Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.PWS.Panda.5661 left for too long


  • This topic is locked This topic is locked
14 replies to this topic

#1 shival

shival

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 18 June 2014 - 09:40 AM

tl;dr warning I like to write a lot, scroll down for pure data
Hello, bleepingcomputer staff! While I generally prefer to fix all my computer problems by myself, this time I must admit Im defeated. Its my own fault, because I got a bit too confident about not having problems with viruses. Some tweaks, hardware firewall + windows and common sense were enough. I got lazy and stopped doing regular virus scans (active protection? aww hell no, muh RAM), updates, ETC.

When I got in problems with local hacking/cracking/doxing/hiddenweb community I only added zone alarm firewall, which propably isnt that great nowadays, anyway, one day I was helping my female friend (how they manage to catch so much viruses is beyond my understanding) and just got a thought - lets run DrWeb, just to make sure I dont have any problems.

One found? Its not that bad. Its in RAM? Bad feelings about it. Google the trojan. Welp, I guess I have to fight again, I manually removed a lot of stuff before. Lets check this...

:smash: :smash: :smash: :killcomp:

Im not very good with win7 registry, but it looks like a disaster. Amounts of hidden stuff is fantasic. It looks like it impersonates half of the system. I started connecting facts. This computer got "old and slow" a bit too fast. Something was wrong with my HDD space. Some random bugs started happening. I was generally ignoring this for too long, CPU usage was still in check, DL/UP was in check, I just thought I will have to format a bit sooner than usually. I have two ideas when and how infection could happen.
1. Its the community Im in conflict, they are better than I thought (they are mostly trolls/scriptkiddies). It isnt very propable, because if they got so much access to my computer, passwords and data, they would use it to ruin my life and while Im not in the best condition, my life is still here and I would know that they might be onto something, because I have my spies on their side (Its so @!^$# chlidlish that I got involved in this, but I had to help the aforementioned friend, which really shouldnt be in places like that with her lack of knowledge). I think they might have keyloggers in their arsenal. Also, I would like to know if there is any possibility of finding how and for who the virus works, before destroying it. I looked in the logs/registry myself but dont have too much of a clue. I know its rather impossible and maybe I should ask about it in another topic :)
2. Its a very unlucky catch, that could happen anywhere between a few days ago and 6-8 months ago. My computer is propably used mostly to infect other people, I did some basic traffic observations with wireshark and noticed its crazy. I receive and sent too much packets, IP's are from strange proxies and some of data goes trough ports very close to SIP protocols, which stopped working for me a half year ago for no reason. So maybe all my rage at my ISP wasnt justified. :bubbles: (but that would mean that my friend haves this virus too, because his ISP is the same and SIP also refuses to work... NVM)

I dont expect this computer can be brought back to 100% healthy state, I just ask for help in removal, so I can prepare to sys reinstall in peace :)

tl;dr ends, data here, sorry for polish elements in logs, I hope they wont be a problem

 

The malware is perfectly hidden, rootkit scans show much less than for other users. Using PC is, however suprisingly good for that level of infection. Minor errors, small impact on performance, even considering that the trojan is propably sending/downloading "stuff" as it shows on wireshark. Maybe Im paranoic and infection in reality is very small.

-I used those and another programs many times and sometimes together they make progress, I have to admit that I used combofix-

DrWebCure It full scan in safe mode:

Im an idiot and overwrited the 8-hours scan log. Even the quarantine is god knows where. Basically, it found 4 things and managed to delete. Two of them was propably rkill named as iExplore.exe (and I had downloaded it twice) classified as trojan downloader, and the rest two with long names were classified as java exploits.
It finds trojan.pws.panda in vsmon.exe every reboot.

Combofix Log (Yes, yes, I know)

ComboFix 14-06-16.01 - Shival 2014-06-18  12:59:23.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.48.1045.18.4095.2969 [GMT 2:00]
Uruchomiony z: c:\users\Shival\Desktop\ratuj\ComboFix.exe
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((((((((((((((((   Deleted   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.exe.lnk
c:\users\Shival\Documents\PrawkoB2013.tmp
c:\windows\DPINST.LOG
c:\windows\Installer\{0707AE53-4A96-4175-B375-77334478A12C}\Icon6560581611.exe
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\Projects
D:\install.exe
.
infected c:\windows\explorer.exe została znaleziona. fixed
recovered from  - c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2014-05-18 do 2014-06-18  )))))))))))))))))))))))))))))))
.
.
2014-06-18 11:04 . 2014-06-18 11:04    --------    d-----w-    c:\users\Shival\AppData\Local\temp
2014-06-18 11:04 . 2014-06-18 11:04    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-06-18 11:04 . 2014-06-18 11:04    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2014-06-18 00:26 . 2014-06-18 00:26    --------    d-----w-    c:\programdata\Malwarebytes
2014-06-18 00:26 . 2014-06-18 00:35    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-06-18 00:26 . 2014-06-18 00:26    128728    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-18 00:25 . 2014-06-18 00:25    92888    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-06-18 00:02 . 2014-06-18 00:02    35904    ----a-w-    c:\windows\SysWow64\drivers\g23ky4ym.sys
2014-06-17 17:27 . 2014-06-17 17:27    --------    d-----w-    c:\windows\ERUNT
2014-06-17 16:39 . 2014-06-17 23:53    --------    d-----w-    c:\users\Shival\AppData\Local\CrashDumps
2014-06-17 15:19 . 2014-06-17 15:19    --------    d-----w-    c:\programdata\RogueKiller
2014-06-17 12:32 . 2014-06-17 21:32    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{203056A8-66BD-4EC3-B28A-0020A33811B2}\offreg.dll
2014-06-17 12:14 . 2010-08-30 06:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-06-17 12:14 . 2014-06-18 00:24    --------    d-----w-    C:\AdwCleaner
2014-06-10 13:57 . 2014-06-10 13:57    --------    d-----w-    c:\users\Shival\AppData\Roaming\Wireshark
2014-06-10 13:56 . 2014-06-10 13:56    --------    d-----w-    c:\program files (x86)\WinPcap
2014-06-08 20:26 . 2014-06-09 01:25    --------    d-----w-    c:\users\Shival\AppData\Roaming\Blink
2014-06-08 20:26 . 2014-06-08 20:26    --------    d-----w-    c:\program files\Bonjour SDK
2014-06-08 20:26 . 2014-06-08 20:26    --------    d-----w-    c:\program files (x86)\Bonjour SDK
2014-06-08 20:26 . 2014-06-08 20:26    --------    d-----w-    c:\programdata\Apple
2014-06-08 20:26 . 2014-06-08 20:26    --------    d-----w-    c:\program files\Bonjour
2014-06-08 20:26 . 2014-06-08 20:26    --------    d-----w-    c:\program files (x86)\Bonjour
2014-06-08 20:25 . 2014-06-08 20:25    --------    d-----w-    c:\program files (x86)\Blink
2014-06-08 20:05 . 2014-06-08 20:05    --------    d-----w-    c:\program files (x86)\Jitsi
2014-06-08 10:45 . 2014-06-08 10:45    --------    d-----w-    c:\users\Shival\AppData\Local\TomTom
2014-06-08 10:44 . 2014-06-08 10:52    --------    d-----w-    c:\program files (x86)\TomTom International B.V
2014-06-08 10:44 . 2014-06-08 10:44    --------    d-----w-    c:\program files (x86)\MyDrive Connect
2014-06-04 20:51 . 2014-06-04 20:51    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2014-05-27 14:43 . 2014-05-27 14:43    --------    d-----w-    c:\users\Shival\AppData\Roaming\IVONA 2 Voice
2014-05-27 13:53 . 2014-05-31 20:38    --------    d-----w-    c:\users\Shival\AppData\Roaming\IVONA Reader
2014-05-27 13:51 . 2014-05-27 13:51    --------    d-----w-    c:\users\Shival\Nowy folder
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-24 21:03 . 2014-04-24 21:03    450968    ----a-w-    c:\windows\system32\drivers\vsdatant.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2013-08-19 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2013-08-19 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2013-08-30 14:41    1197280    ----a-w-    c:\windows\SysWOW64\PGPfsshl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-08-11 2472048]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2014-04-24 137352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 g23ky4ym;Vba32 Armour Driver;c:\windows\system32\drivers\g23ky4ym.sys;c:\windows\SYSNATIVE\drivers\g23ky4ym.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 TomTomHOMEService;TomTomHOMEService;d:\tomtom\TomTom HOME 2\TomTomHOMEService.exe;d:\tomtom\TomTom HOME 2\TomTomHOMEService.exe [x]
S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys;c:\windows\SYSNATIVE\Drivers\PGPfsfd.sys [x]
S0 Pgpwdefs;Pgpwdefs;c:\windows\system32\DRIVERS\Pgpwdefs.sys;c:\windows\SYSNATIVE\DRIVERS\Pgpwdefs.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\gry\smite\HiPatchService.exe;d:\gry\smite\HiPatchService.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
Zawartość folderu 'Scheluded Tasks'
.
2014-06-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-240938871-1741651982-3117460768-1001Core.job
- c:\users\Shival\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-22 22:12]
.
2014-06-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-240938871-1741651982-3117460768-1001UA.job
- c:\users\Shival\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-22 22:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2013-08-30 14:41    1985248    ----a-w-    c:\windows\System32\PGPfsshl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896]
"MagicTuneEngine"="c:\program files\MagicTune Premium\MagicTuneLauncher.exe" [2010-12-14 53760]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"MouseDriver"="TiltWheelMouse.exe" [2012-12-19 241152]
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Shival\AppData\Roaming\Mozilla\Firefox\Profiles\qke6ul0o.default\
FF - prefs.js: network.proxy.ftp - 1.179.139.148
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.socks - 1.179.139.148
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 1.179.139.148
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - Deleted Empty - - - -
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PGP Tray.lnk - c:\windows\Installer\{0707AE53-4A96-4175-B375-77334478A12C}\Icon6560581611.exe
SafeBoot-00482860.sys
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Blocked keys --------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Czas ukończenia: 2014-06-18  13:10:36 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2014-06-18 11:10
.
Przed: 403 607 552 bajtów wolnych
Po: 114 368 512 bajtów wolnych
.
- - End Of File - - A956945A2BCEB8E80FD70E68F04DFBB9
A36C5E4F47E84449FF07ED3517B43A31

Current DDS Log

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:   BrowserJavaVersion: 10.51.2
Run by Shival at 15:15:27 on 2014-06-18
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.48.1045.18.4095.2433 [GMT 2:00]
.
AV: ZoneAlarm Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
D:\Gry\smite\HiPatchService.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\UI0Detect.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
D:\TEMP\7DAD633C-13E6175D-279D8F98-9775DFB1\etu2iasg.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mDefault_Page_URL = hxxp://www.google.com
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{290A358D-5216-448C-9EA0-74BE55DE05F4} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [MagicTuneEngine] C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [MouseDriver] TiltWheelMouse.exe
x64-IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223}
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Shival\AppData\Roaming\Mozilla\Firefox\Profiles\qke6ul0o.default\
FF - prefs.js: network.proxy.ftp - 1.179.139.148
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.socks - 1.179.139.148
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 1.179.139.148
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Shival\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pgpfs;PGP File Sharing;C:\Windows\System32\drivers\PGPfsfd.sys [2013-8-30 184856]
R0 Pgpwdefs;Pgpwdefs;C:\Windows\System32\drivers\PGPwdefs.sys [2013-8-30 20536]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;D:\Gry\smite\HiPatchService.exe [2014-4-19 9216]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-17 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-9-22 15129376]
R2 OpenVPNAccessClient;OpenVPN Access Client;C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2010-8-12 24064]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-3-31 411936]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2014-4-9 92176]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-12-17 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 t_mouse.sys;HID-compliand device;C:\Windows\System32\drivers\t_mouse.sys [2012-12-19 6144]
R3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2012-7-15 30720]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-7-21 1342064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-20 19456]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2014-4-30 155824]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-31 56832]
S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-21 1255736]
S4 TomTomHOMEService;TomTomHOMEService;D:\tomtom\TomTom HOME 2\TomTomHOMEService.exe [2013-8-27 93072]
.
=============== Created Last 30 ================
.
2014-06-18 11:10:40    --------    d-----w-    C:\Users\Shival\AppData\Local\temp
2014-06-18 11:05:58    --------    d-----w-    C:\$RECYCLE.BIN
2014-06-18 10:56:43    98816    ----a-w-    C:\Windows\sed.exe
2014-06-18 10:56:43    256000    ----a-w-    C:\Windows\PEV.exe
2014-06-18 10:56:43    208896    ----a-w-    C:\Windows\MBR.exe
2014-06-18 00:26:11    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-06-18 00:26:03    128728    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-18 00:26:03    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-18 00:25:49    92888    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-18 00:02:56    35904    ----a-w-    C:\Windows\SysWow64\drivers\g23ky4ym.sys
2014-06-17 17:27:59    --------    d-----w-    C:\Windows\ERUNT
2014-06-17 16:39:19    --------    d-----w-    C:\Users\Shival\AppData\Local\CrashDumps
2014-06-17 15:19:46    --------    d-----w-    C:\ProgramData\RogueKiller
2014-06-17 12:32:18    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{203056A8-66BD-4EC3-B28A-0020A33811B2}\offreg.dll
2014-06-17 12:14:59    536576    ----a-w-    C:\Windows\SysWow64\sqlite3.dll
2014-06-17 12:14:20    --------    d-----w-    C:\AdwCleaner
2014-06-10 13:57:49    --------    d-----w-    C:\Users\Shival\AppData\Roaming\Wireshark
2014-06-10 13:56:56    --------    d-----w-    C:\Program Files (x86)\WinPcap
2014-06-09 09:40:50    --------    d-----w-    C:\Windows\pss
2014-06-08 20:26:52    --------    d-----w-    C:\Users\Shival\AppData\Roaming\Blink
2014-06-08 20:26:32    --------    d-----w-    C:\Program Files\Bonjour SDK
2014-06-08 20:26:32    --------    d-----w-    C:\Program Files (x86)\Bonjour SDK
2014-06-08 20:26:05    --------    d-----w-    C:\Program Files\Bonjour
2014-06-08 20:26:05    --------    d-----w-    C:\Program Files (x86)\Bonjour
2014-06-08 20:25:35    --------    d-----w-    C:\Program Files (x86)\Blink
2014-06-08 20:05:54    --------    d-----w-    C:\Program Files (x86)\Jitsi
2014-06-08 10:45:38    --------    d-----w-    C:\Users\Shival\AppData\Local\TomTom
2014-06-08 10:44:46    --------    d-----w-    C:\Program Files (x86)\TomTom International B.V
2014-06-08 10:44:41    --------    d-----w-    C:\Program Files (x86)\MyDrive Connect
2014-05-27 14:43:44    --------    d-----w-    C:\Users\Shival\AppData\Roaming\IVONA 2 Voice
2014-05-27 13:53:12    --------    d-----w-    C:\Users\Shival\AppData\Roaming\IVONA Reader
2014-05-27 13:51:32    --------    d-----w-    C:\Users\Shival\Nowy folder
.
==================== Find3M  ====================
.
2014-04-24 21:03:34    450968    ----a-w-    C:\Windows\System32\drivers\vsdatant.sys
.
============= FINISH: 15:15:53,94 ===============

Current RogueKiller Log

RogueKiller V9.0.3.0 [Jun 17 2014] od Adlice Software
mail : http://www.adlice.com/contact/
Dodaj opinię : http://forum.adlice.com
Strona internetowa : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

System Operacyjny : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Uruchomiono z : Tryb normalny
Użytkownik : Shival [Uprawnienia Administratora]
Tryb : Usuń -- Data : 06/18/2014  15:37:24

¤¤¤ Szkodliwe procesy : 1 ¤¤¤
[Suspicious.Path] etu2iasg.exe -- D:\TEMP\7DAD633C-13E6175D-279D8F98-9775DFB1\etu2iasg.exe[7] -> ZAKOŃCZONO [TermProc]

¤¤¤ Wpisy w Rejestrze : 2 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> DELETED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> ERROR [2]

¤¤¤ Zaplanowane zadania : 0 ¤¤¤

¤¤¤ Pliki : 0 ¤¤¤

¤¤¤ Plik HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost -> USUNIĘTO

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ przeglądarki internetowe : 1 ¤¤¤
[FIREFX:Addon] qke6ul0o.default : Bonjour Extension for Firefox [bonjour4firefox@apple.com] -> USUNIĘTO

¤¤¤ Sprawdzenie MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD502HI ATA Device +++++
--- User ---
[MBR] 6ee5f08ff5fdf0876104427df97483bb
[BSP] 2463887d4bc98492808f76efcdfccc69 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 30000 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 61648564 | Size: 446838 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_06172014_180942.log - RKreport_DEL_06182014_040157.log - RKreport_SCN_06172014_173406.log - RKreport_SCN_06172014_182311.log
RKreport_SCN_06182014_035943.log - RKreport_SCN_06182014_153639.log

Current AdwCleaner Log

# AdwCleaner v3.212 - Log utworzony 18/06/2014 o 15:45:57
# Aktualizacja 05/06/2014 przez Xplode
# System operacyjny : Windows 7 Ultimate Service Pack 1 (64 bits)
# Użytkownik : Shival - KOMPUTER
# Ścieżka : C:\Users\Shival\Desktop\AdwCleaner.exe
# Opcja : Usuń

***** [ Usługi ] *****


***** [ Pliki / Foldery ] *****


***** [ Skróty ] *****


***** [ Rejestr ] *****


***** [ Przeglądarki internetowe ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v29.0.1 (pl)

[ Plik : C:\Users\Shival\AppData\Roaming\Mozilla\Firefox\Profiles\qke6ul0o.default\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [1455 octets] - [17/06/2014 14:14:34]
AdwCleaner[R1].txt - [1009 octets] - [17/06/2014 18:36:53]
AdwCleaner[R2].txt - [1069 octets] - [17/06/2014 19:59:24]
AdwCleaner[R3].txt - [1136 octets] - [18/06/2014 02:24:38]
AdwCleaner[R4].txt - [1100 octets] - [18/06/2014 15:45:14]
AdwCleaner[S0].txt - [1452 octets] - [17/06/2014 14:31:33]
AdwCleaner[S1].txt - [1019 octets] - [18/06/2014 15:45:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1079 octets] ##########

Current FarbarRecoveryScan Log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014
Ran by Shival (administrator) on KOMPUTER on 18-06-2014 15:59:55
Running from C:\Users\Shival\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Polish
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) D:\Gry\smite\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(SEC) C:\Program Files\MagicTune Premium\MagicTune.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM\...\Run: [MagicTuneEngine] => C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe [53760 2010-12-14] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2472048 2010-08-11] (VIA)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-04-25] (Check Point Software Technologies Ltd.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Shival\AppData\Roaming\Mozilla\Firefox\Profiles\qke6ul0o.default
FF NetworkProxy: "backup.ftp", "218.108.170.165"
FF NetworkProxy: "backup.ftp_port", 82
FF NetworkProxy: "backup.socks", "218.108.170.165"
FF NetworkProxy: "backup.socks_port", 82
FF NetworkProxy: "backup.ssl", "218.108.170.165"
FF NetworkProxy: "backup.ssl_port", 82
FF NetworkProxy: "ftp", "1.179.139.148"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "1.179.139.148"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "1.179.139.148"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Shival\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\Shival\AppData\Roaming\Mozilla\Firefox\Profiles\qke6ul0o.default\searchplugins\duckduckgo-next.xml
FF HKLM-x32\...\Firefox\Extensions: [bonjour4firefox@apple.com] - C:\Program Files (x86)\Bonjour SDK\Bin\FirefoxExtension\
FF Extension: Bonjour Extension for Firefox - C:\Program Files (x86)\Bonjour SDK\Bin\FirefoxExtension\ []

==================== Services (Whitelisted) =================

R2 HiPatchService; D:\Gry\smite\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4702568 2012-10-24] (INCA Internet Co., Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2010-08-12] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2013-07-21] (Microsoft Corporation) [File not signed]
S4 TomTomHOMEService; D:\tomtom\TomTom HOME 2\TomTomHOMEService.exe [93072 2013-08-27] (TomTom)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-04-25] (Check Point Software Technologies Ltd.)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [92176 2014-04-09] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

S3 g23ky4ym; C:\Windows\SysWOW64\drivers\g23ky4ym.sys [35904 2014-06-18] (VirusBlokAda Ltd.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2014-03-19] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-03-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [490592 2014-03-19] (Kaspersky Lab ZAO)
R1 MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [23096 2008-11-04] (Samsung Electronics, Inc. )
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R2 PGPdisk; C:\Windows\System32\Drivers\PGPdisk.sys [274984 2013-08-30] (Symantec Corporation)
R0 pgpfs; C:\Windows\System32\Drivers\PGPfsfd.sys [184856 2013-08-30] (Symantec Corporation)
R1 PGPsdkDriver; C:\Windows\System32\Drivers\PGPsdk.sys [52968 2013-08-30] (Symantec Corporation)
R0 PGPwded; C:\Windows\System32\Drivers\PGPwded.sys [391344 2013-08-30] (Symantec Corporation)
R0 Pgpwdefs; C:\Windows\System32\DRIVERS\Pgpwdefs.sys [20536 2013-08-30] (Symantec Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-07-21] (Duplex Secure Ltd.)
R3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450968 2014-04-24] (Check Point Software Technologies Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-18 15:59 - 2014-06-18 16:01 - 00009767 _____ () C:\Users\Shival\Desktop\FRST.txt
2014-06-18 15:59 - 2014-06-18 15:59 - 00000000 ____D () C:\FRST
2014-06-18 15:56 - 2014-06-18 15:56 - 02081280 _____ (Farbar) C:\Users\Shival\Desktop\FRST64.exe
2014-06-18 15:16 - 2014-06-18 15:15 - 00011041 _____ () C:\Users\Shival\Desktop\dds.txt
2014-06-18 15:16 - 2014-06-18 15:15 - 00004101 _____ () C:\Users\Shival\Desktop\attach.txt
2014-06-18 14:54 - 2014-06-18 14:55 - 00000000 ____D () C:\Users\Shival\Desktop\LogsForPros
2014-06-18 13:50 - 2014-06-18 13:50 - 00688992 ____R (Swearware) C:\Users\Shival\Desktop\dds.com
2014-06-18 13:10 - 2014-06-18 13:10 - 00013871 _____ () C:\ComboFix.txt
2014-06-18 12:56 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-18 12:56 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-18 12:56 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-18 12:56 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-18 12:56 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-18 12:56 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-18 12:56 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-18 12:56 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-18 02:26 - 2014-06-18 02:35 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-18 02:26 - 2014-06-18 02:26 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-18 02:26 - 2014-06-18 02:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-18 02:25 - 2014-06-18 02:25 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-18 02:25 - 2014-06-18 02:25 - 00000000 ____D () C:\Users\Shival\Desktop\MWBA
2014-06-18 02:02 - 2014-06-18 02:02 - 00035904 _____ (VirusBlokAda Ltd.) C:\Windows\SysWOW64\Drivers\g23ky4ym.sys
2014-06-18 01:55 - 2014-06-18 13:10 - 00000000 ____D () C:\Qoobox
2014-06-18 01:54 - 2014-06-18 13:08 - 00000000 ____D () C:\Windows\erdnt
2014-06-17 23:22 - 2014-06-18 08:06 - 00000000 ____D () C:\Users\Shival\Desktop\ratuj
2014-06-17 19:53 - 2014-06-17 19:53 - 00000960 _____ () C:\Users\Shival\Desktop\JRT.txt
2014-06-17 19:27 - 2014-06-17 19:27 - 01016261 _____ (Thisisu) C:\Users\Shival\Desktop\JRT.exe
2014-06-17 19:27 - 2014-06-17 19:27 - 00000000 ____D () C:\Windows\ERUNT
2014-06-17 18:10 - 2014-06-17 18:10 - 00000076 _____ () C:\Users\Shival\Desktop\TrochemIP.txt
2014-06-17 17:19 - 2014-06-17 17:19 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-17 17:16 - 2014-06-17 23:36 - 00013614 _____ () C:\Users\Shival\Desktop\Rkill.txt
2014-06-17 14:28 - 2014-06-17 14:28 - 04707328 _____ () C:\Users\Shival\Desktop\RogueKiller.exe
2014-06-17 14:25 - 2014-06-17 14:27 - 17292208 _____ (Malwarebytes Corporation ) C:\Users\Shival\Desktop\mbam-setup.exe
2014-06-17 14:22 - 2014-06-17 14:22 - 00380416 _____ () C:\Users\Shival\Desktop\c7vwpfvt.exe
2014-06-17 14:14 - 2014-06-18 15:45 - 00000000 ____D () C:\AdwCleaner
2014-06-17 14:14 - 2014-06-17 14:14 - 01333465 _____ () C:\Users\Shival\Desktop\AdwCleaner.exe
2014-06-17 14:14 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-17 14:01 - 2014-06-17 14:01 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Shival\Desktop\tdsskiller.exe
2014-06-17 13:32 - 2014-06-17 13:42 - 150975192 _____ () C:\Users\Shival\Desktop\5mx13cs0.exe
2014-06-16 18:05 - 2014-06-16 18:51 - 00000000 ____D () C:\Users\Shival\Desktop\PIXECT-20140616175706
2014-06-16 16:08 - 2014-06-17 15:26 - 00013713 _____ () C:\Users\Shival\Desktop\listdowar.txt
2014-06-10 15:57 - 2014-06-10 15:57 - 00000000 ____D () C:\Users\Shival\AppData\Roaming\Wireshark
2014-06-10 15:56 - 2014-06-10 15:56 - 00000635 _____ () C:\Users\Public\Desktop\Wireshark.lnk
2014-06-10 15:56 - 2014-06-10 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-06-10 15:56 - 2014-06-10 15:56 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-06-10 15:52 - 2014-06-10 15:55 - 28001672 _____ (Wireshark development team) C:\Users\Shival\Desktop\Wireshark-win64-1.10.7.exe
2014-06-09 11:40 - 2014-06-09 11:40 - 00000000 ____D () C:\Windows\pss
2014-06-08 22:26 - 2014-06-09 03:25 - 00000000 ____D () C:\Users\Shival\AppData\Roaming\Blink
2014-06-08 22:26 - 2014-06-08 22:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour SDK
2014-06-08 22:26 - 2014-06-08 22:26 - 00000000 ____D () C:\ProgramData\Apple
2014-06-08 22:26 - 2014-06-08 22:26 - 00000000 ____D () C:\Program Files\Bonjour SDK
2014-06-08 22:26 - 2014-06-08 22:26 - 00000000 ____D () C:\Program Files\Bonjour
2014-06-08 22:26 - 2014-06-08 22:26 - 00000000 ____D () C:\Program Files (x86)\Bonjour SDK
2014-06-08 22:26 - 2014-06-08 22:26 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-06-08 22:25 - 2014-06-08 22:25 - 00001803 _____ () C:\Users\Public\Desktop\Blink.lnk
2014-06-08 22:25 - 2014-06-08 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blink
2014-06-08 22:25 - 2014-06-08 22:25 - 00000000 ____D () C:\Program Files (x86)\Blink
2014-06-08 22:23 - 2014-06-08 22:25 - 22686166 _____ (AG Projects ) C:\Users\Shival\Desktop\Blink-Installer.exe
2014-06-08 22:12 - 2014-06-08 22:13 - 00000014 _____ () C:\Users\Shival\Desktop\bleeplord.txt
2014-06-08 22:10 - 2014-06-08 22:10 - 00000000 _____ () C:\Users\Shival\Desktop\why.txt
2014-06-08 22:05 - 2014-06-08 22:05 - 00001831 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jitsi.lnk
2014-06-08 22:05 - 2014-06-08 22:05 - 00001819 _____ () C:\Users\Public\Desktop\Jitsi.lnk
2014-06-08 22:05 - 2014-06-08 22:05 - 00000000 ____D () C:\Program Files (x86)\Jitsi
2014-06-08 21:18 - 2014-06-08 21:18 - 00000000 _____ () C:\Users\Shival\Desktop\diediediedie.txt
2014-06-08 21:16 - 2014-06-08 21:19 - 43169528 _____ (jitsi.org) C:\Users\Shival\Desktop\jitsi-2.4-latest-x86.exe
2014-06-08 14:07 - 2014-06-08 14:09 - 30992256 _____ () C:\Users\Shival\Desktop\TomTomHOME2winlatest.exe
2014-06-08 12:45 - 2014-06-08 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2014-06-08 12:44 - 2014-06-08 12:52 - 00000000 ____D () C:\Program Files (x86)\TomTom International B.V
2014-06-08 12:44 - 2014-06-08 12:44 - 06715624 _____ (TomTom International B.V.) C:\Users\Shival\Desktop\InstallMyDriveConnect.exe
2014-06-08 12:44 - 2014-06-08 12:44 - 00000000 ____D () C:\Program Files (x86)\MyDrive Connect
2014-06-01 03:43 - 2014-06-01 03:53 - 00003561 _____ () C:\Users\Shival\Desktop\list.txt
2014-05-31 16:54 - 2014-05-31 16:54 - 00000000 _____ () C:\Users\Shival\Desktop\transformice.txt
2014-05-31 16:28 - 2014-05-31 16:28 - 00000000 _____ () C:\Users\Shival\Desktop\KOTCOSIĘSTAŁO.txt
2014-05-29 00:02 - 2014-05-29 00:04 - 11304038 _____ ( ) C:\Users\Shival\Desktop\K-Lite_Codec_Pack_1050_Basic.exe
2014-05-27 21:46 - 2014-05-27 21:46 - 00000051 _____ () C:\Users\Shival\Desktop\fitmap.txt
2014-05-27 16:43 - 2014-05-27 16:43 - 00000000 ____D () C:\Users\Shival\AppData\Roaming\IVONA 2 Voice
2014-05-27 15:53 - 2014-05-31 22:38 - 00000000 ____D () C:\Users\Shival\AppData\Roaming\IVONA Reader
2014-05-27 15:53 - 2014-05-27 15:53 - 00000796 _____ () C:\Users\Public\Desktop\IVONA Reader.lnk
2014-05-27 15:53 - 2014-05-27 15:53 - 00000000 ___RD () C:\Users\Shival\Documents\IVONA Reader Podcasts
2014-05-27 15:51 - 2014-05-27 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IVONA
2014-05-27 15:51 - 2014-05-27 15:51 - 00000000 ____D () C:\Users\Shival\Nowy folder
2014-05-27 15:49 - 2014-05-27 15:49 - 00000000 ____D () C:\Users\Shival\Desktop\IVONA.2.Voice.Jacek.1.6.3
2014-05-27 01:39 - 2014-05-27 01:56 - 00025165 _____ () C:\Users\Shival\Desktop\NieWierzęWNicJuż.odt
2014-05-27 01:39 - 2014-05-27 01:52 - 00017100 _____ () C:\Users\Shival\Desktop\AnotherBrickInThewall.odt
2014-05-27 01:39 - 2014-05-27 01:48 - 00017873 _____ () C:\Users\Shival\Desktop\Imagine.odt
2014-05-27 01:39 - 2014-05-27 01:42 - 00013128 _____ () C:\Users\Shival\Desktop\Noł Fjuczer.odt
2014-05-25 13:57 - 2014-05-25 13:57 - 00359755 _____ () C:\Users\Shival\Desktop\Elliot Rodger, Santa Barbara mass shooting suspect, 'My Twisted World' manifesto.htm
2014-05-25 13:57 - 2014-05-25 13:57 - 00000000 ____D () C:\Users\Shival\Desktop\Elliot Rodger, Santa Barbara mass shooting suspect, 'My Twisted World' manifesto_pliki
2014-05-24 15:59 - 2014-05-24 16:06 - 93056872 _____ () C:\Users\Shival\Desktop\Elliot Rodgers Retribution (HD).mp4
2014-05-23 00:32 - 2014-05-23 00:32 - 00000000 ____D () C:\Users\Shival\Desktop\V- The Musical
2014-05-22 20:32 - 2014-05-22 20:32 - 00000000 ____D () C:\Users\Shival\Desktop\sss
2014-05-22 20:22 - 2014-05-22 20:22 - 06839766 _____ () C:\Users\Shival\Desktop\sss.rar
2014-05-20 11:36 - 2014-05-20 11:44 - 00000145 _____ () C:\Users\Shival\Desktop\Znajomi.txt
2014-05-20 00:24 - 2014-06-10 23:21 - 00002809 ____H () C:\Windows\SysWOW64\BTImages.dat

==================== One Month Modified Files and Folders =======

2014-06-18 16:01 - 2014-06-18 15:59 - 00009767 _____ () C:\Users\Shival\Desktop\FRST.txt
2014-06-18 15:59 - 2014-06-18 15:59 - 00000000 ____D () C:\FRST
2014-06-18 15:56 - 2014-06-18 15:56 - 02081280 _____ (Farbar) C:\Users\Shival\Desktop\FRST64.exe
2014-06-18 15:50 - 2013-07-20 20:53 - 01148189 _____ () C:\Windows\WindowsUpdate.log
2014-06-18 15:47 - 2014-03-12 19:49 - 00047841 _____ () C:\Windows\setupact.log
2014-06-18 15:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-18 15:46 - 2014-03-12 19:49 - 00603912 _____ () C:\Windows\PFRO.log
2014-06-18 15:46 - 2013-07-20 23:50 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-18 15:45 - 2014-06-17 14:14 - 00000000 ____D () C:\AdwCleaner
2014-06-18 15:15 - 2014-06-18 15:16 - 00011041 _____ () C:\Users\Shival\Desktop\dds.txt
2014-06-18 15:15 - 2014-06-18 15:16 - 00004101 _____ () C:\Users\Shival\Desktop\attach.txt
2014-06-18 14:55 - 2014-06-18 14:54 - 00000000 ____D () C:\Users\Shival\Desktop\LogsForPros
2014-06-18 13:50 - 2014-06-18 13:50 - 00688992 ____R (Swearware) C:\Users\Shival\Desktop\dds.com
2014-06-18 13:29 - 2013-07-21 13:47 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-06-18 13:10 - 2014-06-18 13:10 - 00013871 _____ () C:\ComboFix.txt
2014-06-18 13:10 - 2014-06-18 01:55 - 00000000 ____D () C:\Qoobox
2014-06-18 13:08 - 2014-06-18 01:54 - 00000000 ____D () C:\Windows\erdnt
2014-06-18 13:08 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-18 13:06 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-18 13:04 - 2009-07-14 04:34 - 56098816 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-06-18 13:04 - 2009-07-14 04:34 - 15990784 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-06-18 13:04 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-06-18 13:04 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-06-18 13:04 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-06-18 08:06 - 2014-06-17 23:22 - 00000000 ____D () C:\Users\Shival\Desktop\ratuj
2014-06-18 02:35 - 2014-06-18 02:26 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-18 02:26 - 2014-06-18 02:26 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-18 02:26 - 2014-06-18 02:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-18 02:25 - 2014-06-18 02:25 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-18 02:25 - 2014-06-18 02:25 - 00000000 ____D () C:\Users\Shival\Desktop\MWBA
2014-06-18 02:02 - 2014-06-18 02:02 - 00035904 _____ (VirusBlokAda Ltd.) C:\Windows\SysWOW64\Drivers\g23ky4ym.sys
2014-06-17 23:36 - 2014-06-17 17:16 - 00013614 _____ () C:\Users\Shival\Desktop\Rkill.txt
2014-06-17 19:53 - 2014-06-17 19:53 - 00000960 _____ () C:\Users\Shival\Desktop\JRT.txt
2014-06-17 19:27 - 2014-06-17 19:27 - 01016261 _____ (Thisisu) C:\Users\Shival\Desktop\JRT.exe
2014-06-17 19:27 - 2014-06-17 19:27 - 00000000 ____D () C:\Windows\ERUNT
2014-06-17 18:10 - 2014-06-17 18:10 - 00000076 _____ () C:\Users\Shival\Desktop\TrochemIP.txt
2014-06-17 17:19 - 2014-06-17 17:19 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-17 17:11 - 2013-07-24 00:55 - 00000000 ____D () C:\Users\Shival\AppData\Roaming\Skype
2014-06-17 17:08 - 2013-08-30 21:01 - 00000000 ____D () C:\CamersoftOutput
2014-06-17 15:26 - 2014-06-16 16:08 - 00013713 _____ () C:\Users\Shival\Desktop\listdowar.txt
2014-06-17 14:28 - 2014-06-17 14:28 - 04707328 _____ () C:\Users\Shival\Desktop\RogueKiller.exe
2014-06-17 14:27 - 2014-06-17 14:25 - 17292208 _____ (Malwarebytes Corporation ) C:\Users\Shival\Desktop\mbam-setup.exe
2014-06-17 14:22 - 2014-06-17 14:22 - 00380416 _____ () C:\Users\Shival\Desktop\c7vwpfvt.exe
2014-06-17 14:14 - 2014-06-17 14:14 - 01333465 _____ () C:\Users\Shival\Desktop\AdwCleaner.exe
2014-06-17 14:01 - 2014-06-17 14:01 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Shival\Desktop\tdsskiller.exe
2014-06-17 13:42 - 2014-06-17 13:32 - 150975192 _____ () C:\Users\Shival\Desktop\5mx13cs0.exe
2014-06-17 09:19 - 2014-03-12 19:51 - 00000000 ____D () C:\Users\Shival\AppData\Roaming\Jitsi
2014-06-16 18:51 - 2014-06-16 18:05 - 00000000 ____D () C:\Users\Shival\Desktop\PIXECT-20140616175706
2014-06-15 00:16 - 2014-01-24 21:45 - 00000000 ____D () C:\Users\Shival\AppData\Roaming\foobar2000
2014-06-10 23:21 - 2014-05-20 00:24 - 00002809 ____H () C:\Windows\SysWOW64\BTImages.dat
2014-06-10 15:57 - 2014-06-10 15:57 - 00000000 ____D () C:\Users\Shival\AppData\Roaming\Wireshark
2014-06-10 15:56 - 2014-06-10 15:56 - 00000635 _____ () C:\Users\Public\Desktop\Wireshark.lnk
2014-06-10 15:56 - 2014-06-10 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-06-10 15:56 - 2014-06-10 15:56 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-06-10 15:55 - 2014-06-10 15:52 - 28001672 _____ (Wireshark development team) C:\Users\Shival\Desktop\Wireshark-win64-1.10.7.exe
2014-06-09 19:49 - 2014-03-30 00:08 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-240938871-1741651982-3117460768-1001UA.job
2014-06-09 19:49 - 2014-03-30 00:07 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-240938871-1741651982-3117460768-1001Core.job
2014-06-09 11:41 - 2014-03-30 00:08 - 00003922 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-240938871-1741651982-3117460768-1001UA
2014-06-09 11:41 - 2014-03-30 00:07 - 00003554 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-240938871-1741651982-3117460768-1001Core
2014-06-09 11:40 - 2014-06-09 11:40 - 00000000 ____D () C:\Windows\pss
2014-06-09 03:25 - 2014-06-08 22:26 - 00000000 ____D () C:\Users\Shival\AppData\Roaming\Blink
2014-06-08 22:26 - 2014-06-08 22:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour SDK
2014-06-08 22:26 - 2014-06-08 22:26 - 00000000 ____D () C:\ProgramData\Apple
2014-06-08 22:26 - 2014-06-08 22:26 - 00000000 ____D () C:\Program Files\Bonjour SDK
2014-06-08 22:26 - 2014-06-08 22:26 - 00000000 ____D () C:\Program Files\Bonjour
2014-06-08 22:26 - 2014-06-08 22:26 - 00000000 ____D () C:\Program Files (x86)\Bonjour SDK
2014-06-08 22:26 - 2014-06-08 22:26 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-06-08 22:25 - 2014-06-08 22:25 - 00001803 _____ () C:\Users\Public\Desktop\Blink.lnk
2014-06-08 22:25 - 2014-06-08 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blink
2014-06-08 22:25 - 2014-06-08 22:25 - 00000000 ____D () C:\Program Files (x86)\Blink
2014-06-08 22:25 - 2014-06-08 22:23 - 22686166 _____ (AG Projects ) C:\Users\Shival\Desktop\Blink-Installer.exe
2014-06-08 22:21 - 2014-05-01 23:44 - 00000000 ____D () C:\Users\Shival\.dbus-keyrings
2014-06-08 22:13 - 2014-06-08 22:12 - 00000014 _____ () C:\Users\Shival\Desktop\bleeplord.txt
2014-06-08 22:10 - 2014-06-08 22:10 - 00000000 _____ () C:\Users\Shival\Desktop\why.txt
2014-06-08 22:05 - 2014-06-08 22:05 - 00001831 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jitsi.lnk
2014-06-08 22:05 - 2014-06-08 22:05 - 00001819 _____ () C:\Users\Public\Desktop\Jitsi.lnk
2014-06-08 22:05 - 2014-06-08 22:05 - 00000000 ____D () C:\Program Files (x86)\Jitsi
2014-06-08 21:19 - 2014-06-08 21:16 - 43169528 _____ (jitsi.org) C:\Users\Shival\Desktop\jitsi-2.4-latest-x86.exe
2014-06-08 21:18 - 2014-06-08 21:18 - 00000000 _____ () C:\Users\Shival\Desktop\diediediedie.txt
2014-06-08 14:21 - 2014-06-08 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2014-06-08 14:09 - 2014-06-08 14:07 - 30992256 _____ () C:\Users\Shival\Desktop\TomTomHOME2winlatest.exe
2014-06-08 12:52 - 2014-06-08 12:44 - 00000000 ____D () C:\Program Files (x86)\TomTom International B.V
2014-06-08 12:46 - 2009-07-14 19:55 - 00740422 _____ () C:\Windows\system32\perfh015.dat
2014-06-08 12:46 - 2009-07-14 19:55 - 00155996 _____ () C:\Windows\system32\perfc015.dat
2014-06-08 12:46 - 2009-07-14 07:13 - 01670518 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-08 12:44 - 2014-06-08 12:44 - 06715624 _____ (TomTom International B.V.) C:\Users\Shival\Desktop\InstallMyDriveConnect.exe
2014-06-08 12:44 - 2014-06-08 12:44 - 00000000 ____D () C:\Program Files (x86)\MyDrive Connect
2014-06-04 22:51 - 2014-03-31 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-04 22:51 - 2013-07-24 00:54 - 00000000 ____D () C:\ProgramData\Skype
2014-06-01 21:27 - 2009-07-14 07:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-01 03:53 - 2014-06-01 03:43 - 00003561 _____ () C:\Users\Shival\Desktop\list.txt
2014-05-31 22:38 - 2014-05-27 15:53 - 00000000 ____D () C:\Users\Shival\AppData\Roaming\IVONA Reader
2014-05-31 16:54 - 2014-05-31 16:54 - 00000000 _____ () C:\Users\Shival\Desktop\transformice.txt
2014-05-31 16:28 - 2014-05-31 16:28 - 00000000 _____ () C:\Users\Shival\Desktop\KOTCOSIĘSTAŁO.txt
2014-05-30 17:37 - 2014-04-19 15:19 - 00000000 ____D () C:\Users\Shival\Desktop\Posejdon Zeus Faraon Kleopatra PL DW-Kadele-13-06-2013
2014-05-29 00:04 - 2014-05-29 00:02 - 11304038 _____ ( ) C:\Users\Shival\Desktop\K-Lite_Codec_Pack_1050_Basic.exe
2014-05-27 21:46 - 2014-05-27 21:46 - 00000051 _____ () C:\Users\Shival\Desktop\fitmap.txt
2014-05-27 16:43 - 2014-05-27 16:43 - 00000000 ____D () C:\Users\Shival\AppData\Roaming\IVONA 2 Voice
2014-05-27 15:53 - 2014-05-27 15:53 - 00000796 _____ () C:\Users\Public\Desktop\IVONA Reader.lnk
2014-05-27 15:53 - 2014-05-27 15:53 - 00000000 ___RD () C:\Users\Shival\Documents\IVONA Reader Podcasts
2014-05-27 15:53 - 2014-05-27 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IVONA
2014-05-27 15:51 - 2014-05-27 15:51 - 00000000 ____D () C:\Users\Shival\Nowy folder
2014-05-27 15:51 - 2013-07-20 20:58 - 00000000 ____D () C:\Users\Shival
2014-05-27 15:49 - 2014-05-27 15:49 - 00000000 ____D () C:\Users\Shival\Desktop\IVONA.2.Voice.Jacek.1.6.3
2014-05-27 15:08 - 2014-04-30 22:41 - 00002026 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-05-27 15:08 - 2014-01-30 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-05-27 15:08 - 2013-07-21 01:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-27 01:56 - 2014-05-27 01:39 - 00025165 _____ () C:\Users\Shival\Desktop\NieWierzęWNicJuż.odt
2014-05-27 01:52 - 2014-05-27 01:39 - 00017100 _____ () C:\Users\Shival\Desktop\AnotherBrickInThewall.odt
2014-05-27 01:49 - 2014-03-14 15:23 - 00000000 ____D () C:\Users\Shival\Desktop\maturkla
2014-05-27 01:48 - 2014-05-27 01:39 - 00017873 _____ () C:\Users\Shival\Desktop\Imagine.odt
2014-05-27 01:42 - 2014-05-27 01:39 - 00013128 _____ () C:\Users\Shival\Desktop\Noł Fjuczer.odt
2014-05-26 01:25 - 2013-11-22 18:34 - 00000000 ____D () C:\Users\Shival\AppData\Roaming\deluge
2014-05-25 13:57 - 2014-05-25 13:57 - 00359755 _____ () C:\Users\Shival\Desktop\Elliot Rodger, Santa Barbara mass shooting suspect, 'My Twisted World' manifesto.htm
2014-05-25 13:57 - 2014-05-25 13:57 - 00000000 ____D () C:\Users\Shival\Desktop\Elliot Rodger, Santa Barbara mass shooting suspect, 'My Twisted World' manifesto_pliki
2014-05-25 00:59 - 2009-07-14 06:45 - 00010128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-25 00:59 - 2009-07-14 06:45 - 00010128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-24 16:06 - 2014-05-24 15:59 - 93056872 _____ () C:\Users\Shival\Desktop\Elliot Rodgers Retribution (HD).mp4
2014-05-23 00:32 - 2014-05-23 00:32 - 00000000 ____D () C:\Users\Shival\Desktop\V- The Musical
2014-05-22 20:32 - 2014-05-22 20:32 - 00000000 ____D () C:\Users\Shival\Desktop\sss
2014-05-22 20:22 - 2014-05-22 20:22 - 06839766 _____ () C:\Users\Shival\Desktop\sss.rar
2014-05-20 11:44 - 2014-05-20 11:36 - 00000145 _____ () C:\Users\Shival\Desktop\Znajomi.txt

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 17:50

==================== End Of Log ============================

 

Current GMER Log

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-18 16:34:51
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 SAMSUNG_HD502HI rev.1AG01113 465,76GB
Running: c7vwpfvt.exe; Driver: D:\TEMP\pgddqpoc.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload                                                              fffff88004d97d8c 12 bytes {MOV RAX, 0xfffffa8004ba12a0; JMP RAX}

---- User code sections - GMER 2.1 ----

.text   C:\Windows\system32\AUDIODG.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                     0000000077361380 10 bytes {MOV EAX, 0x334ca; MOVSXD RAX, EAX; JMP RAX}
.text   C:\Windows\system32\AUDIODG.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                       0000000077361550 10 bytes {MOV EAX, 0x334f6; MOVSXD RAX, EAX; JMP RAX}
.text   C:\Windows\system32\AUDIODG.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                       0000000077361650 10 bytes {MOV EAX, 0x3331f; MOVSXD RAX, EAX; JMP RAX}
.text   C:\Windows\system32\AUDIODG.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                           0000000077361700 10 bytes {MOV EAX, 0x33406; MOVSXD RAX, EAX; JMP RAX}
.text   C:\Windows\system32\AUDIODG.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                            0000000077361750 10 bytes {MOV EAX, 0x33522; MOVSXD RAX, EAX; JMP RAX}
.text   C:\Windows\system32\AUDIODG.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                             0000000077361790 10 bytes {MOV EAX, 0x3336b; MOVSXD RAX, EAX; JMP RAX}
.text   C:\Windows\system32\AUDIODG.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                           0000000077361d30 10 bytes {MOV EAX, 0x333b7; MOVSXD RAX, EAX; JMP RAX}
.text   C:\Windows\system32\AUDIODG.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                      0000000077362130 10 bytes {MOV EAX, 0x3356e; MOVSXD RAX, EAX; JMP RAX}
.text   C:\Windows\system32\AUDIODG.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                         00000000773625c0 10 bytes {MOV EAX, 0x33452; MOVSXD RAX, EAX; JMP RAX}
.text   C:\Windows\system32\AUDIODG.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                         00000000773627e0 10 bytes {MOV EAX, 0x3349e; MOVSXD RAX, EAX; JMP RAX}
.text   C:\Windows\system32\AUDIODG.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                     00000000773629a0 10 bytes {MOV EAX, 0x335c6; MOVSXD RAX, EAX; JMP RAX}
.text   C:\Windows\system32\AUDIODG.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemTime                            00000000773629c0 10 bytes {MOV EAX, 0x3359a; MOVSXD RAX, EAX; JMP RAX}
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 1              000000007750fc81 3 bytes [BC, 3A, 19]
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5              000000007750fc85 2 bytes {JMP RAX}
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory + 1              000000007750fe15 3 bytes [65, 39, 19]
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory + 5              000000007750fe19 2 bytes {JMP RAX}
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread + 1                  000000007750ff25 3 bytes [F8, 39, 19]
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread + 5                  000000007750ff29 2 bytes {JMP RAX}
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 1                   000000007750ffa5 3 bytes [ED, 3A, 19]
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5                   000000007750ffa9 2 bytes {JMP RAX}
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 1                    0000000077510005 3 bytes [96, 39, 19]
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 5                    0000000077510009 2 bytes {JMP RAX}
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 1                  00000000775108a5 3 bytes [C7, 39, 19]
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 5                  00000000775108a9 2 bytes {JMP RAX}
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 1             0000000077510ed9 3 bytes [1E, 3B, 19]
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 5             0000000077510edd 2 bytes {JMP RAX}
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThreadEx + 1                00000000775115d5 3 bytes [29, 3A, 19]
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThreadEx + 5                00000000775115d9 2 bytes {JMP RAX}
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 1                0000000077511921 3 bytes [5A, 3A, 19]
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 5                0000000077511925 2 bytes {JMP RAX}
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 1            0000000077511be5 3 bytes [80, 3B, 19]
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 5            0000000077511be9 2 bytes {JMP RAX}
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemTime + 1                   0000000077511c15 3 bytes [4F, 3B, 19]
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemTime + 5                   0000000077511c19 2 bytes {JMP RAX}
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\syswow64\USER32.dll!GetClassNameW + 466                  0000000075726cd6 3 bytes [B1, 3B, 19]
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\syswow64\USER32.dll!GetClassNameW + 470                  0000000075726cda 2 bytes {JMP RAX}
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\syswow64\USER32.dll!GetPropW + 94                        0000000075727227 3 bytes [13, 3C, 19]
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\syswow64\USER32.dll!GetPropW + 98                        000000007572722b 2 bytes {JMP RAX}
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\syswow64\USER32.dll!RemovePropW + 237                    0000000075728e4f 3 bytes [44, 3C, 19]
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\syswow64\USER32.dll!RemovePropW + 241                    0000000075728e53 2 bytes {JMP RAX}
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\syswow64\USER32.dll!BeginPaint + 59                      0000000075730ef5 3 bytes [E2, 3B, 19]
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\syswow64\USER32.dll!BeginPaint + 63                      0000000075730ef9 2 bytes {JMP RAX}
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\syswow64\USER32.dll!SendInput + 1                        000000007575195f 3 bytes [75, 3C, 19]
.text   C:\Users\Shival\Desktop\c7vwpfvt.exe[1396] C:\Windows\syswow64\USER32.dll!SendInput + 5                        0000000075751963 2 bytes {JMP RAX}

---- Kernel IAT/EAT - GMER 2.1 ----

IAT     C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                 [fffff8800107df1c] \SystemRoot\System32\Drivers\sptd.sys [.text]
IAT     C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                        [fffff8800107dcc0] \SystemRoot\System32\Drivers\sptd.sys [.text]
IAT     C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                       [fffff8800107e69c] \SystemRoot\System32\Drivers\sptd.sys [.text]
IAT     C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong]                                       [fffff8800107ea98] \SystemRoot\System32\Drivers\sptd.sys [.text]
IAT     C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                [fffff8800107e8f4] \SystemRoot\System32\Drivers\sptd.sys [.text]

---- Devices - GMER 2.1 ----

Device  \Driver\atapi \Device\Ide\IdePort0                                                                             fffffa80039ae2c0
Device  \Driver\atapi \Device\Ide\IdePort1                                                                             fffffa80039ae2c0
Device  \Driver\atapi \Device\Ide\IdePort2                                                                             fffffa80039ae2c0
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1                                                                    fffffa80039ae2c0
Device  \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2                                                                    fffffa80039ae2c0
Device  \Driver\atapi \Device\Ide\IdePort3                                                                             fffffa80039ae2c0
Device  \FileSystem\Ntfs \Ntfs                                                                                         fffffa8003a612c0
Device  \FileSystem\fastfat \Fat                                                                                       fffffa80065ae2c0
Device  \Driver\usbehci \Device\USBPDO-5                                                                               fffffa80051762c0
Device  \Driver\usbohci \Device\USBFDO-3                                                                               fffffa80051692c0
Device  \Driver\usbohci \Device\USBPDO-1                                                                               fffffa80051692c0
Device  \Driver\cdrom \Device\CdRom0                                                                                   fffffa8004adf2c0
Device  \Driver\NetBT \Device\NetBT_Tcpip_{6AD0942D-8F04-4849-A51B-C9E025E4D85B}                                       fffffa8004cc22c0
Device  \Driver\usbohci \Device\USBPDO-6                                                                               fffffa80051692c0
Device  \Driver\usbohci \Device\USBFDO-4                                                                               fffffa80051692c0
Device  \Driver\usbohci \Device\USBFDO-0                                                                               fffffa80051692c0
Device  \Driver\usbehci \Device\USBPDO-2                                                                               fffffa80051762c0
Device  \Driver\usbehci \Device\USBFDO-5                                                                               fffffa80051762c0
Device  \Driver\usbohci \Device\USBPDO-3                                                                               fffffa80051692c0
Device  \Driver\usbohci \Device\USBFDO-1                                                                               fffffa80051692c0
Device  \Driver\NetBT \Device\NetBT_Tcpip_{290A358D-5216-448C-9EA0-74BE55DE05F4}                                       fffffa8004cc22c0
Device  \Driver\NetBT \Device\NetBt_Wins_Export                                                                        fffffa8004cc22c0
Device  \Driver\usbohci \Device\USBFDO-6                                                                               fffffa80051692c0
Device  \Driver\usbohci \Device\USBPDO-4                                                                               fffffa80051692c0
Device  \Driver\usbehci \Device\USBFDO-2                                                                               fffffa80051762c0
Device  \Driver\atapi \Device\ScsiPort0                                                                                fffffa80039ae2c0
Device  \Driver\usbohci \Device\USBPDO-0                                                                               fffffa80051692c0
Device  \Driver\atapi \Device\ScsiPort1                                                                                fffffa80039ae2c0
Device  \Driver\atapi \Device\ScsiPort2                                                                                fffffa80039ae2c0
Device  \Driver\atapi \Device\ScsiPort3                                                                                fffffa80039ae2c0

---- Trace I/O - GMER 2.1 ----

Trace   ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80039ae2c0]<< sptd.sys ataport.SYS pciide.sys   fffffa80039ae2c0
Trace   1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004984060]                                                fffffa8004984060
Trace   3 CLASSPNP.SYS[fffff880022ec43f] -> nt!IofCallDriver -> [0xfffffa8003aee520]                                   fffffa8003aee520
Trace   5 ACPI.sys[fffff88000f047a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8003aeb680]          fffffa8003aeb680
Trace   \Driver\atapi[0xfffffa8003ae95e0] -> IRP_MJ_CREATE -> 0xfffffa80039ae2c0                                       fffffa80039ae2c0

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations                              ???k????????????USB?????????????s????????????????????t??so??volsnap.inf:MSFT.NTamd64:volume_snapshot_install:6.1.7600.16385:storage\volumesnapshot?86)??Audio_Device?????????k????N??????s?????Dol???????????????????????????????????n??????????????????USBPRINT\HPDeskjet_F4200_seri4FDB?HPDeskjet_F4200_seri4FDB??????{5662cae7-56bb-599b-a887-4df3f4c46d5b}??????{4d36e979-e325-11ce-bfc1-08002be10318}??????????????????????????USB??o????????????????????????????????????????????.????????????e????6.1.7601.17514?rog??usbccgp?D??????????p????????????????\??\USB#VID_03F0&PID_2504#CN8CF4Z07F05BR#{a5dcbf10-6530-11d2-901f-00c04fb951ed}?????????????????????????????????????0000.0013.0002.005.000.000.000.000.000??????Deskjet F4200 series????????????????????????????????????????????????????????????????????HP DeskJet F4200 (DOT4USB)??????@usbprint.inf,%usbprint.devicedesc%;Uniwersalna drukarka USB????????????????????????????????????????????????6.1.7600.16385???????????????e???e??6-21-2006???usb.inf:Generic.Section.NTamd64:Composite.D
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                               
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                            C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                            0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                            0
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)           
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                0

---- EOF - GMER 2.1 ----
 

 

Wow, thats a lot of scrolling. Thanks for going trough this :)
 


Edited by shival, 18 June 2014 - 12:10 PM.


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,249 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:36 PM

Posted 22 June 2014 - 08:59 AM

¤¤¤ Szkodliwe procesy : 1 ¤¤¤
[Suspicious.Path] etu2iasg.exe -- D:\TEMP\7DAD633C-13E6175D-279D8F98-9775DFB1\etu2iasg.exe[7] -> ZAKOŃCZONO [TermProc]


Unless you know what this is run the RogueKiller tool and delete it.

===

Do you know what this is?
Are you sure that this is safe?
S3 g23ky4ym; C:\Windows\SysWOW64\drivers\g23ky4ym.sys [35904 2014-06-18] (VirusBlokAda Ltd.)
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

SearchScopes: HKLM-x32 - DefaultScope value is missing.
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF SearchPlugin: C:\Users\Shival\AppData\Roaming\Mozilla\Firefox\Profiles\qke6ul0o.default\searchplugins\duckduckgo-next.xml
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

end

Save the files as fixlist.txt in to the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

In a few words what is the issue(s) with this computer.

#3 shival

shival
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 22 June 2014 - 11:56 AM

Thanks for reply!

 

 

Unless you know what this is run the RogueKiller tool and delete it.

 

I have no idea what it is but it appears that it was deleted last time. Deleted the folder manually anyway.

 

Do you know what this is?
Are you sure that this is safe?
S3 g23ky4ym; C:\Windows\SysWOW64\drivers\g23ky4ym.sys [35904 2014-06-18] (VirusBlokAda Ltd.)

I think its from VBA32arkit which I downloaded from your site.

 

 

The tool will create a log (Fixlog.txt) please post it to your reply.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-06-2014 01
Ran by Shival at 2014-06-22 18:38:16 Run:1
Running from C:\Users\Shival\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

SearchScopes: HKLM-x32 - DefaultScope value is missing.
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF SearchPlugin: C:\Users\Shival\AppData\Roaming\Mozilla\Firefox\Profiles\qke6ul0o.default\searchplugins\duckduckgo-next.xml
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

end
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File'=> Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File'=> Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin' => Key deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
C:\Users\Shival\AppData\Roaming\Mozilla\Firefox\Profiles\qke6ul0o.default\searchplugins\duckduckgo-next.xml => Moved successfully.
catchme => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.

==== End of Fixlog ====

 

 

In a few words what is the issue(s) with this computer.

trojan.pws.panda.5661 in vsmon.exe every reboot

imho unnatural activity in wireshark

paranormal activity with some programs (for example I needed to reinstall my video player + codecs before for no reason)

50/50 chances it &&#%!@# all my SIP comunicators, which stopped working (or its ISP, you never can trust them)

 

Or im just paranoid bastard and thats very possible too. :bananas:

 

https://mega.co.nz/#!0lEhkRzA!mcTsK0mgGlGh6V4Z8dyuZhNmMb9iG859wyb37fGG-Hw - Wireshark pcapng file , if you wondered


Edited by shival, 22 June 2014 - 12:09 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,249 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:36 PM

Posted 22 June 2014 - 12:37 PM

vsmon.exe if from ZoneAlarm. It should be good.

Lets check your Boot process.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

#5 shival

shival
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 22 June 2014 - 01:13 PM

Ah, yes, of course, vsmon is from zone alarm... Im getting more and more afraid its all just my paranoia /facepalm

 

 

19:41:07.0924 0x10c4  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
19:41:10.0301 0x10c4  ============================================================
19:41:10.0301 0x10c4  Current date / time: 2014/06/22 19:41:10.0301
19:41:10.0301 0x10c4  SystemInfo:
19:41:10.0301 0x10c4  
19:41:10.0301 0x10c4  OS Version: 6.1.7601 ServicePack: 1.0
19:41:10.0302 0x10c4  Product type: Workstation
19:41:10.0302 0x10c4  ComputerName: KOMPUTER
19:41:10.0302 0x10c4  UserName: Shival
19:41:10.0302 0x10c4  Windows directory: C:\Windows
19:41:10.0302 0x10c4  System windows directory: C:\Windows
19:41:10.0302 0x10c4  Running under WOW64
19:41:10.0302 0x10c4  Processor architecture: Intel x64
19:41:10.0302 0x10c4  Number of processors: 2
19:41:10.0302 0x10c4  Page size: 0x1000
19:41:10.0302 0x10c4  Boot type: Normal boot
19:41:10.0302 0x10c4  ============================================================
19:41:12.0199 0x10c4  KLMD registered as C:\Windows\system32\drivers\75095421.sys
19:41:12.0568 0x10c4  System UUID: {290F74B0-FADE-B61F-997C-436C033098AA}
19:41:13.0172 0x10c4  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xCF0156, SectorsPerTrack: 0x4, TracksPerCylinder: 0x12, Type 'K0', Flags 0x00000040
19:41:13.0178 0x10c4  ============================================================
19:41:13.0178 0x10c4  \Device\Harddisk0\DR0:
19:41:13.0179 0x10c4  MBR partitions:
19:41:13.0179 0x10c4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:41:13.0179 0x10c4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A98000
19:41:13.0205 0x10c4  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3ACAEC0, BlocksNum 0x17318720
19:41:13.0223 0x10c4  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x1ADE38C2, BlocksNum 0x1F5A25F4
19:41:13.0223 0x10c4  ============================================================
19:41:13.0251 0x10c4  C: <-> \Device\Harddisk0\DR0\Partition2
19:41:13.0278 0x10c4  D: <-> \Device\Harddisk0\DR0\Partition3
19:41:13.0301 0x10c4  E: <-> \Device\Harddisk0\DR0\Partition4
19:41:13.0301 0x10c4  ============================================================
19:41:13.0302 0x10c4  Initialize success
19:41:13.0302 0x10c4  ============================================================
19:41:51.0088 0x0f88  ============================================================
19:41:51.0088 0x0f88  Scan started
19:41:51.0088 0x0f88  Mode: Manual;
19:41:51.0088 0x0f88  ============================================================
19:41:51.0088 0x0f88  KSN ping started
19:41:53.0865 0x0f88  KSN ping finished: true
19:41:54.0858 0x0f88  ================ Scan system memory ========================
19:41:54.0858 0x0f88  System memory - ok
19:41:54.0859 0x0f88  ================ Scan services =============================
19:41:55.0091 0x0f88  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:41:55.0103 0x0f88  1394ohci - ok
19:41:55.0157 0x0f88  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:41:55.0163 0x0f88  ACPI - ok
19:41:55.0187 0x0f88  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:41:55.0189 0x0f88  AcpiPmi - ok
19:41:55.0333 0x0f88  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:41:55.0336 0x0f88  AdobeARMservice - ok
19:41:55.0395 0x0f88  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:41:55.0419 0x0f88  adp94xx - ok
19:41:55.0471 0x0f88  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:41:55.0488 0x0f88  adpahci - ok
19:41:55.0531 0x0f88  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:41:55.0541 0x0f88  adpu320 - ok
19:41:55.0570 0x0f88  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:41:55.0574 0x0f88  AeLookupSvc - ok
19:41:55.0622 0x0f88  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
19:41:55.0641 0x0f88  AFD - ok
19:41:55.0665 0x0f88  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
19:41:55.0669 0x0f88  agp440 - ok
19:41:55.0693 0x0f88  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
19:41:55.0696 0x0f88  ALG - ok
19:41:55.0723 0x0f88  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:41:55.0725 0x0f88  aliide - ok
19:41:55.0754 0x0f88  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
19:41:55.0757 0x0f88  amdide - ok
19:41:55.0775 0x0f88  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:41:55.0780 0x0f88  AmdK8 - ok
19:41:55.0796 0x0f88  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:41:55.0797 0x0f88  AmdPPM - ok
19:41:55.0829 0x0f88  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:41:55.0833 0x0f88  amdsata - ok
19:41:55.0859 0x0f88  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:41:55.0865 0x0f88  amdsbs - ok
19:41:55.0871 0x0f88  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:41:55.0872 0x0f88  amdxata - ok
19:41:55.0908 0x0f88  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
19:41:55.0912 0x0f88  AppID - ok
19:41:55.0927 0x0f88  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:41:55.0931 0x0f88  AppIDSvc - ok
19:41:55.0967 0x0f88  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
19:41:55.0971 0x0f88  Appinfo - ok
19:41:56.0014 0x0f88  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
19:41:56.0021 0x0f88  AppMgmt - ok
19:41:56.0045 0x0f88  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:41:56.0049 0x0f88  arc - ok
19:41:56.0073 0x0f88  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:41:56.0077 0x0f88  arcsas - ok
19:41:56.0187 0x0f88  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:41:56.0209 0x0f88  aspnet_state - ok
19:41:56.0263 0x0f88  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:41:56.0266 0x0f88  AsyncMac - ok
19:41:56.0291 0x0f88  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:41:56.0292 0x0f88  atapi - ok
19:41:56.0348 0x0f88  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:41:56.0379 0x0f88  AudioEndpointBuilder - ok
19:41:56.0411 0x0f88  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:41:56.0439 0x0f88  AudioSrv - ok
19:41:56.0481 0x0f88  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:41:56.0486 0x0f88  AxInstSV - ok
19:41:56.0522 0x0f88  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
19:41:56.0537 0x0f88  b06bdrv - ok
19:41:56.0578 0x0f88  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:41:56.0592 0x0f88  b57nd60a - ok
19:41:56.0622 0x0f88  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:41:56.0627 0x0f88  BDESVC - ok
19:41:56.0644 0x0f88  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:41:56.0646 0x0f88  Beep - ok
19:41:56.0693 0x0f88  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
19:41:56.0723 0x0f88  BFE - ok
19:41:56.0785 0x0f88  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
19:41:56.0817 0x0f88  BITS - ok
19:41:56.0834 0x0f88  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:41:56.0837 0x0f88  blbdrive - ok
19:41:56.0929 0x0f88  [ 5AB58C337AC65837FE404462AD6265AB, F7E145F5D8DB1017D5B7B9D5380100F170FE5CC2050B5F7346A521B7B72D2166 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
19:41:56.0943 0x0f88  Bonjour Service - ok
19:41:56.0970 0x0f88  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:41:56.0974 0x0f88  bowser - ok
19:41:56.0992 0x0f88  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:41:56.0994 0x0f88  BrFiltLo - ok
19:41:57.0012 0x0f88  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:41:57.0014 0x0f88  BrFiltUp - ok
19:41:57.0030 0x0f88  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
19:41:57.0034 0x0f88  BridgeMP - ok
19:41:57.0063 0x0f88  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
19:41:57.0069 0x0f88  Browser - ok
19:41:57.0091 0x0f88  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:41:57.0101 0x0f88  Brserid - ok
19:41:57.0121 0x0f88  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:41:57.0124 0x0f88  BrSerWdm - ok
19:41:57.0144 0x0f88  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:41:57.0146 0x0f88  BrUsbMdm - ok
19:41:57.0157 0x0f88  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:41:57.0160 0x0f88  BrUsbSer - ok
19:41:57.0186 0x0f88  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:41:57.0195 0x0f88  BTHMODEM - ok
19:41:57.0253 0x0f88  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
19:41:57.0279 0x0f88  bthserv - ok
19:41:57.0326 0x0f88  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:41:57.0358 0x0f88  cdfs - ok
19:41:57.0397 0x0f88  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:41:57.0406 0x0f88  cdrom - ok
19:41:57.0443 0x0f88  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:41:57.0448 0x0f88  CertPropSvc - ok
19:41:57.0472 0x0f88  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:41:57.0474 0x0f88  circlass - ok
19:41:57.0514 0x0f88  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
19:41:57.0526 0x0f88  CLFS - ok
19:41:57.0576 0x0f88  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:41:57.0579 0x0f88  clr_optimization_v2.0.50727_32 - ok
19:41:57.0626 0x0f88  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:41:57.0630 0x0f88  clr_optimization_v2.0.50727_64 - ok
19:41:57.0706 0x0f88  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:41:57.0750 0x0f88  clr_optimization_v4.0.30319_32 - ok
19:41:57.0771 0x0f88  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:41:57.0781 0x0f88  clr_optimization_v4.0.30319_64 - ok
19:41:57.0803 0x0f88  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:41:57.0806 0x0f88  CmBatt - ok
19:41:57.0825 0x0f88  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:41:57.0829 0x0f88  cmdide - ok
19:41:57.0882 0x0f88  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
19:41:57.0893 0x0f88  CNG - ok
19:41:57.0908 0x0f88  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:41:57.0911 0x0f88  Compbatt - ok
19:41:57.0947 0x0f88  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:41:57.0950 0x0f88  CompositeBus - ok
19:41:57.0963 0x0f88  COMSysApp - ok
19:41:57.0980 0x0f88  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:41:57.0982 0x0f88  crcdisk - ok
19:41:58.0025 0x0f88  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:41:58.0032 0x0f88  CryptSvc - ok
19:41:58.0068 0x0f88  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
19:41:58.0083 0x0f88  CSC - ok
19:41:58.0126 0x0f88  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
19:41:58.0143 0x0f88  CscService - ok
19:41:58.0203 0x0f88  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:41:58.0226 0x0f88  DcomLaunch - ok
19:41:58.0271 0x0f88  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
19:41:58.0292 0x0f88  defragsvc - ok
19:41:58.0327 0x0f88  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:41:58.0332 0x0f88  DfsC - ok
19:41:58.0363 0x0f88  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:41:58.0370 0x0f88  Dhcp - ok
19:41:58.0383 0x0f88  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
19:41:58.0387 0x0f88  discache - ok
19:41:58.0430 0x0f88  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:41:58.0433 0x0f88  Disk - ok
19:41:58.0466 0x0f88  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:41:58.0477 0x0f88  Dnscache - ok
19:41:58.0520 0x0f88  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:41:58.0534 0x0f88  dot3svc - ok
19:41:58.0573 0x0f88  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
19:41:58.0583 0x0f88  DPS - ok
19:41:58.0626 0x0f88  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:41:58.0628 0x0f88  drmkaud - ok
19:41:58.0706 0x0f88  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:41:58.0745 0x0f88  DXGKrnl - ok
19:41:58.0778 0x0f88  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
19:41:58.0785 0x0f88  EapHost - ok
19:41:58.0920 0x0f88  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
19:41:59.0016 0x0f88  ebdrv - ok
19:41:59.0047 0x0f88  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\Windows\System32\lsass.exe
19:41:59.0050 0x0f88  EFS - ok
19:41:59.0133 0x0f88  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:41:59.0178 0x0f88  ehRecvr - ok
19:41:59.0207 0x0f88  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
19:41:59.0212 0x0f88  ehSched - ok
19:41:59.0264 0x0f88  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:41:59.0280 0x0f88  elxstor - ok
19:41:59.0312 0x0f88  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:41:59.0314 0x0f88  ErrDev - ok
19:41:59.0380 0x0f88  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
19:41:59.0391 0x0f88  EventSystem - ok
19:41:59.0431 0x0f88  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
19:41:59.0438 0x0f88  exfat - ok
19:41:59.0467 0x0f88  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:41:59.0477 0x0f88  fastfat - ok
19:41:59.0553 0x0f88  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
19:41:59.0588 0x0f88  Fax - ok
19:41:59.0619 0x0f88  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:41:59.0622 0x0f88  fdc - ok
19:41:59.0649 0x0f88  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
19:41:59.0653 0x0f88  fdPHost - ok
19:41:59.0665 0x0f88  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:41:59.0668 0x0f88  FDResPub - ok
19:41:59.0693 0x0f88  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:41:59.0695 0x0f88  FileInfo - ok
19:41:59.0712 0x0f88  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:41:59.0714 0x0f88  Filetrace - ok
19:41:59.0747 0x0f88  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:41:59.0751 0x0f88  flpydisk - ok
19:41:59.0799 0x0f88  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:41:59.0816 0x0f88  FltMgr - ok
19:41:59.0904 0x0f88  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
19:41:59.0942 0x0f88  FontCache - ok
19:41:59.0976 0x0f88  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:41:59.0978 0x0f88  FontCache3.0.0.0 - ok
19:41:59.0994 0x0f88  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:41:59.0997 0x0f88  FsDepends - ok
19:42:00.0028 0x0f88  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:42:00.0030 0x0f88  Fs_Rec - ok
19:42:00.0060 0x0f88  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:42:00.0065 0x0f88  fvevol - ok
19:42:00.0090 0x0f88  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:42:00.0093 0x0f88  gagp30kx - ok
19:42:00.0149 0x0f88  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:42:00.0173 0x0f88  gpsvc - ok
19:42:00.0192 0x0f88  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:42:00.0194 0x0f88  hcw85cir - ok
19:42:00.0242 0x0f88  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:42:00.0253 0x0f88  HdAudAddService - ok
19:42:00.0291 0x0f88  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:42:00.0294 0x0f88  HDAudBus - ok
19:42:00.0313 0x0f88  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:42:00.0339 0x0f88  HidBatt - ok
19:42:00.0355 0x0f88  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:42:00.0359 0x0f88  HidBth - ok
19:42:00.0382 0x0f88  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:42:00.0385 0x0f88  HidIr - ok
19:42:00.0411 0x0f88  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
19:42:00.0414 0x0f88  hidserv - ok
19:42:00.0464 0x0f88  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:42:00.0466 0x0f88  HidUsb - ok
19:42:00.0577 0x0f88  [ DFD1D30D8B68D883B5858748F7E35AD2, 051C9940054558DCB96746C0425A52F5294194163946B4A2A9CAEA64CFA855A1 ] HiPatchService  D:\Gry\smite\HiPatchService.exe
19:42:00.0578 0x0f88  HiPatchService - ok
19:42:00.0609 0x0f88  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:42:00.0617 0x0f88  hkmsvc - ok
19:42:00.0660 0x0f88  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:42:00.0675 0x0f88  HomeGroupListener - ok
19:42:00.0715 0x0f88  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:42:00.0727 0x0f88  HomeGroupProvider - ok
19:42:00.0753 0x0f88  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:42:00.0757 0x0f88  HpSAMD - ok
19:42:00.0802 0x0f88  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:42:00.0826 0x0f88  HTTP - ok
19:42:00.0846 0x0f88  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:42:00.0847 0x0f88  hwpolicy - ok
19:42:00.0877 0x0f88  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:42:00.0894 0x0f88  i8042prt - ok
19:42:00.0945 0x0f88  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:42:00.0967 0x0f88  iaStorV - ok
19:42:01.0019 0x0f88  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:42:01.0058 0x0f88  idsvc - ok
19:42:01.0082 0x0f88  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:42:01.0086 0x0f88  iirsp - ok
19:42:01.0154 0x0f88  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
19:42:01.0187 0x0f88  IKEEXT - ok
19:42:01.0218 0x0f88  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:42:01.0221 0x0f88  intelide - ok
19:42:01.0242 0x0f88  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:42:01.0246 0x0f88  intelppm - ok
19:42:01.0281 0x0f88  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:42:01.0289 0x0f88  IPBusEnum - ok
19:42:01.0324 0x0f88  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:42:01.0330 0x0f88  IpFilterDriver - ok
19:42:01.0372 0x0f88  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:42:01.0387 0x0f88  iphlpsvc - ok
19:42:01.0408 0x0f88  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:42:01.0412 0x0f88  IPMIDRV - ok
19:42:01.0435 0x0f88  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:42:01.0440 0x0f88  IPNAT - ok
19:42:01.0471 0x0f88  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:42:01.0474 0x0f88  IRENUM - ok
19:42:01.0501 0x0f88  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:42:01.0504 0x0f88  isapnp - ok
19:42:01.0539 0x0f88  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:42:01.0552 0x0f88  iScsiPrt - ok
19:42:01.0577 0x0f88  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:42:01.0582 0x0f88  kbdclass - ok
19:42:01.0604 0x0f88  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:42:01.0608 0x0f88  kbdhid - ok
19:42:01.0624 0x0f88  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\Windows\system32\lsass.exe
19:42:01.0627 0x0f88  KeyIso - ok
19:42:02.0070 0x0f88  [ 1C6256096A341051509D36AD724830BE, 025F7E1E979DC8C4794FC7D3581D6BCF6E0F6DC327C6FCB925B6A8EDBE999A68 ] KL1             C:\Windows\system32\DRIVERS\kl1.sys
19:42:02.0288 0x0f88  KL1 - ok
19:42:02.0356 0x0f88  [ 33730023A37E259AB26F25C164BC2471, D9CE760D633821D7A7C06EFA76A95ECDA82ACABA44B4855610F77B63CC76473D ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
19:42:02.0367 0x0f88  KLIF - ok
19:42:02.0387 0x0f88  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:42:02.0392 0x0f88  KSecDD - ok
19:42:02.0416 0x0f88  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:42:02.0423 0x0f88  KSecPkg - ok
19:42:02.0449 0x0f88  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:42:02.0451 0x0f88  ksthunk - ok
19:42:02.0487 0x0f88  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:42:02.0498 0x0f88  KtmRm - ok
19:42:02.0558 0x0f88  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
19:42:02.0573 0x0f88  LanmanServer - ok
19:42:02.0596 0x0f88  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:42:02.0606 0x0f88  LanmanWorkstation - ok
19:42:02.0645 0x0f88  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:42:02.0650 0x0f88  lltdio - ok
19:42:02.0686 0x0f88  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:42:02.0703 0x0f88  lltdsvc - ok
19:42:02.0724 0x0f88  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:42:02.0728 0x0f88  lmhosts - ok
19:42:02.0755 0x0f88  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:42:02.0760 0x0f88  LSI_FC - ok
19:42:02.0774 0x0f88  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:42:02.0778 0x0f88  LSI_SAS - ok
19:42:02.0792 0x0f88  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:42:02.0796 0x0f88  LSI_SAS2 - ok
19:42:02.0805 0x0f88  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:42:02.0810 0x0f88  LSI_SCSI - ok
19:42:02.0831 0x0f88  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
19:42:02.0837 0x0f88  luafv - ok
19:42:02.0870 0x0f88  [ B3B7C5F26F3F8C7992350B7EDE64F5C9, 36EDF634012D2B1786E8A1D1890FA16E5658C695E14AF0DD085A552A37ACA314 ] MagicTune       C:\Windows\system32\drivers\MTiCtwl.sys
19:42:02.0873 0x0f88  MagicTune - ok
19:42:02.0900 0x0f88  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:42:02.0907 0x0f88  Mcx2Svc - ok
19:42:02.0926 0x0f88  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:42:02.0930 0x0f88  megasas - ok
19:42:02.0968 0x0f88  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:42:02.0983 0x0f88  MegaSR - ok
19:42:03.0003 0x0f88  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
19:42:03.0008 0x0f88  MMCSS - ok
19:42:03.0030 0x0f88  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
19:42:03.0035 0x0f88  Modem - ok
19:42:03.0065 0x0f88  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:42:03.0067 0x0f88  monitor - ok
19:42:03.0098 0x0f88  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:42:03.0103 0x0f88  mouclass - ok
19:42:03.0124 0x0f88  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:42:03.0129 0x0f88  mouhid - ok
19:42:03.0158 0x0f88  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:42:03.0162 0x0f88  mountmgr - ok
19:42:03.0216 0x0f88  [ 26EA1DAD601EE3ACAC301D66F07BA219, C9594BB15D53D4AC2156CCCD2DB65B2C20620F1F60DA85F48D1586FC10028096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:42:03.0223 0x0f88  MozillaMaintenance - ok
19:42:03.0248 0x0f88  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:42:03.0257 0x0f88  mpio - ok
19:42:03.0296 0x0f88  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:42:03.0316 0x0f88  mpsdrv - ok
19:42:03.0379 0x0f88  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:42:03.0409 0x0f88  MpsSvc - ok
19:42:03.0444 0x0f88  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:42:03.0449 0x0f88  MRxDAV - ok
19:42:03.0485 0x0f88  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:42:03.0492 0x0f88  mrxsmb - ok
19:42:03.0525 0x0f88  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:42:03.0536 0x0f88  mrxsmb10 - ok
19:42:03.0571 0x0f88  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:42:03.0576 0x0f88  mrxsmb20 - ok
19:42:03.0599 0x0f88  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:42:03.0602 0x0f88  msahci - ok
19:42:03.0638 0x0f88  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:42:03.0644 0x0f88  msdsm - ok
19:42:03.0665 0x0f88  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
19:42:03.0673 0x0f88  MSDTC - ok
19:42:03.0705 0x0f88  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:42:03.0708 0x0f88  Msfs - ok
19:42:03.0724 0x0f88  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:42:03.0726 0x0f88  mshidkmdf - ok
19:42:03.0753 0x0f88  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:42:03.0753 0x0f88  msisadrv - ok
19:42:03.0787 0x0f88  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:42:03.0797 0x0f88  MSiSCSI - ok
19:42:03.0804 0x0f88  msiserver - ok
19:42:03.0825 0x0f88  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:42:03.0828 0x0f88  MSKSSRV - ok
19:42:03.0851 0x0f88  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:42:03.0853 0x0f88  MSPCLOCK - ok
19:42:03.0869 0x0f88  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:42:03.0871 0x0f88  MSPQM - ok
19:42:03.0916 0x0f88  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:42:03.0923 0x0f88  MsRPC - ok
19:42:03.0943 0x0f88  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:42:03.0944 0x0f88  mssmbios - ok
19:42:03.0959 0x0f88  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:42:03.0961 0x0f88  MSTEE - ok
19:42:03.0974 0x0f88  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:42:03.0976 0x0f88  MTConfig - ok
19:42:04.0005 0x0f88  [ 03B7145C889603537E9FFEABB1AD1089, B3CD93B893D4A2370CBF382366C6F596372857F8711EF6FFF83BFE2B449F424E ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
19:42:04.0007 0x0f88  MTsensor - ok
19:42:04.0020 0x0f88  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
19:42:04.0022 0x0f88  Mup - ok
19:42:04.0071 0x0f88  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
19:42:04.0082 0x0f88  napagent - ok
19:42:04.0122 0x0f88  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:42:04.0135 0x0f88  NativeWifiP - ok
19:42:04.0188 0x0f88  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:42:04.0207 0x0f88  NDIS - ok
19:42:04.0227 0x0f88  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:42:04.0230 0x0f88  NdisCap - ok
19:42:04.0263 0x0f88  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:42:04.0266 0x0f88  NdisTapi - ok
19:42:04.0291 0x0f88  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:42:04.0295 0x0f88  Ndisuio - ok
19:42:04.0324 0x0f88  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:42:04.0334 0x0f88  NdisWan - ok
19:42:04.0361 0x0f88  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:42:04.0368 0x0f88  NDProxy - ok
19:42:04.0384 0x0f88  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:42:04.0390 0x0f88  NetBIOS - ok
19:42:04.0422 0x0f88  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:42:04.0437 0x0f88  NetBT - ok
19:42:04.0454 0x0f88  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\Windows\system32\lsass.exe
19:42:04.0455 0x0f88  Netlogon - ok
19:42:04.0494 0x0f88  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
19:42:04.0507 0x0f88  Netman - ok
19:42:04.0537 0x0f88  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:42:04.0542 0x0f88  NetMsmqActivator - ok
19:42:04.0564 0x0f88  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:42:04.0567 0x0f88  NetPipeActivator - ok
19:42:04.0598 0x0f88  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
19:42:04.0610 0x0f88  netprofm - ok
19:42:04.0621 0x0f88  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:42:04.0627 0x0f88  NetTcpActivator - ok
19:42:04.0637 0x0f88  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:42:04.0643 0x0f88  NetTcpPortSharing - ok
19:42:04.0669 0x0f88  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:42:04.0672 0x0f88  nfrd960 - ok
19:42:04.0714 0x0f88  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:42:04.0726 0x0f88  NlaSvc - ok
19:42:04.0764 0x0f88  [ 5FE6F8C05F0769BBB74AFAC11453B182, ACF6026EF8D038B73484AE59FBD03559E1263CE134473D7A8C3F97CF71BC640C ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
19:42:04.0766 0x0f88  nmwcd - ok
19:42:04.0791 0x0f88  [ 73C929945C0850B8D1FE2FEA05FDF05D, 665FBA777E5EF3F28828D19F2BBCCB778C1C6105BD830C1E29A1C4739663F0D3 ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
19:42:04.0794 0x0f88  nmwcdc - ok
19:42:04.0839 0x0f88  [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] NPF             C:\Windows\system32\drivers\npf.sys
19:42:04.0843 0x0f88  NPF - ok
19:42:04.0857 0x0f88  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:42:04.0863 0x0f88  Npfs - ok
19:42:04.0874 0x0f88  npggsvc - ok
19:42:04.0899 0x0f88  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
19:42:04.0904 0x0f88  nsi - ok
19:42:04.0917 0x0f88  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:42:04.0920 0x0f88  nsiproxy - ok
19:42:05.0029 0x0f88  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:42:05.0091 0x0f88  Ntfs - ok
19:42:05.0113 0x0f88  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
19:42:05.0115 0x0f88  Null - ok
19:42:05.0589 0x0f88  [ 757ACE4D4C9FF0571F86AA5D586B45E8, E7F23CC1DE26E2DAA690B78B05FC001EE0051F0ED9B9BCE9E7FA4E9684D4F3D4 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:42:05.0898 0x0f88  nvlddmkm - ok
19:42:06.0075 0x0f88  [ 1C7C6D7481CABD4EF38A81F5B68F02E8, C4FBE81B8A3F280EEAC282D76626E849197EDEEC8C755B7B12E3594776390DE7 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
19:42:06.0105 0x0f88  NvNetworkService - ok
19:42:06.0148 0x0f88  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:42:06.0156 0x0f88  nvraid - ok
19:42:06.0180 0x0f88  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:42:06.0186 0x0f88  nvstor - ok
19:42:06.0778 0x0f88  [ 7A03646D5330A790A9D47D9F9C38758D, D22F100BBB94C45468ADD301CC96C15365FEAEC9FE820AA4E7AB1A7AF486E3B0 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
19:42:07.0108 0x0f88  NvStreamSvc - ok
19:42:07.0220 0x0f88  [ 1C7CC708AC4A02A3BE8915539780534A, 0EBDE100880963BF1EC05002BA244CA7700693E958D1974CDD2AC3927D93224F ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:42:07.0239 0x0f88  nvsvc - ok
19:42:07.0280 0x0f88  [ 09216A70CC364D0974F606F6F2109210, 60877154D4DF5287D1989CDAA9863CD6DACA528D06233238498854A10C868C20 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
19:42:07.0285 0x0f88  nvvad_WaveExtensible - ok
19:42:07.0319 0x0f88  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:42:07.0327 0x0f88  nv_agp - ok
19:42:07.0353 0x0f88  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:42:07.0359 0x0f88  ohci1394 - ok
19:42:07.0449 0x0f88  [ 8C02B0CC65BEE71124A565062BA77B39, C3B4965D62995195A776581BA0750FA72833F4E2E1F8F9DC683F562C13A9E20C ] OpenVPNAccessClient C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
19:42:07.0450 0x0f88  OpenVPNAccessClient - ok
19:42:07.0531 0x0f88  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:42:07.0579 0x0f88  p2pimsvc - ok
19:42:07.0641 0x0f88  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
19:42:07.0664 0x0f88  p2psvc - ok
19:42:07.0688 0x0f88  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:42:07.0692 0x0f88  Parport - ok
19:42:07.0718 0x0f88  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:42:07.0720 0x0f88  partmgr - ok
19:42:07.0739 0x0f88  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:42:07.0746 0x0f88  PcaSvc - ok
19:42:07.0774 0x0f88  [ 3FDE033DFB0D07F8B7D5C9A3044AA121, 2C23B4FA34BA3060884B0168A830DD395A3853855CD6DF4065FBB303DFB4A87E ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
19:42:07.0776 0x0f88  pccsmcfd - ok
19:42:07.0816 0x0f88  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
19:42:07.0824 0x0f88  pci - ok
19:42:07.0849 0x0f88  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
19:42:07.0851 0x0f88  pciide - ok
19:42:07.0876 0x0f88  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:42:07.0887 0x0f88  pcmcia - ok
19:42:07.0912 0x0f88  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:42:07.0913 0x0f88  pcw - ok
19:42:07.0948 0x0f88  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:42:07.0968 0x0f88  PEAUTH - ok
19:42:08.0046 0x0f88  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
19:42:08.0083 0x0f88  PeerDistSvc - ok
19:42:08.0196 0x0f88  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:42:08.0200 0x0f88  PerfHost - ok
19:42:08.0275 0x0f88  [ 27248CC4817EEE18A4EC70352C09BEA4, E260FD6972ED22E8A1577FFCD19D4F1AD18351EE816B94DEE6B05344B2986691 ] PGPdisk         C:\Windows\system32\drivers\PGPdisk.sys
19:42:08.0286 0x0f88  PGPdisk - ok
19:42:08.0307 0x0f88  [ B386A07070576F385E3B5D2DCB0FEACE, 4481C0E517F51E90A594D25623149E597CE3252128A1AAF32C6FA216392A2869 ] pgpfs           C:\Windows\system32\Drivers\PGPfsfd.sys
19:42:08.0311 0x0f88  pgpfs - ok
19:42:08.0358 0x0f88  [ 4D7CB79D47DA8DA126FB448D66EED2E5, 1C5AEDB65721C89EE565812A17B8DE837CB8EDB75EB0E4E06421FD0813931E43 ] PGPsdkDriver    C:\Windows\system32\Drivers\PGPsdk.sys
19:42:08.0361 0x0f88  PGPsdkDriver - ok
19:42:08.0407 0x0f88  [ A7E3F96EE9BD17ACFEC6A953F867E8C0, 28280E688031346790251809D4EC3EF8D1000FA871F9EB6687EC26C42AF672BE ] PGPwded         C:\Windows\system32\drivers\PGPwded.sys
19:42:08.0422 0x0f88  PGPwded - ok
19:42:08.0453 0x0f88  [ B443BDC217E76797E9E39838F5F46202, B81497133DE26628606949288E3C5DB7FB71D3C1277D88AA95F143FD2B9D712F ] Pgpwdefs        C:\Windows\system32\DRIVERS\Pgpwdefs.sys
19:42:08.0455 0x0f88  Pgpwdefs - ok
19:42:08.0538 0x0f88  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
19:42:08.0578 0x0f88  pla - ok
19:42:08.0623 0x0f88  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:42:08.0640 0x0f88  PlugPlay - ok
19:42:08.0672 0x0f88  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:42:08.0675 0x0f88  PNRPAutoReg - ok
19:42:08.0697 0x0f88  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:42:08.0704 0x0f88  PNRPsvc - ok
19:42:08.0767 0x0f88  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:42:08.0783 0x0f88  PolicyAgent - ok
19:42:08.0825 0x0f88  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
19:42:08.0830 0x0f88  Power - ok
19:42:08.0869 0x0f88  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:42:08.0877 0x0f88  PptpMiniport - ok
19:42:08.0907 0x0f88  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:42:08.0912 0x0f88  Processor - ok
19:42:08.0936 0x0f88  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:42:08.0942 0x0f88  ProfSvc - ok
19:42:08.0954 0x0f88  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
19:42:08.0956 0x0f88  ProtectedStorage - ok
19:42:09.0006 0x0f88  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:42:09.0009 0x0f88  Psched - ok
19:42:09.0073 0x0f88  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:42:09.0129 0x0f88  ql2300 - ok
19:42:09.0148 0x0f88  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:42:09.0153 0x0f88  ql40xx - ok
19:42:09.0188 0x0f88  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
19:42:09.0197 0x0f88  QWAVE - ok
19:42:09.0212 0x0f88  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:42:09.0215 0x0f88  QWAVEdrv - ok
19:42:09.0235 0x0f88  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:42:09.0237 0x0f88  RasAcd - ok
19:42:09.0255 0x0f88  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:42:09.0259 0x0f88  RasAgileVpn - ok
19:42:09.0286 0x0f88  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
19:42:09.0291 0x0f88  RasAuto - ok
19:42:09.0318 0x0f88  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:42:09.0324 0x0f88  Rasl2tp - ok
19:42:09.0353 0x0f88  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
19:42:09.0367 0x0f88  RasMan - ok
19:42:09.0387 0x0f88  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:42:09.0391 0x0f88  RasPppoe - ok
19:42:09.0432 0x0f88  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:42:09.0438 0x0f88  RasSstp - ok
19:42:09.0462 0x0f88  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:42:09.0472 0x0f88  rdbss - ok
19:42:09.0482 0x0f88  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:42:09.0485 0x0f88  rdpbus - ok
19:42:09.0510 0x0f88  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:42:09.0512 0x0f88  RDPCDD - ok
19:42:09.0551 0x0f88  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
19:42:09.0560 0x0f88  RDPDR - ok
19:42:09.0596 0x0f88  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:42:09.0600 0x0f88  RDPENCDD - ok
19:42:09.0622 0x0f88  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:42:09.0625 0x0f88  RDPREFMP - ok
19:42:09.0693 0x0f88  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:42:09.0696 0x0f88  RdpVideoMiniport - ok
19:42:09.0731 0x0f88  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:42:09.0742 0x0f88  RDPWD - ok
19:42:09.0781 0x0f88  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:42:09.0790 0x0f88  rdyboost - ok
19:42:09.0815 0x0f88  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:42:09.0820 0x0f88  RemoteAccess - ok
19:42:09.0846 0x0f88  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:42:09.0854 0x0f88  RemoteRegistry - ok
19:42:09.0973 0x0f88  [ 83A6C2CAFE236652D1559640594A0EA8, 52360F17C9C70C9CEA3316560B40C4D89FD705ED7E6B6088C99FC54D4CC35EB5 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
19:42:09.0981 0x0f88  rpcapd - ok
19:42:10.0008 0x0f88  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:42:10.0016 0x0f88  RpcEptMapper - ok
19:42:10.0043 0x0f88  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
19:42:10.0047 0x0f88  RpcLocator - ok
19:42:10.0102 0x0f88  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
19:42:10.0123 0x0f88  RpcSs - ok
19:42:10.0174 0x0f88  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:42:10.0193 0x0f88  rspndr - ok
19:42:10.0249 0x0f88  [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
19:42:10.0275 0x0f88  RTL8167 - ok
19:42:10.0298 0x0f88  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
19:42:10.0301 0x0f88  s3cap - ok
19:42:10.0337 0x0f88  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\Windows\system32\lsass.exe
19:42:10.0340 0x0f88  SamSs - ok
19:42:10.0374 0x0f88  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:42:10.0381 0x0f88  sbp2port - ok
19:42:10.0409 0x0f88  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:42:10.0422 0x0f88  SCardSvr - ok
19:42:10.0454 0x0f88  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:42:10.0458 0x0f88  scfilter - ok
19:42:10.0518 0x0f88  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
19:42:10.0551 0x0f88  Schedule - ok
19:42:10.0580 0x0f88  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:42:10.0584 0x0f88  SCPolicySvc - ok
19:42:10.0604 0x0f88  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:42:10.0614 0x0f88  SDRSVC - ok
19:42:10.0639 0x0f88  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:42:10.0642 0x0f88  secdrv - ok
19:42:10.0662 0x0f88  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
19:42:10.0666 0x0f88  seclogon - ok
19:42:10.0692 0x0f88  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
19:42:10.0695 0x0f88  SENS - ok
19:42:10.0714 0x0f88  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:42:10.0718 0x0f88  SensrSvc - ok
19:42:10.0739 0x0f88  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:42:10.0742 0x0f88  Serenum - ok
19:42:10.0758 0x0f88  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:42:10.0763 0x0f88  Serial - ok
19:42:10.0791 0x0f88  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:42:10.0794 0x0f88  sermouse - ok
19:42:10.0892 0x0f88  [ C3BB6CF8F9EE199005A2AAE2815AD756, 7A817599C2F3AD819D643223AA714CCCB790EE5983096D8D9CD2D626D6924837 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
19:42:10.0917 0x0f88  ServiceLayer - ok
19:42:10.0961 0x0f88  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
19:42:10.0967 0x0f88  SessionEnv - ok
19:42:10.0994 0x0f88  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:42:10.0996 0x0f88  sffdisk - ok
19:42:11.0013 0x0f88  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:42:11.0016 0x0f88  sffp_mmc - ok
19:42:11.0020 0x0f88  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:42:11.0023 0x0f88  sffp_sd - ok
19:42:11.0035 0x0f88  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:42:11.0038 0x0f88  sfloppy - ok
19:42:11.0073 0x0f88  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:42:11.0086 0x0f88  SharedAccess - ok
19:42:11.0122 0x0f88  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:42:11.0135 0x0f88  ShellHWDetection - ok
19:42:11.0169 0x0f88  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:42:11.0172 0x0f88  SiSRaid2 - ok
19:42:11.0190 0x0f88  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:42:11.0193 0x0f88  SiSRaid4 - ok
19:42:11.0262 0x0f88  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:42:11.0270 0x0f88  SkypeUpdate - ok
19:42:11.0307 0x0f88  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:42:11.0314 0x0f88  Smb - ok
19:42:11.0362 0x0f88  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:42:11.0366 0x0f88  SNMPTRAP - ok
19:42:11.0455 0x0f88  [ 3A4F2C0BB87A0895ABEBA341AA1E341B, 4DADEEF3C5D181502D6F4A00FBBF3B001FA626E49569FB330D7AE2955CC7DE08 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
19:42:11.0464 0x0f88  Sony PC Companion - ok
19:42:11.0484 0x0f88  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:42:11.0486 0x0f88  spldr - ok
19:42:11.0557 0x0f88  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
19:42:11.0573 0x0f88  Spooler - ok
19:42:11.0727 0x0f88  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
19:42:11.0825 0x0f88  sppsvc - ok
19:42:11.0850 0x0f88  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:42:11.0854 0x0f88  sppuinotify - ok
19:42:11.0912 0x0f88  [ D6AB7C13FCDD2E4CAC35244D2C172D9A, 64A66368F5336B7A5879D083C2FE57DFD384410ADCC18004F327A4004A4F4300 ] sptd            C:\Windows\System32\Drivers\sptd.sys
19:42:11.0929 0x0f88  sptd - ok
19:42:11.0974 0x0f88  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:42:11.0990 0x0f88  srv - ok
19:42:12.0015 0x0f88  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:42:12.0030 0x0f88  srv2 - ok
19:42:12.0071 0x0f88  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:42:12.0077 0x0f88  srvnet - ok
19:42:12.0093 0x0f88  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:42:12.0103 0x0f88  SSDPSRV - ok
19:42:12.0129 0x0f88  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:42:12.0132 0x0f88  SstpSvc - ok
19:42:12.0208 0x0f88  [ CDA9313E34887A111B8309B55BCDCD82, AC070AA093B7013E4D1B29F4FAF9B469C3C261E4D3D1512B4F77CC609CBD1484 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:42:12.0224 0x0f88  Stereo Service - ok
19:42:12.0256 0x0f88  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:42:12.0260 0x0f88  stexstor - ok
19:42:12.0311 0x0f88  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
19:42:12.0331 0x0f88  stisvc - ok
19:42:12.0348 0x0f88  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
19:42:12.0351 0x0f88  storflt - ok
19:42:12.0371 0x0f88  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
19:42:12.0374 0x0f88  storvsc - ok
19:42:12.0391 0x0f88  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:42:12.0393 0x0f88  swenum - ok
19:42:12.0423 0x0f88  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
19:42:12.0438 0x0f88  swprv - ok
19:42:12.0508 0x0f88  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
19:42:12.0549 0x0f88  SysMain - ok
19:42:12.0582 0x0f88  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:42:12.0589 0x0f88  TabletInputService - ok
19:42:12.0651 0x0f88  [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
19:42:12.0655 0x0f88  tap0901 - ok
19:42:12.0697 0x0f88  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:42:12.0717 0x0f88  TapiSrv - ok
19:42:12.0735 0x0f88  [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD, 58F14DAA0EA21EA2F2A1D3D62C88BD8E5A0E0EF498B7B8D367BEEADE6A46843C ] tapoas          C:\Windows\system32\DRIVERS\tapoas.sys
19:42:12.0739 0x0f88  tapoas - ok
19:42:12.0779 0x0f88  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
19:42:12.0782 0x0f88  TBS - ok
19:42:12.0897 0x0f88  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:42:12.0954 0x0f88  Tcpip - ok
19:42:13.0035 0x0f88  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:42:13.0080 0x0f88  TCPIP6 - ok
19:42:13.0108 0x0f88  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:42:13.0116 0x0f88  tcpipreg - ok
19:42:13.0138 0x0f88  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:42:13.0141 0x0f88  TDPIPE - ok
19:42:13.0164 0x0f88  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:42:13.0168 0x0f88  TDTCP - ok
19:42:13.0191 0x0f88  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:42:13.0207 0x0f88  tdx - ok
19:42:13.0231 0x0f88  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:42:13.0239 0x0f88  TermDD - ok
19:42:13.0298 0x0f88  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
19:42:13.0332 0x0f88  TermService - ok
19:42:13.0365 0x0f88  [ 90AB92FF31BE3B792AC4B27B9E70C072, F9EFCBF39B4C26D865A327DE491E33B6578605B439B59063840F06CD026CF80D ] Themes          C:\Windows\system32\themeservice.dll
19:42:13.0379 0x0f88  Themes - ok
19:42:13.0399 0x0f88  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
19:42:13.0404 0x0f88  THREADORDER - ok
19:42:13.0539 0x0f88  [ E4FAD21646088D79F8889B6531396ACF, D0C8F0E3293D423245FD2233F283A1FE2463E15F8B9F4ED6AC96C2164EC51F75 ] TomTomHOMEService D:\tomtom\TomTom HOME 2\TomTomHOMEService.exe
19:42:13.0545 0x0f88  TomTomHOMEService - ok
19:42:13.0587 0x0f88  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
19:42:13.0596 0x0f88  TrkWks - ok
19:42:13.0657 0x0f88  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:42:13.0668 0x0f88  TrustedInstaller - ok
19:42:13.0705 0x0f88  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:42:13.0709 0x0f88  tssecsrv - ok
19:42:13.0756 0x0f88  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:42:13.0761 0x0f88  TsUsbFlt - ok
19:42:13.0799 0x0f88  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:42:13.0823 0x0f88  tunnel - ok
19:42:13.0855 0x0f88  [ A070ABB9D85582B2BECADBE6FCD12350, 3EBFA349F87933E20C4EADA2FA2E64206CCAC70DFB8B52C2E41670FFB16D7336 ] t_mouse.sys     C:\Windows\system32\DRIVERS\t_mouse.sys
19:42:13.0865 0x0f88  t_mouse.sys - ok
19:42:13.0900 0x0f88  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:42:13.0905 0x0f88  uagp35 - ok
19:42:13.0936 0x0f88  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:42:13.0953 0x0f88  udfs - ok
19:42:13.0982 0x0f88  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:42:13.0987 0x0f88  UI0Detect - ok
19:42:14.0009 0x0f88  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:42:14.0014 0x0f88  uliagpkx - ok
19:42:14.0042 0x0f88  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
19:42:14.0054 0x0f88  umbus - ok
19:42:14.0071 0x0f88  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:42:14.0074 0x0f88  UmPass - ok
19:42:14.0120 0x0f88  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
19:42:14.0134 0x0f88  UmRdpService - ok
19:42:14.0159 0x0f88  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
19:42:14.0186 0x0f88  upnphost - ok
19:42:14.0228 0x0f88  [ 34AFB83C7BBA370E404E52CC2290350C, 1B3F9DF6C0DA8166FE02D4B2B8E3D5A432FE84A248516D0F5DA9E42076095AB8 ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
19:42:14.0230 0x0f88  upperdev - ok
19:42:14.0276 0x0f88  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:42:14.0298 0x0f88  usbaudio - ok
19:42:14.0329 0x0f88  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:42:14.0351 0x0f88  usbccgp - ok
19:42:14.0381 0x0f88  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:42:14.0385 0x0f88  usbcir - ok
19:42:14.0413 0x0f88  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:42:14.0425 0x0f88  usbehci - ok
19:42:14.0446 0x0f88  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:42:14.0479 0x0f88  usbhub - ok
19:42:14.0500 0x0f88  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
19:42:14.0506 0x0f88  usbohci - ok
19:42:14.0523 0x0f88  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:42:14.0525 0x0f88  usbprint - ok
19:42:14.0564 0x0f88  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
19:42:14.0568 0x0f88  usbscan - ok
19:42:14.0583 0x0f88  [ B57B4F0BEC4270A281B9F8537EB2FA04, 554273482EE85F010DC62E412C9933E65BD63AA09911BD25D86F86D2618EF382 ] usbser          C:\Windows\system32\drivers\usbser.sys
19:42:14.0587 0x0f88  usbser - ok
19:42:14.0599 0x0f88  [ AA75E1EFBEE7186B4CBAAACF1F15E6CA, D7A3069913CF8A7F281AC2D7C1FA58FA31A05D7E35E93D7588F4B3B18B3377FD ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
19:42:14.0601 0x0f88  UsbserFilt - ok
19:42:14.0641 0x0f88  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:42:14.0645 0x0f88  USBSTOR - ok
19:42:14.0652 0x0f88  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
19:42:14.0654 0x0f88  usbuhci - ok
19:42:14.0679 0x0f88  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
19:42:14.0698 0x0f88  usbvideo - ok
19:42:14.0740 0x0f88  [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
19:42:14.0744 0x0f88  usb_rndisx - ok
19:42:14.0788 0x0f88  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
19:42:14.0794 0x0f88  UxSms - ok
19:42:14.0816 0x0f88  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\Windows\system32\lsass.exe
19:42:14.0819 0x0f88  VaultSvc - ok
19:42:14.0838 0x0f88  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:42:14.0840 0x0f88  vdrvroot - ok
19:42:14.0895 0x0f88  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
19:42:14.0923 0x0f88  vds - ok
19:42:14.0936 0x0f88  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:42:14.0939 0x0f88  vga - ok
19:42:14.0974 0x0f88  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:42:14.0980 0x0f88  VgaSave - ok
19:42:15.0037 0x0f88  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:42:15.0049 0x0f88  vhdmp - ok
19:42:15.0164 0x0f88  [ 8F69C38A8BA725F891F26AAC8888696E, 1D5F86E7642F14A3A339AEEBB8A7D76671D9F19DEBDE25069B4252D9ACE5912F ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
19:42:15.0252 0x0f88  VIAHdAudAddService - ok
19:42:15.0277 0x0f88  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:42:15.0279 0x0f88  viaide - ok
19:42:15.0307 0x0f88  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
19:42:15.0315 0x0f88  vmbus - ok
19:42:15.0329 0x0f88  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
19:42:15.0332 0x0f88  VMBusHID - ok
19:42:15.0346 0x0f88  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:42:15.0348 0x0f88  volmgr - ok
19:42:15.0376 0x0f88  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:42:15.0383 0x0f88  volmgrx - ok
19:42:15.0401 0x0f88  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:42:15.0408 0x0f88  volsnap - ok
19:42:15.0476 0x0f88  [ D122E5576F7CA9903F6576C7F09FA62D, 1A706C24BBAD6A322CBECF9F82231234F1D11CA0398C49EB7743B6932A25AB29 ] Vsdatant        C:\Windows\system32\DRIVERS\vsdatant.sys
19:42:15.0496 0x0f88  Vsdatant - ok
19:42:15.0693 0x0f88  [ 6EC82ABF455C24FAA09117402F44D88B, A4B94DDCB7212933C0896C97FFDEFBD78B1E2AAA33FD6F507128223C11F1FEE0 ] vsmon           C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
19:42:15.0776 0x0f88  vsmon - ok
19:42:15.0833 0x0f88  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:42:15.0843 0x0f88  vsmraid - ok
19:42:15.0940 0x0f88  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
19:42:15.0983 0x0f88  VSS - ok
19:42:15.0995 0x0f88  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:42:15.0998 0x0f88  vwifibus - ok
19:42:16.0041 0x0f88  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
19:42:16.0062 0x0f88  W32Time - ok
19:42:16.0078 0x0f88  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:42:16.0081 0x0f88  WacomPen - ok
19:42:16.0115 0x0f88  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:42:16.0119 0x0f88  WANARP - ok
19:42:16.0125 0x0f88  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:42:16.0127 0x0f88  Wanarpv6 - ok
19:42:16.0191 0x0f88  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:42:16.0240 0x0f88  WatAdminSvc - ok
19:42:16.0320 0x0f88  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
19:42:16.0362 0x0f88  wbengine - ok
19:42:16.0392 0x0f88  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:42:16.0400 0x0f88  WbioSrvc - ok
19:42:16.0436 0x0f88  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:42:16.0448 0x0f88  wcncsvc - ok
19:42:16.0468 0x0f88  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:42:16.0472 0x0f88  WcsPlugInService - ok
19:42:16.0493 0x0f88  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:42:16.0496 0x0f88  Wd - ok
19:42:16.0539 0x0f88  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:42:16.0555 0x0f88  Wdf01000 - ok
19:42:16.0581 0x0f88  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:42:16.0586 0x0f88  WdiServiceHost - ok
19:42:16.0593 0x0f88  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:42:16.0597 0x0f88  WdiSystemHost - ok
19:42:16.0633 0x0f88  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
19:42:16.0648 0x0f88  WebClient - ok
19:42:16.0678 0x0f88  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:42:16.0693 0x0f88  Wecsvc - ok
19:42:16.0713 0x0f88  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:42:16.0719 0x0f88  wercplsupport - ok
19:42:16.0741 0x0f88  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:42:16.0746 0x0f88  WerSvc - ok
19:42:16.0771 0x0f88  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:42:16.0774 0x0f88  WfpLwf - ok
19:42:16.0797 0x0f88  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:42:16.0799 0x0f88  WIMMount - ok
19:42:16.0821 0x0f88  WinDefend - ok
19:42:16.0847 0x0f88  WinHttpAutoProxySvc - ok
19:42:16.0923 0x0f88  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:42:16.0938 0x0f88  Winmgmt - ok
19:42:17.0059 0x0f88  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:42:17.0144 0x0f88  WinRM - ok
19:42:17.0197 0x0f88  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:42:17.0201 0x0f88  WinUsb - ok
19:42:17.0266 0x0f88  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:42:17.0298 0x0f88  Wlansvc - ok
19:42:17.0326 0x0f88  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:42:17.0330 0x0f88  WmiAcpi - ok
19:42:17.0363 0x0f88  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:42:17.0372 0x0f88  wmiApSrv - ok
19:42:17.0399 0x0f88  WMPNetworkSvc - ok
19:42:17.0429 0x0f88  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:42:17.0433 0x0f88  WPCSvc - ok
19:42:17.0456 0x0f88  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:42:17.0466 0x0f88  WPDBusEnum - ok
19:42:17.0492 0x0f88  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:42:17.0495 0x0f88  ws2ifsl - ok
19:42:17.0509 0x0f88  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
19:42:17.0513 0x0f88  wscsvc - ok
19:42:17.0519 0x0f88  WSearch - ok
19:42:17.0646 0x0f88  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:42:17.0715 0x0f88  wuauserv - ok
19:42:17.0755 0x0f88  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:42:17.0761 0x0f88  WudfPf - ok
19:42:17.0795 0x0f88  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:42:17.0806 0x0f88  WUDFRd - ok
19:42:17.0834 0x0f88  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:42:17.0841 0x0f88  wudfsvc - ok
19:42:17.0877 0x0f88  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:42:17.0891 0x0f88  WwanSvc - ok
19:42:17.0950 0x0f88  [ 44C7B5504CC17733BF7E824307C7E1C7, E00854C6961CC30A5F1DE5E14A37A705B2BA1D86411370C639C5E5309AB3DB24 ] ZAPrivacyService C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
19:42:17.0955 0x0f88  ZAPrivacyService - ok
19:42:17.0983 0x0f88  ================ Scan global ===============================
19:42:18.0011 0x0f88  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
19:42:18.0056 0x0f88  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:42:18.0082 0x0f88  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:42:18.0116 0x0f88  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
19:42:18.0150 0x0f88  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
19:42:18.0158 0x0f88  [ Global ] - ok
19:42:18.0159 0x0f88  ================ Scan MBR ==================================
19:42:18.0172 0x0f88  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:42:18.0584 0x0f88  \Device\Harddisk0\DR0 - ok
19:42:18.0584 0x0f88  ================ Scan VBR ==================================
19:42:18.0589 0x0f88  [ 6BC40A7917AA79081E2F6DCD15383AD4 ] \Device\Harddisk0\DR0\Partition1
19:42:18.0591 0x0f88  \Device\Harddisk0\DR0\Partition1 - ok
19:42:18.0597 0x0f88  [ 7433ECB1CE1D3F6ECB545B2B1B2BE60F ] \Device\Harddisk0\DR0\Partition2
19:42:18.0623 0x0f88  \Device\Harddisk0\DR0\Partition2 - ok
19:42:18.0626 0x0f88  [ D0EBED7FCFAFB9FB0C4798AE7F916B96 ] \Device\Harddisk0\DR0\Partition3
19:42:18.0678 0x0f88  \Device\Harddisk0\DR0\Partition3 - ok
19:42:18.0698 0x0f88  [ 8CAA4657D32F319E19D74A1527AC8F40 ] \Device\Harddisk0\DR0\Partition4
19:42:18.0735 0x0f88  \Device\Harddisk0\DR0\Partition4 - ok
19:42:18.0735 0x0f88  ================ Scan generic autorun ======================
19:42:18.0841 0x0f88  [ 18A60DCA97EAC258ED4AC781374DC093, B7902F83F07512B19C06BAB834E32A4FABF2C4D5F875963AE41A5603E28E7FD0 ] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
19:42:18.0866 0x0f88  Nvtmru - ok
19:42:18.0943 0x0f88  [ E0F0A448FA045E85FF059D451B6C204B, 3DB78A435AE1A802044F0752E989315ACF1CE6264B6548541E976E587101D193 ] C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe
19:42:18.0945 0x0f88  MagicTuneEngine - ok
19:42:19.0070 0x0f88  [ 05C5CBE5C0C26EFF48AF60639F30F4F5, 29B20E80D0251B488CFAC1576FF9350BB79BDB33667BC5F38DF8B0FB4C7FB17C ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
19:42:19.0118 0x0f88  NvBackend - ok
19:42:19.0157 0x0f88  [ DB367E8C8F46C26A05BA982715CC0DB5, 63AE8DD8E41260123E8C98905BD3D444BED86AEA6353F690483E5CB116433AC2 ] C:\Windows\system32\TiltWheelMouse.exe
19:42:19.0168 0x0f88  MouseDriver - ok
19:42:19.0297 0x0f88  [ 87BF5BD7D8D441EE18BE699B37FA3FBF, F28D17443987F7942DA6F7FEB7FC4491C31C9D52FB0B849D7637445BEEC07884 ] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
19:42:19.0353 0x0f88  HDAudDeck - ok
19:42:19.0388 0x0f88  [ 3EDFF682DC8F13851E725CE2F636453E, 7FFC5F11336CB0354D2CEA44C1FC47E67FA4D4D105583F252432EF257CD2A50F ] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
19:42:19.0394 0x0f88  ZoneAlarm - ok
19:42:19.0460 0x0f88  VSee - ok
19:42:19.0466 0x0f88  Waiting for KSN requests completion. In queue: 299
19:42:20.0466 0x0f88  Waiting for KSN requests completion. In queue: 299
19:42:21.0466 0x0f88  Waiting for KSN requests completion. In queue: 299
19:42:22.0466 0x0f88  Waiting for KSN requests completion. In queue: 299
19:42:23.0529 0x0f88  AV detected via SS2: ZoneAlarm Antivirus, C:\Program Files (x86)\CheckPoint\ZoneAlarm\\MultiFix.exe ( 13.1.211.0 ), 0x41000 ( enabled : updated )
19:42:23.0532 0x0f88  FW detected via SS2: ZoneAlarm Firewall, C:\Program Files (x86)\CheckPoint\ZoneAlarm\\MultiFix.exe ( 13.1.211.0 ), 0x41010 ( enabled )
19:42:26.0327 0x0f88  ============================================================
19:42:26.0327 0x0f88  Scan finished
19:42:26.0327 0x0f88  ============================================================
19:42:26.0342 0x0fc8  Detected object count: 0
19:42:26.0342 0x0fc8  Actual detected object count: 0

 

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-06-22 19:46:23
-----------------------------
19:46:23.927    OS Version: Windows x64 6.1.7601 Service Pack 1
19:46:23.927    Number of processors: 2 586 0x203
19:46:23.927    ComputerName: KOMPUTER  UserName: Shival
19:46:24.316    Initialize success
19:46:24.359    VM: initialized successfully
19:46:24.363    VM: Amd CPU supported
19:46:27.753    VM: disk I/O atapi.sys
19:55:14.637    AVAST engine defs: 14062200
19:55:37.179    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
19:55:37.195    Disk 0 Vendor: SAMSUNG_HD502HI 1AG01113 Size: 476940MB BusType: 3
19:55:37.195    Disk 0 MBR read successfully
19:55:37.210    Disk 0 MBR scan
19:55:37.210    Disk 0 Windows 7 default MBR code
19:55:37.226    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
19:55:37.226    Disk 0 default boot code
19:55:37.242    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        30000 MB offset 206848
19:55:37.242    Disk 0 Partition - 00     0F Extended LBA            446838 MB offset 61648564
19:55:37.257    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       190000 MB offset 61648576
19:55:37.257    Disk 0 Partition - 00     05     Extended            256836 MB offset 450771126
19:55:37.288    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       256836 MB offset 450771138
19:55:37.320    Disk 0 scanning C:\Windows\system32\drivers
19:55:47.460    Service scanning
19:56:09.003    Modules scanning
19:56:09.019    Disk 0 trace - called modules:
19:56:09.034    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80039af2c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:56:09.050    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004964350]
19:56:09.050    3 CLASSPNP.SYS[fffff88001bcf43f] -> nt!IofCallDriver -> [0xfffffa800441e520]
19:56:09.050    5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8003ae9680]
19:56:09.066    \Driver\atapi[0xfffffa8003ae7d90] -> IRP_MJ_CREATE -> 0xfffffa80039af2c0
19:56:09.268    AVAST engine scan C:\Windows
19:56:11.359    AVAST engine scan C:\Windows\system32
19:59:26.469    AVAST engine scan C:\Windows\system32\drivers
19:59:38.388    AVAST engine scan C:\Users\Shival
20:04:08.439    AVAST engine scan C:\ProgramData
20:04:59.888    Scan finished successfully
20:05:22.852    Disk 0 MBR has been saved successfully to "C:\Users\Shival\Desktop\ratuj\MBR.dat"
20:05:22.852    The log file has been saved successfully to "C:\Users\Shival\Desktop\ratuj\aswMBR.txt"
 

 

 

I will be out for few hours, see You later.

edit: Kay, Im bah

Attached Files

  • Attached File  MBR.zip   567bytes   0 downloads

Edited by shival, 22 June 2014 - 07:31 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,249 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:36 PM

Posted 23 June 2014 - 07:21 AM

Exactly what I was looking for.

Now run the aswMBR.exe tool. Select the Fix button.

Important > you need to wait for the tool to report ... Infection fixed successfully or MBR fixed successfully"
Do not reboot the machine until it has said so.

When you see the message restart the computer normally.

Run aswBMR.exe normally this time and post the log.

Please let me know what problem persists.

#7 shival

shival
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 23 June 2014 - 08:43 AM

"fix" button is unactive, click "fixMBR" first?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,249 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:36 PM

Posted 23 June 2014 - 10:39 AM

Disable the CD emulators....

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed. Or when this computer is clean.
===

Run the aswMBR.exe tool normally one more time and post a fresh log.
No need to attached the zip file.

===

To be executed when all is well.
HOW TO: Enable the CD Emulators... < restore only when we are finished.

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

#9 shival

shival
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 23 June 2014 - 11:28 AM

I beg for pardon.

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-06-23 18:14:53
-----------------------------
18:14:53.562    OS Version: Windows x64 6.1.7601 Service Pack 1
18:14:53.562    Number of processors: 2 586 0x203
18:14:53.563    ComputerName: KOMPUTER  UserName: Shival
18:14:54.080    Initialize success
18:14:54.080    VM: initialized successfully
18:14:54.090    VM: Amd CPU supported
18:14:55.392    VM: supported disk I/O ataport.SYS
18:15:36.350    AVAST engine defs: 14062200
18:17:18.956    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
18:17:18.963    Disk 0 Vendor: SAMSUNG_HD502HI 1AG01113 Size: 476940MB BusType: 3
18:17:19.145    Disk 0 MBR read successfully
18:17:19.148    Disk 0 MBR scan
18:17:19.153    Disk 0 Windows 7 default MBR code
18:17:19.164    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
18:17:19.179    Disk 0 default boot code
18:17:19.208    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        30000 MB offset 206848
18:17:19.214    Disk 0 Partition - 00     0F Extended LBA            446838 MB offset 61648564
18:17:19.235    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       190000 MB offset 61648576
18:17:19.243    Disk 0 Partition - 00     05     Extended            256836 MB offset 450771126
18:17:19.268    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       256836 MB offset 450771138
18:17:19.380    Disk 0 scanning C:\Windows\system32\drivers
18:17:31.943    Service scanning
18:17:56.039    Modules scanning
18:17:56.040    Disk 0 trace - called modules:
18:17:56.057    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:17:56.057    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004946060]
18:17:56.058    3 CLASSPNP.SYS[fffff880020ab43f] -> nt!IofCallDriver -> [0xfffffa8003acd580]
18:17:56.058    5 ACPI.sys[fffff88000f5e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8003ace060]
18:17:56.468    AVAST engine scan C:\Windows
18:17:59.458    AVAST engine scan C:\Windows\system32
18:21:02.931    AVAST engine scan C:\Windows\system32\drivers
18:21:14.956    AVAST engine scan C:\Users\Shival
18:23:34.877    Disk 0 MBR has been saved successfully to "C:\Users\Shival\Desktop\ratuj\MBR.dat"
18:23:34.901    The log file has been saved successfully to "C:\Users\Shival\Desktop\ratuj\aswMBR.txt"

This time its clean. Welp, false alarm?


Edited by shival, 23 June 2014 - 11:29 AM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,249 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:36 PM

Posted 23 June 2014 - 01:33 PM


You can enable the Daemon tool.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

#11 shival

shival
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 23 June 2014 - 01:45 PM

 Security checkup:

 

Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
ZoneAlarm Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 51  
 Java version out of Date!
  Adobe Flash Player 11.9.900.152 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````  
 CheckPoint ZoneAlarm vsmon.exe  
 CheckPoint ZoneAlarm ZAPrivacyService.exe  
 CheckPoint ZoneAlarm zatray.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,249 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:36 PM

Posted 24 June 2014 - 08:20 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u60.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 51

===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine

===

If all is well:

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#13 shival

shival
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 24 June 2014 - 09:59 AM

Thanks for all this! You can have my firstborn son.

 

So it was a false alarm, after all /facepalm



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,249 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:36 PM

Posted 24 June 2014 - 01:07 PM

Glad we could help.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,249 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:36 PM

Posted 30 June 2014 - 08:20 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users