - ok

17:06:32.0171 0x12c0 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

17:06:32.0171 0x12c0 NdisWan - ok

17:06:32.0187 0x12c0 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

17:06:32.0187 0x12c0 NDProxy - ok

17:06:32.0187 0x12c0 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

17:06:32.0187 0x12c0 NetBIOS - ok

17:06:32.0187 0x12c0 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

17:06:32.0203 0x12c0 NetBT - ok

17:06:32.0203 0x12c0 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe

17:06:32.0203 0x12c0 Netlogon - ok

17:06:32.0203 0x12c0 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll

17:06:32.0218 0x12c0 Netman - ok

17:06:32.0218 0x12c0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:06:32.0218 0x12c0 NetMsmqActivator - ok

17:06:32.0234 0x12c0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:06:32.0234 0x12c0 NetPipeActivator - ok

17:06:32.0234 0x12c0 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll

17:06:32.0249 0x12c0 netprofm - ok

17:06:32.0265 0x12c0 [ 621559A521682A888D83DB34C6EC0BF8, E330639387CD054C777E81D674BA5048AB10960884D998CAC8DFF2868591BC6D ] netr7364 C:\Windows\system32\DRIVERS\netr7364.sys

17:06:32.0281 0x12c0 netr7364 - ok

17:06:32.0281 0x12c0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:06:32.0281 0x12c0 NetTcpActivator - ok

17:06:32.0296 0x12c0 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:06:32.0296 0x12c0 NetTcpPortSharing - ok

17:06:32.0296 0x12c0 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

17:06:32.0296 0x12c0 nfrd960 - ok

17:06:32.0296 0x12c0 [ 1BF9D6476061B31CD7FC2BF848529A56, 95B585543240E823D7850ADEEEA7A4738EF9E18A4B07D921F145F6EF466F0271 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

17:06:32.0312 0x12c0 NIS - ok

17:06:32.0312 0x12c0 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll

17:06:32.0327 0x12c0 NlaSvc - ok

17:06:32.0327 0x12c0 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys

17:06:32.0327 0x12c0 Npfs - ok

17:06:32.0327 0x12c0 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll

17:06:32.0327 0x12c0 nsi - ok

17:06:32.0327 0x12c0 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

17:06:32.0327 0x12c0 nsiproxy - ok

17:06:32.0359 0x12c0 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

17:06:32.0390 0x12c0 Ntfs - ok

17:06:32.0390 0x12c0 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys

17:06:32.0390 0x12c0 Null - ok

17:06:32.0390 0x12c0 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys

17:06:32.0390 0x12c0 nvraid - ok

17:06:32.0405 0x12c0 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys

17:06:32.0405 0x12c0 nvstor - ok

17:06:32.0405 0x12c0 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

17:06:32.0405 0x12c0 nv_agp - ok

17:06:32.0421 0x12c0 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

17:06:32.0421 0x12c0 ohci1394 - ok

17:06:32.0421 0x12c0 [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

17:06:32.0421 0x12c0 ose64 - ok

17:06:32.0515 0x12c0 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

17:06:32.0593 0x12c0 osppsvc - ok

17:06:32.0593 0x12c0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

17:06:32.0608 0x12c0 p2pimsvc - ok

17:06:32.0608 0x12c0 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll

17:06:32.0624 0x12c0 p2psvc - ok

17:06:32.0624 0x12c0 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys

17:06:32.0624 0x12c0 Parport - ok

17:06:32.0639 0x12c0 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys

17:06:32.0639 0x12c0 partmgr - ok

17:06:32.0639 0x12c0 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll

17:06:32.0639 0x12c0 PcaSvc - ok

17:06:32.0655 0x12c0 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys

17:06:32.0655 0x12c0 pci - ok

17:06:32.0655 0x12c0 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys

17:06:32.0655 0x12c0 pciide - ok

17:06:32.0655 0x12c0 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

17:06:32.0671 0x12c0 pcmcia - ok

17:06:32.0671 0x12c0 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys

17:06:32.0671 0x12c0 pcw - ok

17:06:32.0686 0x12c0 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys

17:06:32.0686 0x12c0 PEAUTH - ok

17:06:32.0717 0x12c0 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

17:06:32.0749 0x12c0 PeerDistSvc - ok

17:06:32.0764 0x12c0 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe

17:06:32.0764 0x12c0 PerfHost - ok

17:06:32.0780 0x12c0 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll

17:06:32.0811 0x12c0 pla - ok

17:06:32.0811 0x12c0 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

17:06:32.0827 0x12c0 PlugPlay - ok

17:06:32.0827 0x12c0 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

17:06:32.0827 0x12c0 PNRPAutoReg - ok

17:06:32.0842 0x12c0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

17:06:32.0842 0x12c0 PNRPsvc - ok

17:06:32.0858 0x12c0 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

17:06:32.0858 0x12c0 PolicyAgent - ok

17:06:32.0873 0x12c0 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll

17:06:32.0873 0x12c0 Power - ok

17:06:32.0873 0x12c0 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

17:06:32.0873 0x12c0 PptpMiniport - ok

17:06:32.0873 0x12c0 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys

17:06:32.0873 0x12c0 Processor - ok

17:06:32.0889 0x12c0 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll

17:06:32.0889 0x12c0 ProfSvc - ok

17:06:32.0889 0x12c0 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe

17:06:32.0889 0x12c0 ProtectedStorage - ok

17:06:32.0905 0x12c0 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys

17:06:32.0905 0x12c0 Psched - ok

17:06:32.0905 0x12c0 [ EA735BF6DF13A857A83C99BF27A422AD, 026A57155FB9E01CFAFD8613980CDF0F3D744ABBBC66EFDC6C20B89980FB45CF ] PST Service C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe

17:06:32.0905 0x12c0 PST Service - ok

17:06:32.0936 0x12c0 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

17:06:32.0951 0x12c0 ql2300 - ok

17:06:32.0967 0x12c0 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

17:06:32.0967 0x12c0 ql40xx - ok

17:06:32.0967 0x12c0 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll

17:06:32.0983 0x12c0 QWAVE - ok

17:06:32.0983 0x12c0 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

17:06:32.0983 0x12c0 QWAVEdrv - ok

17:06:32.0983 0x12c0 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

17:06:32.0983 0x12c0 RasAcd - ok

17:06:32.0983 0x12c0 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

17:06:32.0983 0x12c0 RasAgileVpn - ok

17:06:32.0998 0x12c0 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll

17:06:32.0998 0x12c0 RasAuto - ok

17:06:32.0998 0x12c0 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

17:06:32.0998 0x12c0 Rasl2tp - ok

17:06:33.0014 0x12c0 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll

17:06:33.0014 0x12c0 RasMan - ok

17:06:33.0014 0x12c0 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

17:06:33.0029 0x12c0 RasPppoe - ok

17:06:33.0029 0x12c0 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

17:06:33.0029 0x12c0 RasSstp - ok

17:06:33.0029 0x12c0 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

17:06:33.0045 0x12c0 rdbss - ok

17:06:33.0045 0x12c0 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

17:06:33.0045 0x12c0 rdpbus - ok

17:06:33.0045 0x12c0 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

17:06:33.0045 0x12c0 RDPCDD - ok

17:06:33.0045 0x12c0 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

17:06:33.0061 0x12c0 RDPDR - ok

17:06:33.0061 0x12c0 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

17:06:33.0061 0x12c0 RDPENCDD - ok

17:06:33.0061 0x12c0 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

17:06:33.0061 0x12c0 RDPREFMP - ok

17:06:33.0061 0x12c0 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

17:06:33.0061 0x12c0 RdpVideoMiniport - ok

17:06:33.0076 0x12c0 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

17:06:33.0076 0x12c0 RDPWD - ok

17:06:33.0076 0x12c0 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

17:06:33.0076 0x12c0 rdyboost - ok

17:06:33.0092 0x12c0 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll

17:06:33.0092 0x12c0 RemoteAccess - ok

17:06:33.0092 0x12c0 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll

17:06:33.0092 0x12c0 RemoteRegistry - ok

17:06:33.0107 0x12c0 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

17:06:33.0107 0x12c0 RFCOMM - ok

17:06:33.0107 0x12c0 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

17:06:33.0107 0x12c0 RpcEptMapper - ok

17:06:33.0107 0x12c0 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe

17:06:33.0107 0x12c0 RpcLocator - ok

17:06:33.0123 0x12c0 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll

17:06:33.0139 0x12c0 RpcSs - ok

17:06:33.0139 0x12c0 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

17:06:33.0139 0x12c0 rspndr - ok

17:06:33.0139 0x12c0 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys

17:06:33.0139 0x12c0 s3cap - ok

17:06:33.0139 0x12c0 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe

17:06:33.0139 0x12c0 SamSs - ok

17:06:33.0154 0x12c0 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

17:06:33.0154 0x12c0 sbp2port - ok

17:06:33.0154 0x12c0 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll

17:06:33.0154 0x12c0 SCardSvr - ok

17:06:33.0154 0x12c0 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

17:06:33.0170 0x12c0 scfilter - ok

17:06:33.0185 0x12c0 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll

17:06:33.0201 0x12c0 Schedule - ok

17:06:33.0201 0x12c0 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll

17:06:33.0201 0x12c0 SCPolicySvc - ok

17:06:33.0217 0x12c0 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll

17:06:33.0217 0x12c0 SDRSVC - ok

17:06:33.0217 0x12c0 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys

17:06:33.0217 0x12c0 secdrv - ok

17:06:33.0217 0x12c0 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll

17:06:33.0217 0x12c0 seclogon - ok

17:06:33.0232 0x12c0 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll

17:06:33.0232 0x12c0 SENS - ok

17:06:33.0232 0x12c0 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll

17:06:33.0232 0x12c0 SensrSvc - ok

17:06:33.0232 0x12c0 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

17:06:33.0232 0x12c0 Serenum - ok

17:06:33.0232 0x12c0 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys

17:06:33.0248 0x12c0 Serial - ok

17:06:33.0248 0x12c0 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

17:06:33.0248 0x12c0 sermouse - ok

17:06:33.0248 0x12c0 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll

17:06:33.0248 0x12c0 SessionEnv - ok

17:06:33.0263 0x12c0 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

17:06:33.0263 0x12c0 sffdisk - ok

17:06:33.0263 0x12c0 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

17:06:33.0263 0x12c0 sffp_mmc - ok

17:06:33.0263 0x12c0 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

17:06:33.0263 0x12c0 sffp_sd - ok

17:06:33.0263 0x12c0 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

17:06:33.0263 0x12c0 sfloppy - ok

17:06:33.0279 0x12c0 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll

17:06:33.0279 0x12c0 SharedAccess - ok

17:06:33.0295 0x12c0 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

17:06:33.0295 0x12c0 ShellHWDetection - ok

17:06:33.0295 0x12c0 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

17:06:33.0295 0x12c0 SiSRaid2 - ok

17:06:33.0310 0x12c0 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

17:06:33.0310 0x12c0 SiSRaid4 - ok

17:06:33.0310 0x12c0 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys

17:06:33.0310 0x12c0 Smb - ok

17:06:33.0310 0x12c0 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

17:06:33.0310 0x12c0 SNMPTRAP - ok

17:06:33.0326 0x12c0 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys

17:06:33.0326 0x12c0 spldr - ok

17:06:33.0326 0x12c0 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe

17:06:33.0341 0x12c0 Spooler - ok

17:06:33.0404 0x12c0 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe

17:06:33.0451 0x12c0 sppsvc - ok

17:06:33.0466 0x12c0 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll

17:06:33.0466 0x12c0 sppuinotify - ok

17:06:33.0482 0x12c0 [ 2FD9346F9D76CB4192D37329CFA47A82, 4CD75B4006147D469116F3CBC10528928A592510DA8037D709CB198D89853CAB ] SRTSP C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS

17:06:33.0497 0x12c0 SRTSP - ok

17:06:33.0497 0x12c0 [ 0E76CEF892C45734F7AED09FDDF35D4D, C25AF31E411AC3A090859C883132B9AE6A80C8D791168FF219BC0895E35A0359 ] SRTSPX C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS

17:06:33.0497 0x12c0 SRTSPX - ok

17:06:33.0513 0x12c0 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys

17:06:33.0513 0x12c0 srv - ok

17:06:33.0529 0x12c0 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

17:06:33.0529 0x12c0 srv2 - ok

17:06:33.0544 0x12c0 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

17:06:33.0544 0x12c0 srvnet - ok

17:06:33.0544 0x12c0 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

17:06:33.0544 0x12c0 SSDPSRV - ok

17:06:33.0560 0x12c0 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll

17:06:33.0560 0x12c0 SstpSvc - ok

17:06:33.0560 0x12c0 Steam Client Service - ok

17:06:33.0560 0x12c0 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

17:06:33.0560 0x12c0 stexstor - ok

17:06:33.0560 0x12c0 [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys

17:06:33.0560 0x12c0 StillCam - ok

17:06:33.0575 0x12c0 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll

17:06:33.0591 0x12c0 stisvc - ok

17:06:33.0591 0x12c0 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys

17:06:33.0591 0x12c0 storflt - ok

17:06:33.0591 0x12c0 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys

17:06:33.0591 0x12c0 storvsc - ok

17:06:33.0591 0x12c0 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys

17:06:33.0591 0x12c0 swenum - ok

17:06:33.0607 0x12c0 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll

17:06:33.0622 0x12c0 swprv - ok

17:06:33.0622 0x12c0 [ 52DC0048D667757A8A2E4C87182890AC, 7B43DF6DADFDDBBC5402477FE832052ADB6A39B90111CDA89B5E01CE900F55C5 ] SymDS C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS

17:06:33.0638 0x12c0 SymDS - ok

17:06:33.0653 0x12c0 [ 599872BAD7CFB45C7CE47CDED4B726D8, 5B15B1B22C3ACA1BC56CAFCAFFC2E974C75C77C0AB7355FBA91F2147C0911499 ] SymEFA C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS

17:06:33.0685 0x12c0 SymEFA - ok

17:06:33.0685 0x12c0 [ F19E5E37ED8134B9E5F6287F2D3A75D7, 5804D6DF529213CCF7CD2C345483940554CAA5C6EA065A1B09AA54D114C612F8 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

17:06:33.0685 0x12c0 SymEvent - ok

17:06:33.0700 0x12c0 [ ADF37F1A715D6C56C8E065FD8569A9A4, 33E895CB326F62D4D22E345563B0641EB88D23B2104A07E8CEBE5ED150882767 ] SymIRON C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS

17:06:33.0700 0x12c0 SymIRON - ok

17:06:33.0700 0x12c0 [ 9CDCA70485BD6B9D230365F67C31F132, 137995F1F0124E3A10AAA25551F811602BB5FE8361AE8CBA899C6B98486F4CF3 ] SymNetS C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS

17:06:33.0716 0x12c0 SymNetS - ok

17:06:33.0747 0x12c0 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll

17:06:33.0778 0x12c0 SysMain - ok

17:06:33.0778 0x12c0 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll

17:06:33.0778 0x12c0 TabletInputService - ok

17:06:33.0778 0x12c0 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll

17:06:33.0794 0x12c0 TapiSrv - ok

17:06:33.0794 0x12c0 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll

17:06:33.0794 0x12c0 TBS - ok

17:06:33.0825 0x12c0 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys

17:06:33.0856 0x12c0 Tcpip - ok

17:06:33.0903 0x12c0 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

17:06:33.0919 0x12c0 TCPIP6 - ok

17:06:33.0934 0x12c0 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

17:06:33.0934 0x12c0 tcpipreg - ok

17:06:33.0934 0x12c0 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

17:06:33.0934 0x12c0 TDPIPE - ok

17:06:33.0934 0x12c0 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

17:06:33.0934 0x12c0 TDTCP - ok

17:06:33.0934 0x12c0 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

17:06:33.0950 0x12c0 tdx - ok

17:06:33.0950 0x12c0 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys

17:06:33.0950 0x12c0 TermDD - ok

17:06:33.0965 0x12c0 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll

17:06:33.0965 0x12c0 TermService - ok

17:06:33.0981 0x12c0 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll

17:06:33.0981 0x12c0 Themes - ok

17:06:33.0981 0x12c0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll

17:06:33.0981 0x12c0 THREADORDER - ok

17:06:33.0981 0x12c0 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll

17:06:33.0997 0x12c0 TrkWks - ok

17:06:33.0997 0x12c0 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

17:06:33.0997 0x12c0 TrustedInstaller - ok

17:06:33.0997 0x12c0 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

17:06:33.0997 0x12c0 tssecsrv - ok

17:06:34.0012 0x12c0 [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

17:06:34.0012 0x12c0 TsUsbFlt - ok

17:06:34.0012 0x12c0 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

17:06:34.0012 0x12c0 tunnel - ok

17:06:34.0012 0x12c0 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

17:06:34.0012 0x12c0 uagp35 - ok

17:06:34.0028 0x12c0 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

17:06:34.0028 0x12c0 udfs - ok

17:06:34.0043 0x12c0 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe

17:06:34.0043 0x12c0 UI0Detect - ok

17:06:34.0043 0x12c0 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

17:06:34.0043 0x12c0 uliagpkx - ok

17:06:34.0043 0x12c0 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys

17:06:34.0043 0x12c0 umbus - ok

17:06:34.0043 0x12c0 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

17:06:34.0043 0x12c0 UmPass - ok

17:06:34.0059 0x12c0 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll

17:06:34.0059 0x12c0 UmRdpService - ok

17:06:34.0075 0x12c0 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll

17:06:34.0075 0x12c0 upnphost - ok

17:06:34.0075 0x12c0 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

17:06:34.0075 0x12c0 usbccgp - ok

17:06:34.0090 0x12c0 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys

17:06:34.0090 0x12c0 usbcir - ok

17:06:34.0090 0x12c0 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys

17:06:34.0090 0x12c0 usbehci - ok

17:06:34.0106 0x12c0 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

17:06:34.0106 0x12c0 usbhub - ok

17:06:34.0106 0x12c0 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys

17:06:34.0106 0x12c0 usbohci - ok

17:06:34.0106 0x12c0 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

17:06:34.0106 0x12c0 usbprint - ok

17:06:34.0121 0x12c0 [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

17:06:34.0121 0x12c0 usbscan - ok

17:06:34.0121 0x12c0 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:06:34.0121 0x12c0 USBSTOR - ok

17:06:34.0121 0x12c0 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

17:06:34.0121 0x12c0 usbuhci - ok

17:06:34.0121 0x12c0 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll

17:06:34.0137 0x12c0 UxSms - ok

17:06:34.0137 0x12c0 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe

17:06:34.0137 0x12c0 VaultSvc - ok

17:06:34.0137 0x12c0 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

17:06:34.0137 0x12c0 vdrvroot - ok

17:06:34.0153 0x12c0 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe

17:06:34.0153 0x12c0 vds - ok

17:06:34.0153 0x12c0 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

17:06:34.0168 0x12c0 vga - ok

17:06:34.0168 0x12c0 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys

17:06:34.0168 0x12c0 VgaSave - ok

17:06:34.0168 0x12c0 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

17:06:34.0168 0x12c0 vhdmp - ok

17:06:34.0184 0x12c0 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys

17:06:34.0184 0x12c0 viaide - ok

17:06:34.0184 0x12c0 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys

17:06:34.0184 0x12c0 vmbus - ok

17:06:34.0184 0x12c0 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

17:06:34.0184 0x12c0 VMBusHID - ok

17:06:34.0199 0x12c0 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys

17:06:34.0199 0x12c0 volmgr - ok

17:06:34.0199 0x12c0 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

17:06:34.0215 0x12c0 volmgrx - ok

17:06:34.0215 0x12c0 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys

17:06:34.0215 0x12c0 volsnap - ok

17:06:34.0231 0x12c0 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

17:06:34.0231 0x12c0 vsmraid - ok

17:06:34.0262 0x12c0 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe

17:06:34.0277 0x12c0 VSS - ok

17:06:34.0293 0x12c0 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

17:06:34.0293 0x12c0 vwifibus - ok

17:06:34.0293 0x12c0 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

17:06:34.0293 0x12c0 vwififlt - ok

17:06:34.0293 0x12c0 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

17:06:34.0293 0x12c0 vwifimp - ok

17:06:34.0309 0x12c0 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll

17:06:34.0309 0x12c0 W32Time - ok

17:06:34.0309 0x12c0 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

17:06:34.0324 0x12c0 WacomPen - ok

17:06:34.0324 0x12c0 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

17:06:34.0324 0x12c0 WANARP - ok

17:06:34.0324 0x12c0 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

17:06:34.0324 0x12c0 Wanarpv6 - ok

17:06:34.0355 0x12c0 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

17:06:34.0371 0x12c0 WatAdminSvc - ok

17:06:34.0402 0x12c0 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe

17:06:34.0418 0x12c0 wbengine - ok

17:06:34.0433 0x12c0 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

17:06:34.0433 0x12c0 WbioSrvc - ok

17:06:34.0449 0x12c0 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll

17:06:34.0449 0x12c0 wcncsvc - ok

17:06:34.0449 0x12c0 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

17:06:34.0449 0x12c0 WcsPlugInService - ok

17:06:34.0449 0x12c0 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys

17:06:34.0465 0x12c0 Wd - ok

17:06:34.0465 0x12c0 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

17:06:34.0480 0x12c0 Wdf01000 - ok

17:06:34.0496 0x12c0 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll

17:06:34.0496 0x12c0 WdiServiceHost - ok

17:06:34.0496 0x12c0 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll

17:06:34.0496 0x12c0 WdiSystemHost - ok

17:06:34.0496 0x12c0 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll

17:06:34.0511 0x12c0 WebClient - ok

17:06:34.0511 0x12c0 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll

17:06:34.0527 0x12c0 Wecsvc - ok

17:06:34.0527 0x12c0 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll

17:06:34.0527 0x12c0 wercplsupport - ok

17:06:34.0527 0x12c0 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll

17:06:34.0527 0x12c0 WerSvc - ok

17:06:34.0527 0x12c0 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

17:06:34.0527 0x12c0 WfpLwf - ok

17:06:34.0543 0x12c0 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys

17:06:34.0543 0x12c0 WIMMount - ok

17:06:34.0543 0x12c0 WinDefend - ok

17:06:34.0543 0x12c0 WinHttpAutoProxySvc - ok

17:06:34.0558 0x12c0 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

17:06:34.0558 0x12c0 Winmgmt - ok

17:06:34.0589 0x12c0 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll

17:06:34.0621 0x12c0 WinRM - ok

17:06:34.0636 0x12c0 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

17:06:34.0636 0x12c0 WinUsb - ok

17:06:34.0652 0x12c0 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll

17:06:34.0667 0x12c0 Wlansvc - ok

17:06:34.0699 0x12c0 [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

17:06:34.0745 0x12c0 wlidsvc - ok

17:06:34.0745 0x12c0 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

17:06:34.0745 0x12c0 WmiAcpi - ok

17:06:34.0745 0x12c0 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

17:06:34.0761 0x12c0 wmiApSrv - ok

17:06:34.0761 0x12c0 WMPNetworkSvc - ok

17:06:34.0761 0x12c0 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll

17:06:34.0761 0x12c0 WPCSvc - ok

17:06:34.0761 0x12c0 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

17:06:34.0761 0x12c0 WPDBusEnum - ok

17:06:34.0777 0x12c0 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

17:06:34.0777 0x12c0 ws2ifsl - ok

17:06:34.0777 0x12c0 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll

17:06:34.0777 0x12c0 wscsvc - ok

17:06:34.0777 0x12c0 WSearch - ok

17:06:34.0823 0x12c0 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll

17:06:34.0855 0x12c0 wuauserv - ok

17:06:34.0870 0x12c0 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

17:06:34.0870 0x12c0 WudfPf - ok

17:06:34.0870 0x12c0 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

17:06:34.0886 0x12c0 WUDFRd - ok

17:06:34.0886 0x12c0 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

17:06:34.0886 0x12c0 wudfsvc - ok

17:06:34.0886 0x12c0 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll

17:06:34.0901 0x12c0 WwanSvc - ok

17:06:34.0901 0x12c0 ================ Scan global ===============================

17:06:34.0901 0x12c0 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll

17:06:34.0917 0x12c0 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll

17:06:34.0917 0x12c0 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll

17:06:34.0933 0x12c0 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll

17:06:34.0933 0x12c0 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe

17:06:34.0948 0x12c0 [ Global ] - ok

17:06:34.0948 0x12c0 ================ Scan MBR ==================================

17:06:34.0948 0x12c0 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

17:06:34.0995 0x12c0 \Device\Harddisk0\DR0 - ok

17:06:34.0995 0x12c0 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1

17:06:35.0011 0x12c0 \Device\Harddisk1\DR1 - ok

17:06:35.0011 0x12c0 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2

17:06:35.0011 0x12c0 \Device\Harddisk2\DR2 - ok

17:06:35.0011 0x12c0 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3

17:06:35.0011 0x12c0 \Device\Harddisk3\DR3 - ok

17:06:35.0011 0x12c0 ================ Scan VBR ==================================

17:06:35.0011 0x12c0 [ 7452602C5764B7D546987BDB92BDBCDF ] \Device\Harddisk0\DR0\Partition1

17:06:35.0026 0x12c0 \Device\Harddisk0\DR0\Partition1 - ok

17:06:35.0026 0x12c0 [ 74C8C01A5D0DCAEED6C3634C11C41304 ] \Device\Harddisk0\DR0\Partition2

17:06:35.0026 0x12c0 \Device\Harddisk0\DR0\Partition2 - ok

17:06:35.0026 0x12c0 [ 4DA21F2E10AA90C6B94C0C7AAE3EA6A4 ] \Device\Harddisk1\DR1\Partition1

17:06:35.0089 0x12c0 \Device\Harddisk1\DR1\Partition1 - ok

17:06:35.0151 0x12c0 [ 84185051F9F23A0A59211D691F5D5803 ] \Device\Harddisk2\DR2\Partition1

17:06:35.0182 0x12c0 \Device\Harddisk2\DR2\Partition1 - ok

17:06:35.0198 0x12c0 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk3\DR3\Partition1

17:06:35.0198 0x12c0 \Device\Harddisk3\DR3\Partition1 - ok

17:06:35.0198 0x12c0 [ 3B6F7004BF748CBA72C3F0C50C4F525D ] \Device\Harddisk3\DR3\Partition2

17:06:35.0229 0x12c0 \Device\Harddisk3\DR3\Partition2 - ok

17:06:35.0229 0x12c0 Waiting for KSN requests completion. In queue: 256

17:06:36.0243 0x12c0 Waiting for KSN requests completion. In queue: 199

17:06:37.0257 0x12c0 Waiting for KSN requests completion. In queue: 199

17:06:38.0271 0x12c0 Waiting for KSN requests completion. In queue: 199

17:06:39.0285 0x12c0 AV detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe ( 20.4.0.0 ), 0x50000 ( disabled : updated )

17:06:39.0301 0x12c0 FW detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe ( 20.4.0.0 ), 0x50010 ( disabled )

17:06:39.0301 0x12c0 Win FW state via NFP2: enabled

17:06:42.0218 0x12c0 ============================================================

17:06:42.0218 0x12c0 Scan finished

17:06:42.0218 0x12c0 ============================================================

17:06:42.0218 0x0308 Detected object count: 0

17:06:42.0218 0x0308 Actual detected object count: 0

 

aswMBR results:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-05-20 17:10:23
-----------------------------
17:10:23.685    OS Version: Windows x64 6.1.7601 Service Pack 1
17:10:23.685    Number of processors: 4 586 0x2A07
17:10:23.685    ComputerName: HTPC  UserName: Gary
17:10:23.778    Initialize success
17:12:12.215    AVAST engine defs: 14052001
17:12:28.423    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:12:28.439    Disk 0 Vendor: M4-CT064 0009 Size: 61057MB BusType: 3
17:12:28.439    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
17:12:28.439    Disk 1 Vendor: SAMSUNG_ 1AJ1 Size: 953869MB BusType: 3
17:12:28.439    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3
17:12:28.439    Disk 2 Vendor: SAMSUNG_ 1AJ1 Size: 953869MB BusType: 3
17:12:28.439    Disk 3  \Device\Harddisk3\DR3 -> \Device\Ide\IAAStorageDevice-4
17:12:28.455    Disk 3 Vendor: ST3000DM CC24 Size: 2861588MB BusType: 3
17:12:28.455    Disk 0 MBR read successfully
17:12:28.470    Disk 0 MBR scan
17:12:28.470    Disk 0 Windows 7 default MBR code
17:12:28.470    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
17:12:28.486    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        60955 MB offset 206848
17:12:28.486    Disk 0 scanning C:\Windows\system32\drivers
17:12:30.748    Service scanning
17:12:38.095    Modules scanning
17:12:38.095    Disk 0 trace - called modules:
17:12:38.095    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:12:38.111    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800999f060]
17:12:38.111    3 CLASSPNP.SYS[fffff880017c843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80082c7050]
17:12:38.236    AVAST engine scan C:\Windows
17:12:38.548    AVAST engine scan C:\Windows\system32
17:13:23.242    AVAST engine scan C:\Windows\system32\drivers
17:13:25.925    AVAST engine scan C:\Users\Gary
17:13:53.553    AVAST engine scan C:\ProgramData
17:14:07.437    Scan finished successfully
17:15:04.408    Disk 0 MBR has been saved successfully to "G:\Users\Gary\Desktop\MBR.dat"
17:15:04.408    The log file has been saved successfully to "G:\Users\Gary\Desktop\aswMBR.txt"

 

 

Attached Files

  • Attached File  MBR.zip   559bytes   0 downloads


#12 Chillydog91

Chillydog91
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Moore, Ok
  • Local time:08:31 PM

Posted 20 May 2014 - 05:35 PM

Correction to my earlier statement. I may have caused a goose chase.

Flash on black screen is:

Marvel controller
No hard disk found

I think this is from the motherboard and not a problem?

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:31 PM

Posted 21 May 2014 - 06:52 AM


Hardware is not my forte.

See if it's a driver issue.

Secunia Personal Software Inspector (PSI)
http://secunia.com/vulnerability_scanning/personal/
Secunia PSI is a security scanner which identifies programs/drivers that are damaged and need updates.
If interested in security I would download the tool and run it.
<<<>>>

If you need additional help on this try this Forum.
Internal hardware forum
http://www.bleepingcomputer.com/forums/forum7.html

#14 Chillydog91

Chillydog91
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Moore, Ok
  • Local time:08:31 PM

Posted 22 May 2014 - 11:28 AM

Downloaded Secunia PSI

 

Java JRE 1.6.x/6.x and  JRE 1.6x/6.x (64 bit)  will not update.  

 

I have checked Java and it shows 1.7 as the current version installed so I marked the 1.6 items as ignored in Secunia.

 

I have installed all windows and MS office updates but cannot get IE11 to install.  I get error message 9c59. 

 

 

 



#15 Chillydog91

Chillydog91
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Moore, Ok
  • Local time:08:31 PM

Posted 22 May 2014 - 11:36 AM

Computer seems to be running good other than updating IE11.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users