Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need help with something strange.


  • This topic is locked This topic is locked
28 replies to this topic

#1 hample

hample

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 13 August 2014 - 05:58 PM

Videos and games start stuttering after a minute or so of inactivity of the mouse.

ALso I have noticed my temperature on the graphic is very high sometimes , it's definitely connected with this.

Videos on youtube, games it stutters.

 

I have read about a bitcoin virus bit coin virus.

and I think that might be it...

 

if ANyone of you Awesome moderators data protection gurus could walk me through one of those guides I have seen you walk others through with good results

 

please ;

 

Lead the way! :)

 

thanks for your help! if anyone gets time for it, i'll be a good "client" :)



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:03 AM

Posted 16 August 2014 - 11:16 AM

Please run the following:

Please download the appropriate version of Farbar Recovery Scan Tool (FRST.exe) from here:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ (for 32bit systems)
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ (for 64bit systems)
save it to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
NEXT
  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
    • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 hample

hample
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 16 August 2014 - 02:22 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04
Ran by Hampus (administrator) on HAMPUS-PC on 16-08-2014 21:14:26
Running from C:\Users\Hampus\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Spotify Ltd) C:\Users\Hampus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Users\Hampus\AppData\Roaming\Skype\svchost.exe
(Elaborate Bytes AG) E:\HamplePrograms\VirtualCloneDrive\VCDDaemon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) E:\HamplePrograms\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Huawei Technologies Co., Ltd.) E:\HamplePrograms\Tele2 Mobile Connect\Tele2 Mobile Connect.exe
(Almico Software (www.almico.com)) E:\HamplePrograms\SpeedFan\speedfan.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [Live! Central 3] => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe [503955 2011-04-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => E:\HamplePrograms\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
HKLM-x32\...\Run: [BrowserPlugInHelper] => E:\HamplePrograms\iSkysoft\Video Converter Ultimate\BrowserPlugInHelper.exe
HKLM-x32\...\Run: [iTunesHelper] => E:\HamplePrograms\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [QuickTime Task] => E:\HamplePrograms\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKU\S-1-5-21-3601304073-1488997956-843253518-1000\...\Run: [Spotify Web Helper] => C:\Users\Hampus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-08-10] (Spotify Ltd)
HKU\S-1-5-21-3601304073-1488997956-843253518-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Hampus\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-3601304073-1488997956-843253518-1000\...\Run: [Keyboard Inf.] => C:\Users\Hampus\AppData\Roaming\Skype\svchost.exe [2922464 2013-12-26] ()
HKU\S-1-5-21-3601304073-1488997956-843253518-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-3601304073-1488997956-843253518-1000\...\MountPoints2: {1f4d71d6-bbe8-11e2-a796-bcaec545cf12} - F:\AutoRun.exe
HKU\S-1-5-21-3601304073-1488997956-843253518-1000\...\MountPoints2: {1f4d71dd-bbe8-11e2-a796-bcaec545cf12} - F:\AutoRun.exe
HKU\S-1-5-21-3601304073-1488997956-843253518-1000\...\MountPoints2: {22b3c645-e985-11e3-a8b1-bcaec545cf12} - D:\AutoRun.exe
HKU\S-1-5-21-3601304073-1488997956-843253518-1000\...\MountPoints2: {a063a4a8-bc92-11e2-b8b0-bcaec545cf12} - D:\AutoRun.exe
HKU\S-1-5-21-3601304073-1488997956-843253518-1000\...\MountPoints2: {b9b4d5da-d222-11e3-aa23-bcaec545cf12} - F:\AutoRun.exe
HKU\S-1-5-21-3601304073-1488997956-843253518-1000\...\MountPoints2: {b9b4d5dc-d222-11e3-aa23-bcaec545cf12} - F:\AutoRun.exe
HKU\S-1-5-21-3601304073-1488997956-843253518-1000\...\MountPoints2: {c9c7947d-fe3a-11d5-a191-806e6f6e6963} - D:\AutoRun.exe
HKU\S-1-5-21-3601304073-1488997956-843253518-1000\...\MountPoints2: {c9c7948f-fe3a-11d5-a191-bcaec545cf12} - D:\AutoRun.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x101BD8885318CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv-SE
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{C23E7ACC-9FC4-4EA1-B11E-35297C3403DF}: [NameServer]130.244.127.161 130.244.127.169
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\HamplePrograms\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=5.1.3.2 -> C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Hampus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Extension: (Google Dokument) - C:\Users\Hampus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-13]
CHR Extension: (Google Drive) - C:\Users\Hampus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-13]
CHR Extension: (YouTube) - C:\Users\Hampus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-13]
CHR Extension: (Sök på Google) - C:\Users\Hampus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-13]
CHR Extension: (KB SSL Enforcer) - C:\Users\Hampus\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof [2013-05-13]
CHR Extension: (AdBlock) - C:\Users\Hampus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-05-13]
CHR Extension: (View Thru) - C:\Users\Hampus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkncfnbcgbclefkbknfdbngiegdppgdd [2013-05-13]
CHR Extension: (Ghostery) - C:\Users\Hampus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-05-13]
CHR Extension: (Google Wallet) - C:\Users\Hampus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (APK Downloader) - C:\Users\Hampus\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhlfmheblhjhkmacldlhdnbgbaiigba [2014-07-15]
CHR Extension: (Gmail) - C:\Users\Hampus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-13]
CHR Extension: (RSS Feed Reader) - C:\Users\Hampus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2013-05-13]
CHR HKLM-x32\...\Chrome\Extension: [fhokfmhpdoppcompklkineedkmhinhdf] - C:\Users\Hampus\AppData\Roaming\BaseFlash\Chrome\BaseFlash.crx [2013-05-13]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3975544 2012-05-09] (INCA Internet Co., Ltd.) [File not signed]
S2 AMD FUEL Service; E:\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [50176 2008-09-28] (Todos Data System AB)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [60416 2013-04-04] (Microsoft Corporation)
R3 ZOOM_R16MTR; C:\Windows\System32\Drivers\zmr16usbaudio.sys [97792 2013-04-03] (Zoom Corporation.)
S2 AODDriver4.2; \??\E:\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-16 21:14 - 2014-08-16 21:14 - 00012615 _____ () C:\Users\Hampus\Desktop\FRST.txt
2014-08-16 21:14 - 2014-08-16 21:14 - 00000000 ____D () C:\FRST
2014-08-16 21:13 - 2014-08-16 21:12 - 02101760 _____ (Farbar) C:\Users\Hampus\Desktop\FRST64.exe
2014-08-14 15:37 - 2014-08-14 15:37 - 00000000 ____D () C:\91Mobile
2014-08-13 15:23 - 2014-08-13 15:23 - 00000000 ____D () C:\ProgramData\91 Harbor
2014-08-13 13:46 - 2014-08-13 13:46 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-08-13 13:44 - 2014-08-13 14:00 - 00000000 ____D () C:\Users\Hampus\Documents\moborobo
2014-08-13 13:44 - 2014-01-17 13:03 - 00012072 _____ () C:\Windows\SysWOW64\Drivers\MoborobAssDriver64.sys
2014-08-13 00:30 - 2014-08-13 00:30 - 00001059 _____ () C:\Users\Hampus\Desktop\Play The Wolf Among Us.lnk
2014-08-11 17:40 - 2014-08-11 17:40 - 00001549 _____ () C:\Users\Hampus\Desktop\Play The Walking Dead 2.lnk
2014-08-08 00:03 - 2014-08-13 00:30 - 00000000 ____D () C:\Users\Hampus\Documents\Telltale Games
2014-08-08 00:03 - 2014-08-08 00:03 - 00000000 ____D () C:\ProgramData\REVOLT
2014-07-21 02:44 - 2014-07-21 02:44 - 00000000 ____D () C:\Users\Hampus\Documents\SelfMV
2014-07-21 02:44 - 2014-06-16 08:01 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-07-21 02:44 - 2014-06-16 08:01 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2014-07-21 02:44 - 2014-06-16 08:01 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-07-21 02:44 - 2014-06-16 08:01 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-07-21 02:37 - 2014-08-07 14:00 - 00000000 ____D () C:\Users\Hampus\AppData\Roaming\Samsung
2014-07-21 02:37 - 2014-08-07 14:00 - 00000000 ____D () C:\Users\Hampus\AppData\Local\Samsung
2014-07-21 02:37 - 2014-07-21 02:55 - 00000000 ____D () C:\Users\Hampus\Documents\samsung
2014-07-21 02:37 - 2014-07-21 02:37 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-07-21 02:36 - 2014-07-21 02:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-07-21 02:31 - 2014-08-14 15:58 - 00000000 ____D () C:\ProgramData\Samsung
2014-07-21 02:31 - 2014-08-07 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-07-21 02:31 - 2014-04-30 19:43 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2014-07-21 02:31 - 2014-04-30 19:43 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2014-07-21 02:30 - 2014-07-21 02:30 - 00000000 ____D () C:\Users\Hampus\AppData\Local\Downloaded Installations
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-16 21:14 - 2014-08-16 21:14 - 00012615 _____ () C:\Users\Hampus\Desktop\FRST.txt
2014-08-16 21:14 - 2014-08-16 21:14 - 00000000 ____D () C:\FRST
2014-08-16 21:12 - 2014-08-16 21:13 - 02101760 _____ (Farbar) C:\Users\Hampus\Desktop\FRST64.exe
2014-08-16 21:10 - 2013-05-13 18:46 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-16 21:10 - 2013-05-13 17:49 - 01458307 _____ () C:\Windows\WindowsUpdate.log
2014-08-16 14:36 - 2009-07-14 07:13 - 00779724 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-16 14:30 - 2013-05-13 18:46 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-16 14:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-16 14:30 - 2009-07-14 06:51 - 00089696 _____ () C:\Windows\setupact.log
2014-08-16 01:34 - 2013-05-13 22:17 - 00000000 ____D () C:\Users\Hampus\AppData\Roaming\uTorrent
2014-08-14 15:58 - 2014-07-21 02:31 - 00000000 ____D () C:\ProgramData\Samsung
2014-08-14 15:37 - 2014-08-14 15:37 - 00000000 ____D () C:\91Mobile
2014-08-13 21:08 - 2013-05-13 20:20 - 00000000 ____D () C:\Users\Hampus\AppData\Roaming\Spotify
2014-08-13 15:23 - 2014-08-13 15:23 - 00000000 ____D () C:\ProgramData\91 Harbor
2014-08-13 14:00 - 2014-08-13 13:44 - 00000000 ____D () C:\Users\Hampus\Documents\moborobo
2014-08-13 13:46 - 2014-08-13 13:46 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-08-13 00:30 - 2014-08-13 00:30 - 00001059 _____ () C:\Users\Hampus\Desktop\Play The Wolf Among Us.lnk
2014-08-13 00:30 - 2014-08-08 00:03 - 00000000 ____D () C:\Users\Hampus\Documents\Telltale Games
2014-08-12 21:22 - 2013-05-18 02:16 - 00000000 ____D () C:\Users\Hampus\AppData\Roaming\vlc
2014-08-12 21:13 - 2014-05-01 00:01 - 00000000 ____D () C:\Users\Hampus\AppData\Roaming\HandBrake
2014-08-11 17:40 - 2014-08-11 17:40 - 00001549 _____ () C:\Users\Hampus\Desktop\Play The Walking Dead 2.lnk
2014-08-10 14:14 - 2013-05-13 20:21 - 00000000 ____D () C:\Users\Hampus\AppData\Local\Spotify
2014-08-08 00:03 - 2014-08-08 00:03 - 00000000 ____D () C:\ProgramData\REVOLT
2014-08-07 14:00 - 2014-07-21 02:37 - 00000000 ____D () C:\Users\Hampus\AppData\Roaming\Samsung
2014-08-07 14:00 - 2014-07-21 02:37 - 00000000 ____D () C:\Users\Hampus\AppData\Local\Samsung
2014-08-07 14:00 - 2014-07-21 02:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-07-23 22:44 - 2014-01-22 12:46 - 00000000 ____D () C:\Users\Hampus\AppData\Roaming\.minecraft
2014-07-23 00:35 - 2009-07-14 06:45 - 00016864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-23 00:35 - 2009-07-14 06:45 - 00016864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-21 02:55 - 2014-07-21 02:37 - 00000000 ____D () C:\Users\Hampus\Documents\samsung
2014-07-21 02:44 - 2014-07-21 02:44 - 00000000 ____D () C:\Users\Hampus\Documents\SelfMV
2014-07-21 02:44 - 2013-05-14 15:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-21 02:37 - 2014-07-21 02:37 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-07-21 02:36 - 2014-07-21 02:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-07-21 02:30 - 2014-07-21 02:30 - 00000000 ____D () C:\Users\Hampus\AppData\Local\Downloaded Installations
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
Some content of TEMP:
====================
C:\Users\Hampus\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Hampus\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Hampus\AppData\Local\Temp\ResetDevice.exe
C:\Users\Hampus\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Hampus\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Hampus\AppData\Local\Temp\sfareca00001.dll
C:\Users\Hampus\AppData\Local\Temp\uninstallkit.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-07 19:46
 
==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2014 04
Ran by Hampus at 2014-08-16 21:15:09
Running from C:\Users\Hampus\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7 Grand Steps, Step 1: What Ancients Begat (HKLM-x32\...\Steam App 238930) (Version:  - Mousechief)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AIDA64 Extreme v4.00 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 4.00 - FinalWire Ltd.)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple-programstöd (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Audjoo Helix 1.0 (HKLM-x32\...\Audjoo Helix_is1) (Version:  - )
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.3.2.533 - Online Media Technologies Ltd.)
BankID säkerhetsprogram (HKLM-x32\...\{2D6973ED-BBF2-434E-993C-37E05087B8C8}) (Version: 5.1.3.2 - Finansiell ID-Teknik BID AB)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blue Cat's FreqAnalyst VST-x64 2.01 (HKLM\...\{CB8467BF-72D6-466E-B907-1C725D008DAF}) (Version: 2.01 - Blue Cat Audio)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Creative Live! Central 3 (HKLM-x32\...\Creative Live! Central 2) (Version: 3.00.63 - Creative Technology Ltd)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dragon Nest Europe (HKLM-x32\...\Dragon Nest Europe) (Version:  - )
Dragonica version TEST (HKLM-x32\...\{46BE6D86-7BEF-4DAB-B3E6-7B932D3872F3}_is1) (Version: TEST - Gala Networks Europe Ltd.)
Europe MapleStory (HKLM-x32\...\Europe MapleStory_is1) (Version:  - Nexon)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Fotogalleriet (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GameMaker: Studio (HKLM-x32\...\Steam App 214850) (Version:  - YoYo Games Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Handelsbanken kortläsare (HKLM-x32\...\{D4C30AE2-EAFE-4E28-A3BA-7CF7485E23C4}) (Version: 1.00.0000 - Todos Data System AB)
HAWKEN (HKLM-x32\...\Steam App 271290) (Version:  - Adhesive Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}) (Version: 1.2.0241 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSI Afterburner 3.0.0 Beta 10 (HKLM-x32\...\Afterburner) (Version: 3.0.0 Beta 10 - MSI Co., LTD)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MultiBit 0.5.15 (HKLM-x32\...\MultiBit 0.5.15) (Version: 0.5.15 - )
My Game Long Name (HKLM\...\UDK-36505aef-ad19-4177-8943-1681f94ecb34) (Version:  - Epic Games, Inc.)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
NaissanceE (HKLM-x32\...\Steam App 265690) (Version:  - Limasse Five)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Pianoteq v2.3.0 (HKLM-x32\...\Pianoteq23) (Version:  - )
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
R16_R24 Driver (HKLM\...\{19CF1A77-C522-4082-8A2B-A9952EE9E372}) (Version: 2.0.0.3 - ZOOM)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
RivaTuner Statistics Server 5.1.2 (HKLM-x32\...\RTSS) (Version: 5.1.2 - Unwinder)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
Spiral Knights (HKCU\...\Spiral Knights) (Version:  - )
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Tele2 Mobile Connect (HKLM-x32\...\{3EAAC5FD-E209-4856-8C49-D4EA40F85032}) (Version: 1.00.0000 - Huawei technologies)
TSEV Skyrim LE (HKLM-x32\...\TSEV Skyrim LE_is1) (Version: 2.0.0.0 - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 5.00 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.3 - win.rar GmbH)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {200E8B57-FD77-49AA-BAFC-DC30D4A27057} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-13] (Google Inc.)
Task: {A67A0D08-D8D9-4C65-8C57-EF059D96CFAB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-13] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-12-26 15:49 - 2013-12-26 15:49 - 02922464 _____ () C:\Users\Hampus\AppData\Roaming\Skype\svchost.exe
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-14 15:18 - 2008-04-18 11:34 - 00602112 _____ () E:\HamplePrograms\Tele2 Mobile Connect\HostAPI.dll
2014-08-15 22:49 - 2014-08-16 14:31 - 00158720 _____ () C:\Users\Hampus\AppData\Local\Temp\sfareca00001.dll
2014-01-31 10:25 - 2014-08-16 14:31 - 00192512 _____ () C:\Users\Hampus\AppData\Local\Temp\sfamcc00001.dll
2014-08-14 16:37 - 2014-08-07 05:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-14 16:37 - 2014-08-07 05:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-14 16:37 - 2014-08-07 05:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-14 16:37 - 2014-08-07 05:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-14 16:37 - 2014-08-07 05:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: AODDriver4.2
Description: AODDriver4.2
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.2
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Coprocessor
Description: Coprocessor
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/16/2014 02:31:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/16/2014 02:30:05 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (08/15/2014 10:46:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/15/2014 10:44:56 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (08/14/2014 03:38:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/14/2014 03:37:14 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (08/13/2014 09:52:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program starbound.exe version 0.9.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e5c
 
Start Time: 01cfb72ff0c5f9b0
 
Termination Time: 13
 
Application Path: E:\HamplePrograms\Steam\steamapps\common\Starbound\win32\starbound.exe
 
Report Id: 4b4c2351-2323-11e4-b05b-bcaec545cf12
 
Error: (08/11/2014 00:18:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Tele2 Mobile Connect.exe, version: 107.12.1.56, time stamp: 0x4808167d
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x0002e41b
Faulting process id: 0x9f4
Faulting application start time: 0xTele2 Mobile Connect.exe0
Faulting application path: Tele2 Mobile Connect.exe1
Faulting module path: Tele2 Mobile Connect.exe2
Report Id: Tele2 Mobile Connect.exe3
 
Error: (08/11/2014 00:18:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/11/2014 00:16:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Tele2 Mobile Connect.exe, version: 107.12.1.56, time stamp: 0x4808167d
Faulting module name: HostAPI.dll, version: 0.0.0.0, time stamp: 0x480816ad
Exception code: 0xc0000005
Fault offset: 0x000278ea
Faulting process id: 0x9f4
Faulting application start time: 0xTele2 Mobile Connect.exe0
Faulting application path: Tele2 Mobile Connect.exe1
Faulting module path: Tele2 Mobile Connect.exe2
Report Id: Tele2 Mobile Connect.exe3
 
 
System errors:
=============
Error: (08/16/2014 02:30:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2 service failed to start due to the following error: 
%%3
 
Error: (08/16/2014 02:30:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AMD FUEL Service service failed to start due to the following error: 
%%2
 
Error: (08/15/2014 10:52:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/15/2014 10:52:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (08/15/2014 10:48:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (08/15/2014 10:46:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Skype Updater service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/15/2014 10:45:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Moborobo Device Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/15/2014 10:44:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2 service failed to start due to the following error: 
%%3
 
Error: (08/15/2014 10:44:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AMD FUEL Service service failed to start due to the following error: 
%%2
 
Error: (08/14/2014 03:37:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2 service failed to start due to the following error: 
%%3
 
 
Microsoft Office Sessions:
=========================
Error: (08/16/2014 02:31:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/16/2014 02:30:05 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
 
Error: (08/15/2014 10:46:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/15/2014 10:44:56 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
 
Error: (08/14/2014 03:38:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/14/2014 03:37:14 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
 
Error: (08/13/2014 09:52:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: starbound.exe0.9.0.0e5c01cfb72ff0c5f9b013E:\HamplePrograms\Steam\steamapps\common\Starbound\win32\starbound.exe4b4c2351-2323-11e4-b05b-bcaec545cf12
 
Error: (08/11/2014 00:18:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Tele2 Mobile Connect.exe107.12.1.564808167dntdll.dll6.1.7601.177254ec49b8fc00000050002e41b9f401cfb54d5867e1d0E:\HamplePrograms\Tele2 Mobile Connect\Tele2 Mobile Connect.exeC:\Windows\SysWOW64\ntdll.dlld6742160-2140-11e4-b05b-bcaec545cf12
 
Error: (08/11/2014 00:18:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/11/2014 00:16:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Tele2 Mobile Connect.exe107.12.1.564808167dHostAPI.dll0.0.0.0480816adc0000005000278ea9f401cfb54d5867e1d0E:\HamplePrograms\Tele2 Mobile Connect\Tele2 Mobile Connect.exeE:\HamplePrograms\Tele2 Mobile Connect\HostAPI.dll9a4b2120-2140-11e4-b05b-bcaec545cf12
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-13 13:45:04.014
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\HamplePrograms\Moborobo\MoboroboAssDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-13 13:45:03.916
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\HamplePrograms\Moborobo\MoboroboAssDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X4 970 Processor
Percentage of memory in use: 18%
Total physical RAM: 8191.18 MB
Available physical RAM: 6702.25 MB
Total Pagefile: 16380.55 MB
Available Pagefile: 14282.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:48.73 GB) (Free:12.2 GB) NTFS
Drive e: () (Fixed) (Total:416.93 GB) (Free:172.01 GB) NTFS
Drive f: (Tele2 3G-modem) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2F6771EE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=48.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=416.9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

 


Edited by hample, 16 August 2014 - 02:30 PM.


#4 hample

hample
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 16 August 2014 - 02:50 PM

aswMBR stops working before the scan is finished.



#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:03 AM

Posted 16 August 2014 - 04:26 PM

what happens to aswmbr? do you get an error message?

I find this to be an odd path:

() C:\Users\Hampus\AppData\Roaming\Skype\svchost.exe

let's upload that for analysis

(you will need to show hidden files and folders)

submit a file to virustotal for analysis
  • Use the browse button on that page to navigate to the location of the file to be scanned.
  • In the right hand panel,
  • click on the file C:\Users\Hampus\AppData\Roaming\Skype\svchost.exe
  • then click the open button.
  • The file will now be displayed in the submit box.
  • Scroll down a bit and click "send file", wait for the results
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Once scanned, copy and paste the link to the results page in your next reply.
Let's see if the following will run:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Edited by CatByte, 17 August 2014 - 10:35 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 hample

hample
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 16 August 2014 - 05:42 PM

"C:\Users\Hampus\AppData\Local\Apps\2.0\9RAY2CHL.H1Q\9Y175RQD.T2Y\inst.-" and then I can't see anymore because it continues out of the screen.
That is where it stops for a longer time, then this one is scanned:

"C:\Users\Hampus\AppData\Local\Microsoft\Windows\Temporary Internet File-" then it goes out of the screen.

 

When I run aswmbr in the beginning it says:

"This computer supports "Virtualization Technology". Would you like to use it for rootkit detection?" (no difference if I choose no, from what I can see)
I selected yes every time.

I have "Trace disk IO calls" checked (default)

AV scan: "QuickScan".

 

My general problem, is that when I watch a video on youtube (for example, it has to has a video or graphics, like a game too) then if I leave the mouse idle for some time, some minutes, it starts to lag and stutter, like the graphics card is working hard. and I have noticed the temp on the graphic card being high when I havne't done anything specific, so I think it starts working when I leave the mouse idle for a set amount of time.

 

(A tip for you; VirusTotal has changed their website I think, because it isn't exactly as you describe it, could be good to know for future guiding!)

 

woops looks like it found some stuff there (saw the name CoinMiner in there!!):

https://www.virustotal.com/en/file/8993491e7c541f712485791d7d91edc82990849ca5a1daaf428035d928243247/analysis/1408228269/

 

This is the log for TDSSKiller:

 

00:37:41.0612 0x1364  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58

00:37:49.0360 0x1364  ============================================================
00:37:49.0360 0x1364  Current date / time: 2014/08/17 00:37:49.0360
00:37:49.0360 0x1364  SystemInfo:
00:37:49.0360 0x1364  
00:37:49.0360 0x1364  OS Version: 6.1.7601 ServicePack: 1.0
00:37:49.0360 0x1364  Product type: Workstation
00:37:49.0361 0x1364  ComputerName: HAMPUS-PC
00:37:49.0361 0x1364  UserName: Hampus
00:37:49.0361 0x1364  Windows directory: C:\Windows
00:37:49.0361 0x1364  System windows directory: C:\Windows
00:37:49.0361 0x1364  Running under WOW64
00:37:49.0361 0x1364  Processor architecture: Intel x64
00:37:49.0361 0x1364  Number of processors: 4
00:37:49.0361 0x1364  Page size: 0x1000
00:37:49.0361 0x1364  Boot type: Normal boot
00:37:49.0361 0x1364  ============================================================
00:37:50.0945 0x1364  KLMD registered as C:\Windows\system32\drivers\61786285.sys
00:37:51.0157 0x1364  System UUID: {1BFF283C-1E00-7996-35D0-26FA67D3AF7F}
00:37:51.0459 0x1364  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:37:51.0461 0x1364  ============================================================
00:37:51.0461 0x1364  \Device\Harddisk0\DR0:
00:37:51.0461 0x1364  MBR partitions:
00:37:51.0461 0x1364  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:37:51.0461 0x1364  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6176000
00:37:51.0461 0x1364  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x61A8800, BlocksNum 0x341DD000
00:37:51.0461 0x1364  ============================================================
00:37:51.0492 0x1364  C: <-> \Device\Harddisk0\DR0\Partition2
00:37:51.0547 0x1364  E: <-> \Device\Harddisk0\DR0\Partition3
00:37:51.0547 0x1364  ============================================================
00:37:51.0548 0x1364  Initialize success
00:37:51.0548 0x1364  ============================================================
00:38:36.0571 0x10f4  ============================================================
00:38:36.0571 0x10f4  Scan started
00:38:36.0571 0x10f4  Mode: Manual; TDLFS; 
00:38:36.0571 0x10f4  ============================================================
00:38:36.0571 0x10f4  KSN ping started
00:38:38.0406 0x10f4  KSN ping finished: true
00:38:39.0109 0x10f4  ================ Scan system memory ========================
00:38:39.0109 0x10f4  System memory - ok
00:38:39.0110 0x10f4  ================ Scan services =============================
00:38:39.0262 0x10f4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
00:38:39.0275 0x10f4  1394ohci - ok
00:38:39.0312 0x10f4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
00:38:39.0321 0x10f4  ACPI - ok
00:38:39.0330 0x10f4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
00:38:39.0331 0x10f4  AcpiPmi - ok
00:38:39.0351 0x10f4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
00:38:39.0359 0x10f4  adp94xx - ok
00:38:39.0371 0x10f4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
00:38:39.0377 0x10f4  adpahci - ok
00:38:39.0383 0x10f4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
00:38:39.0386 0x10f4  adpu320 - ok
00:38:39.0407 0x10f4  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
00:38:39.0408 0x10f4  AeLookupSvc - ok
00:38:39.0457 0x10f4  [ 3F3CF42B66819B811EFF648289508EF7, B38202146FCB10CB9A6B3C896730A93B6A7D450E40D256F9D364E9A4B117C9FB ] AFD             C:\Windows\system32\drivers\afd.sys
00:38:39.0470 0x10f4  AFD - ok
00:38:39.0483 0x10f4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
00:38:39.0484 0x10f4  agp440 - ok
00:38:39.0495 0x10f4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
00:38:39.0498 0x10f4  ALG - ok
00:38:39.0501 0x10f4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
00:38:39.0502 0x10f4  aliide - ok
00:38:39.0539 0x10f4  [ 66B54471B5856E314947881E28263A6D, 2D60706B52A2CE98FF806337D62CD010C1DEB2AEDDF899C7B67173928B2D7C4C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
00:38:39.0546 0x10f4  AMD External Events Utility - ok
00:38:39.0554 0x10f4  AMD FUEL Service - ok
00:38:39.0586 0x10f4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
00:38:39.0586 0x10f4  amdide - ok
00:38:39.0592 0x10f4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
00:38:39.0593 0x10f4  AmdK8 - ok
00:38:39.0966 0x10f4  [ FBB35875FEFE53D4280259842069ED72, B1A1B5799A6C50C244182CD201A1E9FCB7BE3B5ED4BB2E2E6BCF8E1BF53B75DB ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
00:38:40.0161 0x10f4  amdkmdag - ok
00:38:40.0221 0x10f4  [ A32BCAD9377E3B75D034CAFBA463A0AE, F504895D9C9CD1B4607806BCAF15A1CBFBAC2E5824903277A1350C9F35045602 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
00:38:40.0230 0x10f4  amdkmdap - ok
00:38:40.0253 0x10f4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
00:38:40.0254 0x10f4  AmdPPM - ok
00:38:40.0279 0x10f4  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
00:38:40.0286 0x10f4  amdsata - ok
00:38:40.0318 0x10f4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
00:38:40.0326 0x10f4  amdsbs - ok
00:38:40.0343 0x10f4  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
00:38:40.0344 0x10f4  amdxata - ok
00:38:40.0346 0x10f4  AODDriver4.2 - ok
00:38:40.0374 0x10f4  [ C2C9CD15F76E0681C948BA5D5E7AC116, 0AAB4F4EF259143BECABB58959A91E7FDAF4D0C89E4E58C2329D806D2BFBF629 ] AppID           C:\Windows\system32\drivers\appid.sys
00:38:40.0375 0x10f4  AppID - ok
00:38:40.0384 0x10f4  [ EB13D5305577A9E47E35A96DB33B8909, CB00F92AF6EA5B6909DA5934C74E9F0CAE82339232CC9067AB305EED4E9365D3 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
00:38:40.0385 0x10f4  AppIDSvc - ok
00:38:40.0410 0x10f4  [ 3977D4A871CA0D4F2ED1E7DB46829731, 2AF1C3225994769C3FD25CD7E9603964B035576F25B0B6D91545566E0722FFAA ] Appinfo         C:\Windows\System32\appinfo.dll
00:38:40.0412 0x10f4  Appinfo - ok
00:38:40.0489 0x10f4  [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:38:40.0493 0x10f4  Apple Mobile Device - ok
00:38:40.0543 0x10f4  [ 4D0AA539EFBECC4114031FC1C33F7345, 3D118504FAEE76BA5CE83650409C9BBD472D129B9CDBDBB7C27A5376D76A923F ] AppMgmt         C:\Windows\System32\appmgmts.dll
00:38:40.0557 0x10f4  AppMgmt - ok
00:38:40.0567 0x10f4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
00:38:40.0569 0x10f4  arc - ok
00:38:40.0575 0x10f4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
00:38:40.0578 0x10f4  arcsas - ok
00:38:40.0694 0x10f4  [ A82C01606DC27D05D9D3BFB6BB807E32, CE231637422709D927FB6FA0C4F2215B9C0E3EBBD951FB2FA97B8E64DA479B96 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
00:38:40.0696 0x10f4  AsIO - ok
00:38:40.0787 0x10f4  [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:38:40.0803 0x10f4  aspnet_state - ok
00:38:40.0839 0x10f4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
00:38:40.0841 0x10f4  AsyncMac - ok
00:38:40.0854 0x10f4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
00:38:40.0857 0x10f4  atapi - ok
00:38:40.0887 0x10f4  [ 770A3B0D78232B0C1054495392A1FBA3, 733BB08BAFE42E848F3A3CDFD80A2C37DB829CAD2E18B3D6299FDEE6EF30C9CD ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
00:38:40.0889 0x10f4  AtiHDAudioService - ok
00:38:40.0930 0x10f4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:38:40.0948 0x10f4  AudioEndpointBuilder - ok
00:38:40.0965 0x10f4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
00:38:40.0975 0x10f4  AudioSrv - ok
00:38:41.0007 0x10f4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
00:38:41.0009 0x10f4  AxInstSV - ok
00:38:41.0098 0x10f4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
00:38:41.0113 0x10f4  b06bdrv - ok
00:38:41.0141 0x10f4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
00:38:41.0148 0x10f4  b57nd60a - ok
00:38:41.0171 0x10f4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
00:38:41.0173 0x10f4  BDESVC - ok
00:38:41.0186 0x10f4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
00:38:41.0186 0x10f4  Beep - ok
00:38:41.0260 0x10f4  [ 7399BA470E5D59EC8551E054ABD2C53A, EB4E1CD353D7F04DEBE6005154FF7B35DF5F9B539992F34E8227C72377D4CB53 ] BFE             C:\Windows\System32\bfe.dll
00:38:41.0279 0x10f4  BFE - ok
00:38:41.0317 0x10f4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
00:38:41.0334 0x10f4  BITS - ok
00:38:41.0377 0x10f4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
00:38:41.0380 0x10f4  blbdrive - ok
00:38:41.0454 0x10f4  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:38:41.0472 0x10f4  Bonjour Service - ok
00:38:41.0487 0x10f4  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
00:38:41.0489 0x10f4  bowser - ok
00:38:41.0494 0x10f4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
00:38:41.0494 0x10f4  BrFiltLo - ok
00:38:41.0503 0x10f4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
00:38:41.0503 0x10f4  BrFiltUp - ok
00:38:41.0517 0x10f4  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
00:38:41.0520 0x10f4  Browser - ok
00:38:41.0543 0x10f4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
00:38:41.0548 0x10f4  Brserid - ok
00:38:41.0563 0x10f4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
00:38:41.0564 0x10f4  BrSerWdm - ok
00:38:41.0600 0x10f4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
00:38:41.0600 0x10f4  BrUsbMdm - ok
00:38:41.0604 0x10f4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
00:38:41.0604 0x10f4  BrUsbSer - ok
00:38:41.0608 0x10f4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
00:38:41.0609 0x10f4  BTHMODEM - ok
00:38:41.0635 0x10f4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
00:38:41.0637 0x10f4  bthserv - ok
00:38:41.0649 0x10f4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
00:38:41.0650 0x10f4  cdfs - ok
00:38:41.0670 0x10f4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
00:38:41.0672 0x10f4  cdrom - ok
00:38:41.0690 0x10f4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
00:38:41.0691 0x10f4  CertPropSvc - ok
00:38:41.0719 0x10f4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
00:38:41.0720 0x10f4  circlass - ok
00:38:41.0759 0x10f4  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
00:38:41.0771 0x10f4  CLFS - ok
00:38:41.0816 0x10f4  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:38:41.0819 0x10f4  clr_optimization_v2.0.50727_32 - ok
00:38:41.0863 0x10f4  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:38:41.0872 0x10f4  clr_optimization_v2.0.50727_64 - ok
00:38:41.0933 0x10f4  [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:38:41.0982 0x10f4  clr_optimization_v4.0.30319_32 - ok
00:38:42.0009 0x10f4  [ 86329C35FF23CFEF0FB6C0023BA06BCE, D915CE7AD564F97A1C3B047D5248B7EF67ADDC59687FBC90F1776C21DAA0D3FD ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:38:42.0019 0x10f4  clr_optimization_v4.0.30319_64 - ok
00:38:42.0031 0x10f4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
00:38:42.0033 0x10f4  CmBatt - ok
00:38:42.0038 0x10f4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
00:38:42.0038 0x10f4  cmdide - ok
00:38:42.0064 0x10f4  [ 1EBE690301AB165E9602381F69A6C7F7, DD3F41FBEB73C86C99F6FD4497122304AC576EEED35309EB2F2CCF9CEE0D686C ] CNG             C:\Windows\system32\Drivers\cng.sys
00:38:42.0077 0x10f4  CNG - ok
00:38:42.0089 0x10f4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
00:38:42.0090 0x10f4  Compbatt - ok
00:38:42.0107 0x10f4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
00:38:42.0108 0x10f4  CompositeBus - ok
00:38:42.0112 0x10f4  COMSysApp - ok
00:38:42.0117 0x10f4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
00:38:42.0118 0x10f4  crcdisk - ok
00:38:42.0137 0x10f4  [ 9C01375BE382E834CC26D1B7EAF2C4FE, B1D1E36B91A3C3CD09428EE3403896F71390A2798323BB406B484D9DB064A219 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
00:38:42.0142 0x10f4  CryptSvc - ok
00:38:42.0178 0x10f4  [ 5B0D28D7072499817A56527670F5C4B3, 47BC116DA2FD228AFBBCC942458BDE02ACFBFD0F88CBB610160177448B162BD0 ] CSC             C:\Windows\system32\drivers\csc.sys
00:38:42.0191 0x10f4  CSC - ok
00:38:42.0227 0x10f4  [ 13E7EB404B935ED29D5D63242BC15675, F785B0C56996BFCCA71F0C62FDC7B2E4589A3A26DA3087D335961636AC426222 ] CscService      C:\Windows\System32\cscsvc.dll
00:38:42.0245 0x10f4  CscService - ok
00:38:42.0270 0x10f4  [ 754F0C7DFA63EED14CC465E654A469D3, 230009708BC9961A8750B27F3FCA4A1AD3BF2DBBD4FB7E73C4AB5C748472FA4C ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
00:38:42.0273 0x10f4  CtClsFlt - ok
00:38:42.0302 0x10f4  [ F3EF088F45BE326B4EDAC8C1C5A35105, 6A8F992981AB68F811E3EF51545A0B0572A88C746472D24042646329B581F519 ] DcomLaunch      C:\Windows\system32\rpcss.dll
00:38:42.0313 0x10f4  DcomLaunch - ok
00:38:42.0332 0x10f4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
00:38:42.0338 0x10f4  defragsvc - ok
00:38:42.0363 0x10f4  [ A61E76AA38582730CEFA51B78B3184B2, 1E7B401E9765C18CA17F26D796CC77601FC06220C4B88FE5727215B0446BE8BB ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
00:38:42.0364 0x10f4  DfsC - ok
00:38:42.0390 0x10f4  [ 30710AEFCE721CEEE0F35EB6A01C263C, FB062EC86474D38BBC38E11E2618A9505001C287430B495C482977BBE58017C8 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
00:38:42.0392 0x10f4  dg_ssudbus - ok
00:38:42.0461 0x10f4  [ 3249F4E4DBF1BD24B40DFF385F2511D4, BFDF544580127CE07FCF01DE6A011C478F7D5948569B649BB5B0AAD85B2188F2 ] Dhcp            C:\Windows\system32\dhcpcore.dll
00:38:42.0484 0x10f4  Dhcp - ok
00:38:42.0500 0x10f4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
00:38:42.0501 0x10f4  discache - ok
00:38:42.0525 0x10f4  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
00:38:42.0527 0x10f4  Disk - ok
00:38:42.0550 0x10f4  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
00:38:42.0552 0x10f4  dmvsc - ok
00:38:42.0577 0x10f4  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
00:38:42.0582 0x10f4  Dnscache - ok
00:38:42.0604 0x10f4  [ 8DA62036CC6192959D675142A3084916, BA97989D8E047872C54BC517697366741AFBB483906185EDED67C7C5854FCB4F ] dot3svc         C:\Windows\System32\dot3svc.dll
00:38:42.0611 0x10f4  dot3svc - ok
00:38:42.0629 0x10f4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
00:38:42.0633 0x10f4  DPS - ok
00:38:42.0662 0x10f4  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
00:38:42.0663 0x10f4  drmkaud - ok
00:38:42.0709 0x10f4  [ F5BEE30450E18E6B83A5012C100616FD, 44D0577D159FC2BDF4EAD1DC2C7FD14925D075225EF97608CAC52DEE405B08FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
00:38:42.0729 0x10f4  DXGKrnl - ok
00:38:42.0757 0x10f4  EagleX64 - ok
00:38:42.0779 0x10f4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
00:38:42.0781 0x10f4  EapHost - ok
00:38:42.0894 0x10f4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
00:38:42.0956 0x10f4  ebdrv - ok
00:38:42.0984 0x10f4  [ 9E3E3E092B01D89A742FF65549929BF4, 9D5DE7408EA00EE58E7847591FBDCC904F86157011346956C552CAE350B82895 ] EFS             C:\Windows\System32\lsass.exe
00:38:42.0986 0x10f4  EFS - ok
00:38:43.0058 0x10f4  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
00:38:43.0077 0x10f4  ehRecvr - ok
00:38:43.0087 0x10f4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
00:38:43.0090 0x10f4  ehSched - ok
00:38:43.0127 0x10f4  [ BE2902E13CA69383F449B6BF927844FB, F092785E305D8E1FE795AF98A7A7B7B4548A0D6687060568C9E078FFA8D65C1C ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
00:38:43.0130 0x10f4  ElbyCDIO - ok
00:38:43.0178 0x10f4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
00:38:43.0192 0x10f4  elxstor - ok
00:38:43.0203 0x10f4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
00:38:43.0203 0x10f4  ErrDev - ok
00:38:43.0230 0x10f4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
00:38:43.0238 0x10f4  EventSystem - ok
00:38:43.0245 0x10f4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
00:38:43.0248 0x10f4  exfat - ok
00:38:43.0262 0x10f4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
00:38:43.0265 0x10f4  fastfat - ok
00:38:43.0307 0x10f4  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
00:38:43.0321 0x10f4  Fax - ok
00:38:43.0337 0x10f4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
00:38:43.0337 0x10f4  fdc - ok
00:38:43.0374 0x10f4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
00:38:43.0377 0x10f4  fdPHost - ok
00:38:43.0396 0x10f4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
00:38:43.0401 0x10f4  FDResPub - ok
00:38:43.0427 0x10f4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
00:38:43.0432 0x10f4  FileInfo - ok
00:38:43.0453 0x10f4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
00:38:43.0454 0x10f4  Filetrace - ok
00:38:43.0459 0x10f4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
00:38:43.0460 0x10f4  flpydisk - ok
00:38:43.0488 0x10f4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
00:38:43.0496 0x10f4  FltMgr - ok
00:38:43.0549 0x10f4  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
00:38:43.0575 0x10f4  FontCache - ok
00:38:43.0618 0x10f4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:38:43.0620 0x10f4  FontCache3.0.0.0 - ok
00:38:43.0635 0x10f4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
00:38:43.0639 0x10f4  FsDepends - ok
00:38:43.0666 0x10f4  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
00:38:43.0668 0x10f4  Fs_Rec - ok
00:38:43.0707 0x10f4  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
00:38:43.0717 0x10f4  fvevol - ok
00:38:43.0738 0x10f4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
00:38:43.0739 0x10f4  gagp30kx - ok
00:38:43.0768 0x10f4  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:38:43.0769 0x10f4  GEARAspiWDM - ok
00:38:43.0837 0x10f4  [ 030B778F4272DF185E4E2E8EC49D162E, 702E884DC9C56D67A250F2DE4C293A878054F0F0A3BB64944A204445D9D5357F ] gpsvc           C:\Windows\System32\gpsvc.dll
00:38:43.0859 0x10f4  gpsvc - ok
00:38:43.0941 0x10f4  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:38:43.0949 0x10f4  gupdate - ok
00:38:43.0963 0x10f4  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:38:43.0971 0x10f4  gupdatem - ok
00:38:43.0992 0x10f4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
00:38:43.0993 0x10f4  hcw85cir - ok
00:38:44.0065 0x10f4  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:38:44.0079 0x10f4  HdAudAddService - ok
00:38:44.0105 0x10f4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
00:38:44.0109 0x10f4  HDAudBus - ok
00:38:44.0113 0x10f4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
00:38:44.0114 0x10f4  HidBatt - ok
00:38:44.0129 0x10f4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
00:38:44.0131 0x10f4  HidBth - ok
00:38:44.0147 0x10f4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
00:38:44.0149 0x10f4  HidIr - ok
00:38:44.0173 0x10f4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
00:38:44.0175 0x10f4  hidserv - ok
00:38:44.0195 0x10f4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
00:38:44.0196 0x10f4  HidUsb - ok
00:38:44.0215 0x10f4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
00:38:44.0218 0x10f4  hkmsvc - ok
00:38:44.0254 0x10f4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:38:44.0261 0x10f4  HomeGroupListener - ok
00:38:44.0286 0x10f4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:38:44.0292 0x10f4  HomeGroupProvider - ok
00:38:44.0305 0x10f4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
00:38:44.0307 0x10f4  HpSAMD - ok
00:38:44.0341 0x10f4  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
00:38:44.0361 0x10f4  HTTP - ok
00:38:44.0386 0x10f4  [ 21F59A1E203F637563C7FFF5DE2B2B85, 0E3011D99353AE2D11A7E97C9AB3D935CC3F790AB7A5FAD446C5CA855127B5C2 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
00:38:44.0387 0x10f4  hwdatacard - ok
00:38:44.0401 0x10f4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
00:38:44.0402 0x10f4  hwpolicy - ok
00:38:44.0425 0x10f4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
00:38:44.0427 0x10f4  i8042prt - ok
00:38:44.0490 0x10f4  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
00:38:44.0503 0x10f4  iaStorV - ok
00:38:44.0554 0x10f4  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:38:44.0571 0x10f4  idsvc - ok
00:38:44.0579 0x10f4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
00:38:44.0580 0x10f4  iirsp - ok
00:38:44.0615 0x10f4  [ 0985993033AA3954FAD26A15124AA5D4, 265F42E41DDD9ECFD44A8FCBC3F60F0AE82001860615A84DD79E9A3BCC8C5AFD ] IKEEXT          C:\Windows\System32\ikeext.dll
00:38:44.0631 0x10f4  IKEEXT - ok
00:38:44.0644 0x10f4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
00:38:44.0644 0x10f4  intelide - ok
00:38:44.0653 0x10f4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
00:38:44.0654 0x10f4  intelppm - ok
00:38:44.0689 0x10f4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
00:38:44.0691 0x10f4  IPBusEnum - ok
00:38:44.0695 0x10f4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:38:44.0697 0x10f4  IpFilterDriver - ok
00:38:44.0717 0x10f4  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
00:38:44.0728 0x10f4  iphlpsvc - ok
00:38:44.0741 0x10f4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
00:38:44.0742 0x10f4  IPMIDRV - ok
00:38:44.0747 0x10f4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
00:38:44.0749 0x10f4  IPNAT - ok
00:38:44.0860 0x10f4  [ 0FA89CB1B99AD494CE36DD2DE717D696, 5B35B26C625306A7AD5A00FCAC46FD6D60061F1C8171352B5EF1C916A667AC92 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
00:38:44.0877 0x10f4  iPod Service - ok
00:38:44.0900 0x10f4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
00:38:44.0900 0x10f4  IRENUM - ok
00:38:44.0903 0x10f4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
00:38:44.0904 0x10f4  isapnp - ok
00:38:44.0924 0x10f4  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
00:38:44.0930 0x10f4  iScsiPrt - ok
00:38:44.0944 0x10f4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
00:38:44.0945 0x10f4  kbdclass - ok
00:38:44.0953 0x10f4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
00:38:44.0953 0x10f4  kbdhid - ok
00:38:44.0963 0x10f4  [ 9E3E3E092B01D89A742FF65549929BF4, 9D5DE7408EA00EE58E7847591FBDCC904F86157011346956C552CAE350B82895 ] KeyIso          C:\Windows\system32\lsass.exe
00:38:44.0964 0x10f4  KeyIso - ok
00:38:44.0974 0x10f4  [ F71589852FC3F86F866F1A66065BB237, B243D1492119AE1163FC4A29A46AB3F9336F805B403C73ED04F771902D41B734 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
00:38:44.0976 0x10f4  KSecDD - ok
00:38:44.0987 0x10f4  [ 59480712518BB50798B000980F6E626D, BECF61ECA6A8BDC4CD9FF206F64A53FEF3AA4CF0852B049074AEFE486C2B9FB6 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
00:38:44.0990 0x10f4  KSecPkg - ok
00:38:44.0998 0x10f4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
00:38:44.0998 0x10f4  ksthunk - ok
00:38:45.0026 0x10f4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
00:38:45.0033 0x10f4  KtmRm - ok
00:38:45.0060 0x10f4  [ 5CE3ADEF1C7203DCC0467E084ACE5643, E8A26479F296451310D42215E3E280C80A18BD6E537A854D1702873AC4162382 ] LanmanServer    C:\Windows\system32\srvsvc.dll
00:38:45.0065 0x10f4  LanmanServer - ok
00:38:45.0099 0x10f4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:38:45.0102 0x10f4  LanmanWorkstation - ok
00:38:45.0143 0x10f4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
00:38:45.0147 0x10f4  lltdio - ok
00:38:45.0195 0x10f4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
00:38:45.0215 0x10f4  lltdsvc - ok
00:38:45.0227 0x10f4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
00:38:45.0228 0x10f4  lmhosts - ok
00:38:45.0242 0x10f4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
00:38:45.0245 0x10f4  LSI_FC - ok
00:38:45.0259 0x10f4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
00:38:45.0262 0x10f4  LSI_SAS - ok
00:38:45.0267 0x10f4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
00:38:45.0269 0x10f4  LSI_SAS2 - ok
00:38:45.0276 0x10f4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
00:38:45.0279 0x10f4  LSI_SCSI - ok
00:38:45.0290 0x10f4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
00:38:45.0293 0x10f4  luafv - ok
00:38:45.0308 0x10f4  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
00:38:45.0311 0x10f4  Mcx2Svc - ok
00:38:45.0328 0x10f4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
00:38:45.0329 0x10f4  megasas - ok
00:38:45.0347 0x10f4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
00:38:45.0354 0x10f4  MegaSR - ok
00:38:45.0370 0x10f4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
00:38:45.0373 0x10f4  MMCSS - ok
00:38:45.0379 0x10f4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
00:38:45.0381 0x10f4  Modem - ok
00:38:45.0391 0x10f4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
00:38:45.0392 0x10f4  monitor - ok
00:38:45.0409 0x10f4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
00:38:45.0411 0x10f4  mouclass - ok
00:38:45.0453 0x10f4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
00:38:45.0454 0x10f4  mouhid - ok
00:38:45.0480 0x10f4  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
00:38:45.0487 0x10f4  mountmgr - ok
00:38:45.0512 0x10f4  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
00:38:45.0523 0x10f4  mpio - ok
00:38:45.0540 0x10f4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
00:38:45.0545 0x10f4  mpsdrv - ok
00:38:45.0590 0x10f4  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
00:38:45.0610 0x10f4  MpsSvc - ok
00:38:45.0639 0x10f4  [ 426FFAD924B4B338B84D13F6AA5F5C8D, 0B38D11139B2805D28CBC971AD7974D4FCDE01968D564A8186939EF49878AFF9 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
00:38:45.0641 0x10f4  MRxDAV - ok
00:38:45.0684 0x10f4  [ 631EC673CD9115AA5A3570E7C092A410, 2FD8525D0BAE43C7D0E8858B65EC2E707734CC59CB642617712C2AA62CF10B04 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
00:38:45.0695 0x10f4  mrxsmb - ok
00:38:45.0712 0x10f4  [ B10A0DF47FB6A1B807617A8EB8CF1045, 6EAD4CD5B6325718143AF46B100E0122C254A7E3EECF87AE8590A783D60DD2D0 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:38:45.0719 0x10f4  mrxsmb10 - ok
00:38:45.0731 0x10f4  [ B7D1933C1835A39B55BB59A2190DC858, B594BDEA0FB8CE1C736A2F8487A7EC5353AFB1B2DF80178F21897EFDD6D6C4C5 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:38:45.0735 0x10f4  mrxsmb20 - ok
00:38:45.0751 0x10f4  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
00:38:45.0752 0x10f4  msahci - ok
00:38:45.0759 0x10f4  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
00:38:45.0762 0x10f4  msdsm - ok
00:38:45.0774 0x10f4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
00:38:45.0778 0x10f4  MSDTC - ok
00:38:45.0802 0x10f4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
00:38:45.0803 0x10f4  Msfs - ok
00:38:45.0822 0x10f4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
00:38:45.0822 0x10f4  mshidkmdf - ok
00:38:45.0833 0x10f4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
00:38:45.0833 0x10f4  msisadrv - ok
00:38:45.0870 0x10f4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
00:38:45.0874 0x10f4  MSiSCSI - ok
00:38:45.0878 0x10f4  msiserver - ok
00:38:45.0904 0x10f4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
00:38:45.0904 0x10f4  MSKSSRV - ok
00:38:45.0918 0x10f4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
00:38:45.0918 0x10f4  MSPCLOCK - ok
00:38:45.0922 0x10f4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
00:38:45.0922 0x10f4  MSPQM - ok
00:38:45.0945 0x10f4  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
00:38:45.0955 0x10f4  MsRPC - ok
00:38:45.0968 0x10f4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
00:38:45.0969 0x10f4  mssmbios - ok
00:38:45.0978 0x10f4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
00:38:45.0978 0x10f4  MSTEE - ok
00:38:45.0983 0x10f4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
00:38:45.0983 0x10f4  MTConfig - ok
00:38:46.0030 0x10f4  [ 19B006B181E3875FD254F7B67ACF1E7C, 1D68D19522E71F16B8B50F8CCFBC9D884CF2DAC40CC409BD5A40A4D4223ABC61 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
00:38:46.0031 0x10f4  MTsensor - ok
00:38:46.0053 0x10f4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
00:38:46.0058 0x10f4  Mup - ok
00:38:46.0112 0x10f4  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
00:38:46.0128 0x10f4  napagent - ok
00:38:46.0167 0x10f4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
00:38:46.0175 0x10f4  NativeWifiP - ok
00:38:46.0245 0x10f4  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
00:38:46.0269 0x10f4  NDIS - ok
00:38:46.0284 0x10f4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
00:38:46.0285 0x10f4  NdisCap - ok
00:38:46.0299 0x10f4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
00:38:46.0299 0x10f4  NdisTapi - ok
00:38:46.0315 0x10f4  [ 662CBFAA835FFF1A935DD01890AAFC62, 41CD715EF77446E2ECD70A512BF2A5DC8C32C0F38E56F48621461784C28CF914 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
00:38:46.0316 0x10f4  Ndisuio - ok
00:38:46.0339 0x10f4  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
00:38:46.0341 0x10f4  NdisWan - ok
00:38:46.0352 0x10f4  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
00:38:46.0353 0x10f4  NDProxy - ok
00:38:46.0367 0x10f4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
00:38:46.0367 0x10f4  NetBIOS - ok
00:38:46.0379 0x10f4  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
00:38:46.0384 0x10f4  NetBT - ok
00:38:46.0396 0x10f4  [ 9E3E3E092B01D89A742FF65549929BF4, 9D5DE7408EA00EE58E7847591FBDCC904F86157011346956C552CAE350B82895 ] Netlogon        C:\Windows\system32\lsass.exe
00:38:46.0397 0x10f4  Netlogon - ok
00:38:46.0426 0x10f4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
00:38:46.0433 0x10f4  Netman - ok
00:38:46.0468 0x10f4  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:38:46.0472 0x10f4  NetMsmqActivator - ok
00:38:46.0484 0x10f4  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:38:46.0493 0x10f4  NetPipeActivator - ok
00:38:46.0527 0x10f4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
00:38:46.0541 0x10f4  netprofm - ok
00:38:46.0548 0x10f4  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:38:46.0552 0x10f4  NetTcpActivator - ok
00:38:46.0558 0x10f4  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:38:46.0561 0x10f4  NetTcpPortSharing - ok
00:38:46.0577 0x10f4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
00:38:46.0578 0x10f4  nfrd960 - ok
00:38:46.0609 0x10f4  [ 843E337C1CDD282545ED7515345E263B, B0E485856FC1C28DA6C453BF60A04F603BA15D7B0D84896E878049198F2FD1C9 ] NlaSvc          C:\Windows\System32\nlasvc.dll
00:38:46.0615 0x10f4  NlaSvc - ok
00:38:46.0626 0x10f4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
00:38:46.0627 0x10f4  Npfs - ok
00:38:46.0668 0x10f4  npggsvc - ok
00:38:46.0692 0x10f4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
00:38:46.0697 0x10f4  nsi - ok
00:38:46.0712 0x10f4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
00:38:46.0714 0x10f4  nsiproxy - ok
00:38:46.0802 0x10f4  [ 9A77052C2F5F408CB8402D992360BC07, 6CC96BD8514E88B1358579E97F254A644ABAA02860D1B6BC0AB380141C4A3A11 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
00:38:46.0834 0x10f4  Ntfs - ok
00:38:46.0843 0x10f4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
00:38:46.0843 0x10f4  Null - ok
00:38:46.0904 0x10f4  [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
00:38:46.0927 0x10f4  NVENETFD - ok
00:38:46.0951 0x10f4  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
00:38:46.0954 0x10f4  nvraid - ok
00:38:46.0973 0x10f4  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
00:38:46.0977 0x10f4  nvstor - ok
00:38:46.0995 0x10f4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
00:38:46.0998 0x10f4  nv_agp - ok
00:38:47.0012 0x10f4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
00:38:47.0014 0x10f4  ohci1394 - ok
00:38:47.0045 0x10f4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
00:38:47.0055 0x10f4  p2pimsvc - ok
00:38:47.0075 0x10f4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
00:38:47.0084 0x10f4  p2psvc - ok
00:38:47.0099 0x10f4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
00:38:47.0100 0x10f4  Parport - ok
00:38:47.0112 0x10f4  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
00:38:47.0114 0x10f4  partmgr - ok
00:38:47.0125 0x10f4  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
00:38:47.0129 0x10f4  PcaSvc - ok
00:38:47.0146 0x10f4  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
00:38:47.0150 0x10f4  pci - ok
00:38:47.0161 0x10f4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
00:38:47.0161 0x10f4  pciide - ok
00:38:47.0216 0x10f4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
00:38:47.0227 0x10f4  pcmcia - ok
00:38:47.0232 0x10f4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
00:38:47.0233 0x10f4  pcw - ok
00:38:47.0264 0x10f4  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
00:38:47.0281 0x10f4  PEAUTH - ok
00:38:47.0387 0x10f4  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
00:38:47.0418 0x10f4  PeerDistSvc - ok
00:38:47.0468 0x10f4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
00:38:47.0473 0x10f4  PerfHost - ok
00:38:47.0603 0x10f4  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
00:38:47.0632 0x10f4  pla - ok
00:38:47.0666 0x10f4  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
00:38:47.0675 0x10f4  PlugPlay - ok
00:38:47.0689 0x10f4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
00:38:47.0690 0x10f4  PNRPAutoReg - ok
00:38:47.0705 0x10f4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
00:38:47.0710 0x10f4  PNRPsvc - ok
00:38:47.0740 0x10f4  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
00:38:47.0751 0x10f4  PolicyAgent - ok
00:38:47.0765 0x10f4  [ B2392DBB9085E39AAB5204BE92FB3AB0, BB7741859C9FB5B3DCA98DDC2869C05AD06DA896F5B0CA821D433C46463F8536 ] Power           C:\Windows\system32\umpo.dll
00:38:47.0769 0x10f4  Power - ok
00:38:47.0803 0x10f4  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
00:38:47.0805 0x10f4  PptpMiniport - ok
00:38:47.0815 0x10f4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
00:38:47.0817 0x10f4  Processor - ok
00:38:47.0833 0x10f4  [ 5CCDC5AECAC81371CCCB77F0556C757F, A7A195C20B7316BDA795B03A1166DAE1892F96F471FBD9595AAACBDF035F42B4 ] ProfSvc         C:\Windows\system32\profsvc.dll
00:38:47.0838 0x10f4  ProfSvc - ok
00:38:47.0845 0x10f4  [ 9E3E3E092B01D89A742FF65549929BF4, 9D5DE7408EA00EE58E7847591FBDCC904F86157011346956C552CAE350B82895 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:38:47.0846 0x10f4  ProtectedStorage - ok
00:38:47.0861 0x10f4  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
00:38:47.0864 0x10f4  Psched - ok
00:38:47.0960 0x10f4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
00:38:47.0991 0x10f4  ql2300 - ok
00:38:48.0005 0x10f4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
00:38:48.0007 0x10f4  ql40xx - ok
00:38:48.0034 0x10f4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
00:38:48.0039 0x10f4  QWAVE - ok
00:38:48.0046 0x10f4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
00:38:48.0047 0x10f4  QWAVEdrv - ok
00:38:48.0054 0x10f4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
00:38:48.0054 0x10f4  RasAcd - ok
00:38:48.0076 0x10f4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
00:38:48.0077 0x10f4  RasAgileVpn - ok
00:38:48.0087 0x10f4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
00:38:48.0089 0x10f4  RasAuto - ok
00:38:48.0105 0x10f4  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
00:38:48.0108 0x10f4  Rasl2tp - ok
00:38:48.0154 0x10f4  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
00:38:48.0164 0x10f4  RasMan - ok
00:38:48.0174 0x10f4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
00:38:48.0177 0x10f4  RasPppoe - ok
00:38:48.0227 0x10f4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
00:38:48.0233 0x10f4  RasSstp - ok
00:38:48.0270 0x10f4  [ DB854D79B792CBDD51F3072B44D724F0, 0FF84D8ECE098C28596B77F71582BC362FB23C671922544F847B659D52B9F8A9 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
00:38:48.0280 0x10f4  rdbss - ok
00:38:48.0291 0x10f4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
00:38:48.0291 0x10f4  rdpbus - ok
00:38:48.0308 0x10f4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
00:38:48.0308 0x10f4  RDPCDD - ok
00:38:48.0329 0x10f4  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
00:38:48.0333 0x10f4  RDPDR - ok
00:38:48.0347 0x10f4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
00:38:48.0347 0x10f4  RDPENCDD - ok
00:38:48.0362 0x10f4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
00:38:48.0363 0x10f4  RDPREFMP - ok
00:38:48.0405 0x10f4  [ 70CBA1A0C98600A2AA1863479B35CB90, 91A133297921B4955817176251AFC5283DA3C7D2099700C4C92ECC94DBE9A99E ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
00:38:48.0406 0x10f4  RdpVideoMiniport - ok
00:38:48.0421 0x10f4  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
00:38:48.0427 0x10f4  RDPWD - ok
00:38:48.0450 0x10f4  [ 9500266AFA2548D2812DC59D8C1D7BD3, 25FFD440B02D7D651B57133D94C95EB526F7189F3329060D004F28BA179BF89F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
00:38:48.0456 0x10f4  rdyboost - ok
00:38:48.0480 0x10f4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
00:38:48.0483 0x10f4  RemoteAccess - ok
00:38:48.0501 0x10f4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
00:38:48.0507 0x10f4  RemoteRegistry - ok
00:38:48.0521 0x10f4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
00:38:48.0524 0x10f4  RpcEptMapper - ok
00:38:48.0533 0x10f4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
00:38:48.0535 0x10f4  RpcLocator - ok
00:38:48.0574 0x10f4  [ F3EF088F45BE326B4EDAC8C1C5A35105, 6A8F992981AB68F811E3EF51545A0B0572A88C746472D24042646329B581F519 ] RpcSs           C:\Windows\system32\rpcss.dll
00:38:48.0587 0x10f4  RpcSs - ok
00:38:48.0599 0x10f4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
00:38:48.0601 0x10f4  rspndr - ok
00:38:48.0644 0x10f4  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
00:38:48.0646 0x10f4  s3cap - ok
00:38:48.0666 0x10f4  [ 9E3E3E092B01D89A742FF65549929BF4, 9D5DE7408EA00EE58E7847591FBDCC904F86157011346956C552CAE350B82895 ] SamSs           C:\Windows\system32\lsass.exe
00:38:48.0670 0x10f4  SamSs - ok
00:38:48.0695 0x10f4  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
00:38:48.0702 0x10f4  sbp2port - ok
00:38:48.0734 0x10f4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
00:38:48.0750 0x10f4  SCardSvr - ok
00:38:48.0757 0x10f4  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
00:38:48.0758 0x10f4  scfilter - ok
00:38:48.0799 0x10f4  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
00:38:48.0825 0x10f4  Schedule - ok
00:38:48.0843 0x10f4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
00:38:48.0845 0x10f4  SCPolicySvc - ok
00:38:48.0861 0x10f4  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
00:38:48.0865 0x10f4  SDRSVC - ok
00:38:48.0886 0x10f4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
00:38:48.0887 0x10f4  secdrv - ok
00:38:48.0902 0x10f4  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
00:38:48.0903 0x10f4  seclogon - ok
00:38:48.0920 0x10f4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
00:38:48.0929 0x10f4  SENS - ok
00:38:48.0949 0x10f4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
00:38:48.0951 0x10f4  SensrSvc - ok
00:38:48.0960 0x10f4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
00:38:48.0961 0x10f4  Serenum - ok
00:38:48.0983 0x10f4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
00:38:48.0985 0x10f4  Serial - ok
00:38:49.0000 0x10f4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
00:38:49.0001 0x10f4  sermouse - ok
00:38:49.0027 0x10f4  [ F8F5016A8021390DFAF8782687B4F226, BF51874E3448F2800DCC74BDDCFD86D55C95B4B076DFAE61DD821A440BB0405E ] SessionEnv      C:\Windows\system32\sessenv.dll
00:38:49.0032 0x10f4  SessionEnv - ok
00:38:49.0036 0x10f4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
00:38:49.0037 0x10f4  sffdisk - ok
00:38:49.0046 0x10f4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
00:38:49.0046 0x10f4  sffp_mmc - ok
00:38:49.0050 0x10f4  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
00:38:49.0051 0x10f4  sffp_sd - ok
00:38:49.0054 0x10f4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
00:38:49.0055 0x10f4  sfloppy - ok
00:38:49.0081 0x10f4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
00:38:49.0091 0x10f4  SharedAccess - ok
00:38:49.0117 0x10f4  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:38:49.0128 0x10f4  ShellHWDetection - ok
00:38:49.0133 0x10f4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
00:38:49.0134 0x10f4  SiSRaid2 - ok
00:38:49.0140 0x10f4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
00:38:49.0142 0x10f4  SiSRaid4 - ok
00:38:49.0171 0x10f4  [ CA355B308AA537C6B9D67CD3A5485AF9, 574072A3A52AF35F6293B082D5A4748CB4465CD0406A7E2AF6B5F86D94DE67AD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
00:38:49.0175 0x10f4  SkypeUpdate - ok
00:38:49.0201 0x10f4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
00:38:49.0207 0x10f4  Smb - ok
00:38:49.0232 0x10f4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
00:38:49.0235 0x10f4  SNMPTRAP - ok
00:38:49.0287 0x10f4  [ 0FFE35F0B0CD5A324BBE22F02569AE3B, F4EE803EEFDB4EAEEDB3024C3516F1F9A202C77F4870D6B74356BBDE32B3B560 ] speedfan        C:\Windows\syswow64\speedfan.sys
00:38:49.0292 0x10f4  speedfan - ok
00:38:49.0317 0x10f4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
00:38:49.0319 0x10f4  spldr - ok
00:38:49.0374 0x10f4  [ B98780FA7839BB6B14823C56A7BDA35C, 7EF79A807DE9940A93BDE9E18CD83940773BCA26CA68646C76BC2F96B6DC2E5B ] Spooler         C:\Windows\System32\spoolsv.exe
00:38:49.0395 0x10f4  Spooler - ok
00:38:49.0498 0x10f4  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
00:38:49.0566 0x10f4  sppsvc - ok
00:38:49.0584 0x10f4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
00:38:49.0586 0x10f4  sppuinotify - ok
00:38:49.0603 0x10f4  [ 20735E269DF367C76EF02DDE9C3FA477, 0D794D191A74406CCD62DCC270F9350981EE935488C61ADF168E98A712EE42B6 ] srv             C:\Windows\system32\DRIVERS\srv.sys
00:38:49.0611 0x10f4  srv - ok
00:38:49.0633 0x10f4  [ 6D1173EDC0D5C02ACE4BEA18F48E0746, BCDF818C079B3E90577AEEE7ECDA4DA2E54F0F393F5FFD26FD0D4793CE14038F ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
00:38:49.0640 0x10f4  srv2 - ok
00:38:49.0662 0x10f4  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
00:38:49.0665 0x10f4  srvnet - ok
00:38:49.0690 0x10f4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
00:38:49.0694 0x10f4  SSDPSRV - ok
00:38:49.0703 0x10f4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
00:38:49.0706 0x10f4  SstpSvc - ok
00:38:49.0742 0x10f4  [ 91310683D7B6B292B746D60734B59322, 2C56C3E4AA7356FB544B52F80ABDA39A80473390CB2059C69BDCCAD40FE56325 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
00:38:49.0752 0x10f4  ssudmdm - ok
00:38:49.0836 0x10f4  [ 706080AD43599D4AB04F1676A3A62CC1, BD9A645163501E2234CAB2B99DB297A634526786D2CDC55FE1C18F5019623E34 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
00:38:49.0852 0x10f4  Steam Client Service - ok
00:38:49.0871 0x10f4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
00:38:49.0872 0x10f4  stexstor - ok
00:38:49.0929 0x10f4  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
00:38:49.0946 0x10f4  stisvc - ok
00:38:49.0968 0x10f4  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
00:38:49.0969 0x10f4  storflt - ok
00:38:49.0981 0x10f4  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
00:38:49.0981 0x10f4  storvsc - ok
00:38:49.0992 0x10f4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
00:38:49.0993 0x10f4  swenum - ok
00:38:50.0011 0x10f4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
00:38:50.0022 0x10f4  swprv - ok
00:38:50.0039 0x10f4  [ C3A39C4079305480972D29C44B868C78, 8F1BB75C743256F905EAEDE744B6082C53774C49126875FB4E4FBA30F5478B17 ] Synth3dVsc      C:\Windows\system32\drivers\synth3dvsc.sys
00:38:50.0041 0x10f4  Synth3dVsc - ok
00:38:50.0157 0x10f4  [ 25E0900D1B452EDEB09B1F9B71195153, 96F47A96AA3510EBC67579806A679D82CF85709A1E041D026378E8F6DC0EB374 ] SysMain         C:\Windows\system32\sysmain.dll
00:38:50.0191 0x10f4  SysMain - ok
00:38:50.0210 0x10f4  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:38:50.0212 0x10f4  TabletInputService - ok
00:38:50.0225 0x10f4  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
00:38:50.0232 0x10f4  TapiSrv - ok
00:38:50.0236 0x10f4  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
00:38:50.0238 0x10f4  TBS - ok
00:38:50.0288 0x10f4  [ B8C1AAC0523E1C33AEB0EF7572144BA2, 16C26DB2004848C3445C15F3729D8AF2769DD00B867170703A4D1FA3C250A789 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
00:38:50.0324 0x10f4  Tcpip - ok
00:38:50.0371 0x10f4  [ B8C1AAC0523E1C33AEB0EF7572144BA2, 16C26DB2004848C3445C15F3729D8AF2769DD00B867170703A4D1FA3C250A789 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
00:38:50.0399 0x10f4  TCPIP6 - ok
00:38:50.0416 0x10f4  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
00:38:50.0417 0x10f4  tcpipreg - ok
00:38:50.0432 0x10f4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
00:38:50.0433 0x10f4  TDPIPE - ok
00:38:50.0470 0x10f4  [ 03E62CD83A62859F4F796434EE6C385E, B5D9C38A207DDFF485A323F86E0926AC8A676733A98BF4A1A2BBA28B74B613CF ] Tdsshbecr       C:\Windows\system32\DRIVERS\shbecr.sys
00:38:50.0474 0x10f4  Tdsshbecr - ok
00:38:50.0492 0x10f4  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
00:38:50.0495 0x10f4  TDTCP - ok
00:38:50.0523 0x10f4  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
00:38:50.0531 0x10f4  tdx - ok
00:38:50.0557 0x10f4  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
00:38:50.0561 0x10f4  TermDD - ok
00:38:50.0595 0x10f4  [ 2B5BDFF688EC9871D7EC5837833374E9, BD6C629FA2938987ABF95B790B20F0B7D4D023D5013E575F343A802D6213074E ] terminpt        C:\Windows\system32\drivers\terminpt.sys
00:38:50.0598 0x10f4  terminpt - ok
00:38:50.0651 0x10f4  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
00:38:50.0671 0x10f4  TermService - ok
00:38:50.0686 0x10f4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
00:38:50.0688 0x10f4  Themes - ok
00:38:50.0701 0x10f4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
00:38:50.0703 0x10f4  THREADORDER - ok
00:38:50.0716 0x10f4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
00:38:50.0718 0x10f4  TrkWks - ok
00:38:50.0773 0x10f4  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:38:50.0817 0x10f4  TrustedInstaller - ok
00:38:50.0845 0x10f4  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
00:38:50.0848 0x10f4  tssecsrv - ok
00:38:50.0869 0x10f4  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
00:38:50.0873 0x10f4  TsUsbFlt - ok
00:38:50.0894 0x10f4  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
00:38:50.0895 0x10f4  TsUsbGD - ok
00:38:50.0930 0x10f4  [ E1748D04AE40118B62BC18AC86032192, A954B141D1B27272C771D14F3B40C7CC1F572DD72559F2C96182EFBE2B095FDE ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
00:38:50.0933 0x10f4  tsusbhub - ok
00:38:50.0965 0x10f4  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
00:38:50.0973 0x10f4  tunnel - ok
00:38:50.0979 0x10f4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
00:38:50.0981 0x10f4  uagp35 - ok
00:38:51.0011 0x10f4  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
00:38:51.0019 0x10f4  udfs - ok
00:38:51.0048 0x10f4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
00:38:51.0051 0x10f4  UI0Detect - ok
00:38:51.0060 0x10f4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
00:38:51.0062 0x10f4  uliagpkx - ok
00:38:51.0081 0x10f4  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
00:38:51.0083 0x10f4  umbus - ok
00:38:51.0090 0x10f4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
00:38:51.0091 0x10f4  UmPass - ok
00:38:51.0118 0x10f4  [ BEBC13D55C302339B9350D9FF9EEFCB5, E8513D2D23D7F134BB4E3BFC85F87B802F4F2E411CCF33306023E5F8D54C5CFF ] UmRdpService    C:\Windows\System32\umrdp.dll
00:38:51.0125 0x10f4  UmRdpService - ok
00:38:51.0148 0x10f4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
00:38:51.0160 0x10f4  upnphost - ok
00:38:51.0183 0x10f4  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
00:38:51.0184 0x10f4  USBAAPL64 - ok
00:38:51.0212 0x10f4  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A, DE1CDDEEF2285CC8387E88ACB13C000576DC8819DF6DC648C988068B5C83BB15 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
00:38:51.0215 0x10f4  usbaudio - ok
00:38:51.0267 0x10f4  [ 6F1A3157A1C89435352CEB543CDB359C, 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
00:38:51.0274 0x10f4  usbccgp - ok
00:38:51.0299 0x10f4  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
00:38:51.0306 0x10f4  usbcir - ok
00:38:51.0326 0x10f4  [ C025055FE7B87701EB042095DF1A2D7B, D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
00:38:51.0330 0x10f4  usbehci - ok
00:38:51.0355 0x10f4  [ 287C6C9410B111B68B52CA298F7B8C24, 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
00:38:51.0364 0x10f4  usbhub - ok
00:38:51.0379 0x10f4  [ 9840FC418B4CBD632D3D0A667A725C31, 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
00:38:51.0380 0x10f4  usbohci - ok
00:38:51.0393 0x10f4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
00:38:51.0394 0x10f4  usbprint - ok
00:38:51.0413 0x10f4  [ ED08C252A0041F8FC0237BAB585BABDC, DF5948BCD5CEB5B69E1A0096465C069E233DB81F5524D7364FF3FCD1E5B28880 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:38:51.0415 0x10f4  USBSTOR - ok
00:38:51.0428 0x10f4  [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
00:38:51.0429 0x10f4  usbuhci - ok
00:38:51.0466 0x10f4  [ 454800C2BC7F3927CE030141EE4F4C50, 10901E62DAA70657C499AD590DECCCA6E46FDDF4A193B2F19279E1B8ED7B1E44 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
00:38:51.0479 0x10f4  usbvideo - ok
00:38:51.0504 0x10f4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
00:38:51.0507 0x10f4  UxSms - ok
00:38:51.0513 0x10f4  [ 9E3E3E092B01D89A742FF65549929BF4, 9D5DE7408EA00EE58E7847591FBDCC904F86157011346956C552CAE350B82895 ] VaultSvc        C:\Windows\system32\lsass.exe
00:38:51.0514 0x10f4  VaultSvc - ok
00:38:51.0543 0x10f4  [ 3EEBF3C348C3DEB4CF6F10F2E6E222CD, 5D85364945ABF28965C7AD75A0EAD54EDBC8C72D64BB3E82D7FDAAD63BDB564E ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
00:38:51.0544 0x10f4  VClone - ok
00:38:51.0565 0x10f4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
00:38:51.0566 0x10f4  vdrvroot - ok
00:38:51.0603 0x10f4  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
00:38:51.0619 0x10f4  vds - ok
00:38:51.0635 0x10f4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
00:38:51.0636 0x10f4  vga - ok
00:38:51.0645 0x10f4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
00:38:51.0646 0x10f4  VgaSave - ok
00:38:51.0650 0x10f4  VGPU - ok
00:38:51.0669 0x10f4  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
00:38:51.0674 0x10f4  vhdmp - ok
00:38:51.0684 0x10f4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
00:38:51.0685 0x10f4  viaide - ok
00:38:51.0705 0x10f4  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
00:38:51.0710 0x10f4  vmbus - ok
00:38:51.0716 0x10f4  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
00:38:51.0717 0x10f4  VMBusHID - ok
00:38:51.0732 0x10f4  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
00:38:51.0734 0x10f4  volmgr - ok
00:38:51.0758 0x10f4  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
00:38:51.0768 0x10f4  volmgrx - ok
00:38:51.0783 0x10f4  [ DF83AA1C4278E2C0E36C0479C1555A9C, EA082BE4E38E22FD0C7D0A98DC227E2E33C0D87964D87276A2F56044656CD6F0 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
00:38:51.0789 0x10f4  volsnap - ok
00:38:51.0803 0x10f4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
00:38:51.0805 0x10f4  vsmraid - ok
00:38:51.0852 0x10f4  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
00:38:51.0883 0x10f4  VSS - ok
00:38:51.0889 0x10f4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
00:38:51.0890 0x10f4  vwifibus - ok
00:38:51.0910 0x10f4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
00:38:51.0918 0x10f4  W32Time - ok
00:38:51.0923 0x10f4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
00:38:51.0924 0x10f4  WacomPen - ok
00:38:51.0939 0x10f4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
00:38:51.0941 0x10f4  WANARP - ok
00:38:51.0955 0x10f4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
00:38:51.0956 0x10f4  Wanarpv6 - ok
00:38:52.0039 0x10f4  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
00:38:52.0067 0x10f4  WatAdminSvc - ok
00:38:52.0114 0x10f4  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
00:38:52.0143 0x10f4  wbengine - ok
00:38:52.0162 0x10f4  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
00:38:52.0166 0x10f4  WbioSrvc - ok
00:38:52.0184 0x10f4  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
00:38:52.0192 0x10f4  wcncsvc - ok
00:38:52.0201 0x10f4  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:38:52.0203 0x10f4  WcsPlugInService - ok
00:38:52.0206 0x10f4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
00:38:52.0206 0x10f4  Wd - ok
00:38:52.0239 0x10f4  [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
00:38:52.0254 0x10f4  Wdf01000 - ok
00:38:52.0265 0x10f4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
00:38:52.0268 0x10f4  WdiServiceHost - ok
00:38:52.0272 0x10f4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
00:38:52.0274 0x10f4  WdiSystemHost - ok
00:38:52.0295 0x10f4  [ 36DF0450720AE33AA8EC5E1C3B21ABEA, B24DD89824544EDB295EBBA51C064B8226771145B8B353A76462DF446D8D12B5 ] WebClient       C:\Windows\System32\webclnt.dll
00:38:52.0301 0x10f4  WebClient - ok
00:38:52.0346 0x10f4  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
00:38:52.0351 0x10f4  Wecsvc - ok
00:38:52.0364 0x10f4  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
00:38:52.0367 0x10f4  wercplsupport - ok
00:38:52.0386 0x10f4  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
00:38:52.0389 0x10f4  WerSvc - ok
00:38:52.0413 0x10f4  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
00:38:52.0415 0x10f4  WfpLwf - ok
00:38:52.0431 0x10f4  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
00:38:52.0434 0x10f4  WIMMount - ok
00:38:52.0461 0x10f4  WinDefend - ok
00:38:52.0467 0x10f4  WinHttpAutoProxySvc - ok
00:38:52.0529 0x10f4  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
00:38:52.0548 0x10f4  Winmgmt - ok
00:38:52.0630 0x10f4  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
00:38:52.0669 0x10f4  WinRM - ok
00:38:52.0718 0x10f4  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
00:38:52.0721 0x10f4  WinUsb - ok
00:38:52.0783 0x10f4  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
00:38:52.0807 0x10f4  Wlansvc - ok
00:38:52.0986 0x10f4  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:38:53.0030 0x10f4  wlidsvc - ok
00:38:53.0049 0x10f4  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
00:38:53.0049 0x10f4  WmiAcpi - ok
00:38:53.0069 0x10f4  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
00:38:53.0073 0x10f4  wmiApSrv - ok
00:38:53.0091 0x10f4  WMPNetworkSvc - ok
00:38:53.0113 0x10f4  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
00:38:53.0114 0x10f4  WPCSvc - ok
00:38:53.0132 0x10f4  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
00:38:53.0135 0x10f4  WPDBusEnum - ok
00:38:53.0151 0x10f4  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
00:38:53.0152 0x10f4  ws2ifsl - ok
00:38:53.0185 0x10f4  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
00:38:53.0195 0x10f4  wscsvc - ok
00:38:53.0198 0x10f4  WSearch - ok
00:38:53.0294 0x10f4  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
00:38:53.0341 0x10f4  wuauserv - ok
00:38:53.0365 0x10f4  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
00:38:53.0367 0x10f4  WudfPf - ok
00:38:53.0418 0x10f4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
00:38:53.0432 0x10f4  WUDFRd - ok
00:38:53.0445 0x10f4  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
00:38:53.0449 0x10f4  wudfsvc - ok
00:38:53.0473 0x10f4  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
00:38:53.0479 0x10f4  WwanSvc - ok
00:38:53.0510 0x10f4  [ E001881D45CB2CB78B86CD8053B62000, E286619ADDB06955DB5FBF67D1131D24CB02563DC6B01C803E6A90B6998146DB ] ZOOM_R16MTR     C:\Windows\system32\Drivers\zmr16usbaudio.sys
00:38:53.0512 0x10f4  ZOOM_R16MTR - ok
00:38:53.0520 0x10f4  ================ Scan global ===============================
00:38:53.0542 0x10f4  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
00:38:53.0574 0x10f4  [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
00:38:53.0584 0x10f4  [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
00:38:53.0606 0x10f4  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
00:38:53.0632 0x10f4  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
00:38:53.0638 0x10f4  [ Global ] - ok
00:38:53.0639 0x10f4  ================ Scan MBR ==================================
00:38:53.0646 0x10f4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:38:53.0863 0x10f4  \Device\Harddisk0\DR0 - ok
00:38:53.0863 0x10f4  ================ Scan VBR ==================================
00:38:53.0865 0x10f4  [ D10C08598867A1DA494AAC3B34F017EA ] \Device\Harddisk0\DR0\Partition1
00:38:53.0866 0x10f4  \Device\Harddisk0\DR0\Partition1 - ok
00:38:53.0869 0x10f4  [ 95CAFE070F5DB079C85CDB5B7019868F ] \Device\Harddisk0\DR0\Partition2
00:38:53.0871 0x10f4  \Device\Harddisk0\DR0\Partition2 - ok
00:38:53.0873 0x10f4  [ AC85CA2611DC80C462DB105DB8E395A1 ] \Device\Harddisk0\DR0\Partition3
00:38:53.0874 0x10f4  \Device\Harddisk0\DR0\Partition3 - ok
00:38:53.0875 0x10f4  ================ Scan generic autorun ======================
00:38:53.0974 0x10f4  [ B77BDB9BA3DA24FC42497D9CB7A99777, A5CDD48C8F8F166FCC864093A004E1678839AF543D1867F42B406CFB2AAD7CCA ] C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe
00:38:53.0988 0x10f4  Live! Central 3 - ok
00:38:54.0028 0x10f4  [ F0CE006E1D14F45959985A05F8E81204, D9FE67DB4CEDB3B09A48C305DDE983A15695EE41C68CE222880D002C0D5D7688 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
00:38:54.0029 0x10f4  APSDaemon - ok
00:38:54.0115 0x10f4  [ 3BD79A1F6D2EA0FDDEA3F8914B2A6A0C, 332E6806EFF846A2E6D0DC04A70D3503855DABFA83E6EC27F37E2D9103E80E51 ] E:\HamplePrograms\VirtualCloneDrive\VCDDaemon.exe
00:38:54.0121 0x10f4  VirtualCloneDrive - ok
00:38:54.0165 0x10f4  [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
00:38:54.0182 0x10f4  SunJavaUpdateSched - ok
00:38:54.0282 0x10f4  [ 16598A9758F386F82D2C447C70C95D10, 0A698135EFC195C359702AA76897B9C67712FDE0A54B51587134B65510B154ED ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
00:38:54.0303 0x10f4  StartCCC - ok
00:38:54.0304 0x10f4  iSkysoft Helper Compact.exe - ok
00:38:54.0306 0x10f4  BrowserPlugInHelper - ok
00:38:54.0354 0x10f4  [ 603668084332DDB58D8C5AACE30B04FC, B6FA6BBE18D433F41F96640726444B7CB9D669BAE87A545E1408391B9469EDB9 ] E:\HamplePrograms\iTunes\iTunesHelper.exe
00:38:54.0357 0x10f4  iTunesHelper - ok
00:38:54.0357 0x10f4  Wondershare Helper Compact.exe - ok
00:38:54.0442 0x10f4  [ 916A2C4EB028604783FD5EA169236C1D, C97DAA1BE5C912DDCEDBA7619631BB98F4A9B32B1E40C5374A64E25305E0A1C4 ] E:\HamplePrograms\QuickTime\QTTask.exe
00:38:54.0460 0x10f4  QuickTime Task - ok
00:38:54.0514 0x10f4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
00:38:54.0536 0x10f4  Sidebar - ok
00:38:54.0561 0x10f4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
00:38:54.0563 0x10f4  mctadmin - ok
00:38:54.0587 0x10f4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
00:38:54.0604 0x10f4  Sidebar - ok
00:38:54.0609 0x10f4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
00:38:54.0611 0x10f4  mctadmin - ok
00:38:54.0767 0x10f4  [ 6FA1F6B8090F04D581E16212886BD861, 1A0D90C6BC9EBE319BF4524FA0EA326073A256252377B860AF48AECE46B6DAC2 ] C:\Users\Hampus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
00:38:54.0792 0x10f4  Spotify Web Helper - ok
00:38:54.0829 0x10f4  Akamai NetSession Interface - ok
00:38:54.0975 0x10f4  [ 1AC1A15DCCFAFD35A2E5D9C2C9BAADD9, 8993491E7C541F712485791D7D91EDC82990849CA5A1DAAF428035D928243247 ] C:\Users\Hampus\AppData\Roaming\Skype\svchost.exe
00:38:55.0016 0x10f4  Keyboard Inf. - ok
00:38:55.0020 0x10f4  Waiting for KSN requests completion. In queue: 342
00:38:56.0020 0x10f4  Waiting for KSN requests completion. In queue: 342
00:38:57.0020 0x10f4  Waiting for KSN requests completion. In queue: 342
00:38:58.0020 0x10f4  Waiting for KSN requests completion. In queue: 342
00:38:59.0020 0x10f4  Have new async UDS detects: 1
00:38:59.0028 0x10f4  Keyboard Inf. - detected UDS:DangerousObject.Multi.Generic ( 0 )
00:38:59.0103 0x10f4  Keyboard Inf. ( UDS:DangerousObject.Multi.Generic ) - infected
00:38:59.0103 0x10f4  Force sending object to P2P due to detect: C:\Users\Hampus\AppData\Roaming\Skype\svchost.exe
00:39:00.0011 0x10f4  Object send P2P result: true
00:39:01.0556 0x10f4  Win FW state via NFP2: enabled
00:39:03.0219 0x10f4  ============================================================
00:39:03.0219 0x10f4  Scan finished
00:39:03.0219 0x10f4  ============================================================
00:39:03.0236 0x1240  Detected object count: 1
00:39:03.0236 0x1240  Actual detected object count: 1
00:39:39.0461 0x1240  Keyboard Inf. ( UDS:DangerousObject.Multi.Generic ) - skipped by user
00:39:39.0461 0x1240  Keyboard Inf. ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
00:40:23.0896 0x1070  Deinitialize success
 


#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:03 AM

Posted 16 August 2014 - 05:50 PM

Well, that would seem to be the culprit

Please run the following

Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 hample

hample
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 16 August 2014 - 07:02 PM

 

ComboFix 14-08-15.01 - Hampus 2014-08-17   1:50.1.4 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.46.1033.18.8191.6170 [GMT 2:00]
Körs från: c:\users\Hampus\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Skapade en ny återställningspunkt
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Hampus\AppData\Local\Temp\sfamcc00001.dll
c:\users\Hampus\AppData\Local\Temp\sfareca00001.dll
.
.
((((((((((((((((((((((((   Filer skapade från 2014-07-16 till 2014-08-16  ))))))))))))))))))))))))))))))
.
.
2014-08-16 19:14 . 2014-08-16 19:15 -------- d-----w- C:\FRST
2014-08-14 13:37 . 2014-08-14 13:37 -------- d-----w- C:\91Mobile
2014-08-13 13:23 . 2014-08-13 13:23 -------- d-----w- c:\programdata\91 Harbor
2014-08-13 11:44 . 2014-01-17 11:03 12072 ----a-w- c:\windows\SysWow64\drivers\MoborobAssDriver64.sys
2014-08-07 22:03 . 2014-08-07 22:03 -------- d-----w- c:\programdata\REVOLT
2014-07-21 00:44 . 2014-06-16 06:01 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2014-07-21 00:44 . 2014-06-16 06:01 206080 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2014-07-21 00:44 . 2014-06-16 06:01 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2014-07-21 00:44 . 2014-06-16 06:01 110336 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2014-07-21 00:37 . 2014-08-07 12:00 -------- d-----w- c:\users\Hampus\AppData\Local\Samsung
2014-07-21 00:37 . 2014-08-07 12:00 -------- d-----w- c:\users\Hampus\AppData\Roaming\Samsung
2014-07-21 00:31 . 2014-04-30 17:43 144664 ----a-w- c:\windows\SysWow64\secman.dll
2014-07-21 00:31 . 2014-04-30 17:43 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2014-07-21 00:31 . 2014-08-14 13:58 -------- d-----w- c:\programdata\Samsung
2014-07-21 00:30 . 2014-07-21 00:30 -------- d-----w- c:\users\Hampus\AppData\Local\Downloaded Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-15 22:06 . 2014-07-15 22:06 35352 ----a-w- c:\windows\system32\drivers\cnnctfy3.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2013-05-14 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2013-05-14 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Hampus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-08-10 1178168]
"Keyboard Inf."="c:\users\Hampus\AppData\Roaming\Skype\svchost.exe" [2013-12-26 2922464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Live! Central 3"="c:\program files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe" [2011-04-08 503955]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-03 43816]
"VirtualCloneDrive"="e:\hampleprograms\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
"iTunesHelper"="e:\hampleprograms\iTunes\iTunesHelper.exe" [2014-07-08 152392]
"QuickTime Task"="e:\hampleprograms\QuickTime\QTTask.exe" [2012-04-18 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 AMD FUEL Service;AMD FUEL Service;e:\ati technologies\ATI.ACE\Fuel\Fuel.Service.exe;e:\ati technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 AODDriver4.2;AODDriver4.2;e:\ati technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;e:\ati technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\DRIVERS\shbecr.sys;c:\windows\SYSNATIVE\DRIVERS\shbecr.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial;c:\windows\system32\DRIVERS\ewusbmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbmdm.sys [x]
S3 ZOOM_R16MTR;ZOOM R16_R24 Audio Interface;c:\windows\system32\Drivers\zmr16usbaudio.sys;c:\windows\SYSNATIVE\Drivers\zmr16usbaudio.sys [x]
.
.
--- Övriga tjänster/drivrutiner i minnet ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-14 14:35 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2014-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-13 16:46]
.
2014-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-13 16:46]
.
.
--------- X64 Entries -----------
.
.
------- Extra genomsökning -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Hampus\AppData\Local\Akamai\netsession_win.exe
Wow6432Node-HKLM-Run-iSkysoft Helper Compact.exe - c:\program files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
Wow6432Node-HKLM-Run-BrowserPlugInHelper - e:\hampleprograms\iSkysoft\Video Converter Ultimate\BrowserPlugInHelper.exe
Wow6432Node-HKLM-Run-Wondershare Helper Compact.exe - c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
AddRemove-IL Download Manager - e:\image-line\Downloader\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andra processer som körs ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Sluttid: 2014-08-17  01:56:19 - datorn startades om.
ComboFix-quarantined-files.txt  2014-08-16 23:56
.
Före genomsökningen: 12 831 244 288 bytes free
Efter genomsökningen: 12 982 161 408 bytes free
.
- - End Of File - - 9F412B592046429404F0E7BBA825DFE4
A36C5E4F47E84449FF07ED3517B43A31
 

 

(It turned out in swedish, just a hdeads up)

 

I don't have any antivirus or antispyware.



#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:03 AM

Posted 17 August 2014 - 10:38 AM

Please do the following:


Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/t/544331/i-need-help-with-something-strange/#entry3450254

collect::
c:\users\Hampus\AppData\Roaming\Skype\svchost.exe

FCopy::
c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll | c:\windows\system32\user32.dll 
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll | c:\windows\SysWOW64\user32.dll

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Keyboard Inf."=-

ClearJavaCache::
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

CFScriptB-4.gif
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

Please download Malwarebytes Anti-Malware from here:
https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ and save it to your desktop.
• Double-click mbam-setup .exe file and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to the following:
○ Launch Malwarebytes Anti-Malware
○ A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
• Click Finish.
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

• When completed click the down arrow on Export Log and select Text file (*.txt)
• Save the file to your desktop as MBAM
• Click Apply Actions then restart your computer if requested
• Attach the MBAM.txt to your next reply

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 hample

hample
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 17 August 2014 - 10:59 AM

ComboFix log:

 

ComboFix 14-08-15.01 - Hampus 2014-08-17  17:48:59.2.4 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.46.1033.18.8191.6319 [GMT 2:00]
Körs från: c:\users\Hampus\Desktop\ComboFix.exe
Kommandoväxlar som använts :: c:\users\Hampus\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Hampus\AppData\Roaming\Skype\svchost.exe
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll --> c:\windows\system32\user32.dll
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll --> c:\windows\SysWOW64\user32.dll
.
((((((((((((((((((((((((   Filer skapade från 2014-07-17 till 2014-08-17  ))))))))))))))))))))))))))))))
.
.
2014-08-17 15:52 . 2014-08-17 15:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-16 19:14 . 2014-08-16 19:15 -------- d-----w- C:\FRST
2014-08-14 13:37 . 2014-08-14 13:37 -------- d-----w- C:\91Mobile
2014-08-13 13:23 . 2014-08-13 13:23 -------- d-----w- c:\programdata\91 Harbor
2014-08-13 11:44 . 2014-01-17 11:03 12072 ----a-w- c:\windows\SysWow64\drivers\MoborobAssDriver64.sys
2014-08-07 22:03 . 2014-08-07 22:03 -------- d-----w- c:\programdata\REVOLT
2014-07-21 00:44 . 2014-06-16 06:01 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2014-07-21 00:44 . 2014-06-16 06:01 206080 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2014-07-21 00:44 . 2014-06-16 06:01 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2014-07-21 00:44 . 2014-06-16 06:01 110336 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2014-07-21 00:37 . 2014-08-07 12:00 -------- d-----w- c:\users\Hampus\AppData\Local\Samsung
2014-07-21 00:37 . 2014-08-07 12:00 -------- d-----w- c:\users\Hampus\AppData\Roaming\Samsung
2014-07-21 00:31 . 2014-04-30 17:43 144664 ----a-w- c:\windows\SysWow64\secman.dll
2014-07-21 00:31 . 2014-04-30 17:43 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2014-07-21 00:31 . 2014-08-14 13:58 -------- d-----w- c:\programdata\Samsung
2014-07-21 00:30 . 2014-07-21 00:30 -------- d-----w- c:\users\Hampus\AppData\Local\Downloaded Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-15 22:06 . 2014-07-15 22:06 35352 ----a-w- c:\windows\system32\drivers\cnnctfy3.sys
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Hampus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-08-10 1178168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Live! Central 3"="c:\program files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe" [2011-04-08 503955]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-03 43816]
"VirtualCloneDrive"="e:\hampleprograms\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
"iTunesHelper"="e:\hampleprograms\iTunes\iTunesHelper.exe" [2014-07-08 152392]
"QuickTime Task"="e:\hampleprograms\QuickTime\QTTask.exe" [2012-04-18 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 AMD FUEL Service;AMD FUEL Service;e:\ati technologies\ATI.ACE\Fuel\Fuel.Service.exe;e:\ati technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 AODDriver4.2;AODDriver4.2;e:\ati technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;e:\ati technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\DRIVERS\shbecr.sys;c:\windows\SYSNATIVE\DRIVERS\shbecr.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial;c:\windows\system32\DRIVERS\ewusbmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbmdm.sys [x]
S3 ZOOM_R16MTR;ZOOM R16_R24 Audio Interface;c:\windows\system32\Drivers\zmr16usbaudio.sys;c:\windows\SYSNATIVE\Drivers\zmr16usbaudio.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-14 14:35 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2014-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-13 16:46]
.
2014-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-13 16:46]
.
.
--------- X64 Entries -----------
.
.
------- Extra genomsökning -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
AddRemove-IL Download Manager - e:\image-line\Downloader\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andra processer som körs ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Sluttid: 2014-08-17  17:55:12 - datorn startades om.
ComboFix-quarantined-files.txt  2014-08-17 15:55
ComboFix2.txt  2014-08-16 23:56
.
Före genomsökningen: 13 003 235 328 bytes free
Efter genomsökningen: 12 943 007 744 bytes free
.
- - End Of File - - 68ED71D357E00E953E91F5B8B54C1931
A36C5E4F47E84449FF07ED3517B43A31
 


#11 hample

hample
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 17 August 2014 - 11:02 AM

...the file is submitted.



#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:03 AM

Posted 17 August 2014 - 11:18 AM

very good thanks,

Please move on to the malwarebytes scan

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 hample

hample
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 17 August 2014 - 11:21 AM

MBAM log (no threats found on the scan):

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 2014-08-17
Scan Time: 18:08:41
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.17.04
Rootkit Database: v2014.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Hampus
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 303762
Time Elapsed: 5 min, 27 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:03 AM

Posted 17 August 2014 - 11:24 AM

please run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • If items are found, please select the Clean button
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
NEXT

Please advise how the computer is running now and if there are any outstanding issues.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 hample

hample
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 17 August 2014 - 11:32 AM

JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Hampus on 2014-08-17 at 18:27:27,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Myfree Codec
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Myfree Codec
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014-08-17 at 18:30:51,24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users