Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mutliple iexplore.exe infection


  • This topic is locked This topic is locked
23 replies to this topic

#1 Accelerando

Accelerando

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 25 August 2014 - 03:35 PM

I have a Windows 7 64-bit computer and this problem just started today. I noticed that when I shutdown my computer there were tons of IE windows that were being closed and it made me suspicious since I don't even use IE. When I rebooted my computer it was going real slow. I checked the task manager and noticed that there were a ton of iexplore.exe processes, well over 20 of them. I downloaded avast and Malwarebytes and I'm currently running a scan. Although avast keeps on saying it blocked malware it still pops up more processes. The infection it shows is "JS:ScriptIP-inf [Trj]" which points to iexplore.exe along with "URL:Mal" which points to svchost.exe. Help me remove this asap please.


Edited by Accelerando, 25 August 2014 - 03:45 PM.


BC AdBot (Login to Remove)

 


m

#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 PM

Posted 25 August 2014 - 03:50 PM

Hi there,

please run the following scans:


Step 1

Please download TDSSKiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.


Step 2

Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 Accelerando

Accelerando
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 25 August 2014 - 04:06 PM

TDSKiller:

16:51:32.0376 0x0cb4  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
16:51:46.0963 0x0cb4  ============================================================
16:51:46.0963 0x0cb4  Current date / time: 2014/08/25 16:51:46.0963
16:51:46.0963 0x0cb4  SystemInfo:
16:51:46.0963 0x0cb4  
16:51:46.0963 0x0cb4  OS Version: 6.1.7601 ServicePack: 1.0
16:51:46.0963 0x0cb4  Product type: Workstation
16:51:46.0963 0x0cb4  ComputerName: GEORGIE-PC
16:51:46.0963 0x0cb4  UserName: Georgie
16:51:46.0963 0x0cb4  Windows directory: C:\Windows
16:51:46.0964 0x0cb4  System windows directory: C:\Windows
16:51:46.0964 0x0cb4  Running under WOW64
16:51:46.0964 0x0cb4  Processor architecture: Intel x64
16:51:46.0964 0x0cb4  Number of processors: 4
16:51:46.0964 0x0cb4  Page size: 0x1000
16:51:46.0964 0x0cb4  Boot type: Normal boot
16:51:46.0964 0x0cb4  ============================================================
16:51:58.0273 0x0cb4  KLMD registered as C:\Windows\system32\drivers\60416341.sys
16:52:00.0118 0x0cb4  System UUID: {81B609AD-99A2-FE96-549F-A77D3D26A8E3}
16:52:02.0262 0x0cb4  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:52:02.0362 0x0cb4  ============================================================
16:52:02.0362 0x0cb4  \Device\Harddisk0\DR0:
16:52:02.0397 0x0cb4  MBR partitions:
16:52:02.0397 0x0cb4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:52:02.0397 0x0cb4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
16:52:02.0397 0x0cb4  ============================================================
16:52:02.0767 0x0cb4  C: <-> \Device\Harddisk0\DR0\Partition2
16:52:02.0767 0x0cb4  ============================================================
16:52:02.0767 0x0cb4  Initialize success
16:52:02.0767 0x0cb4  ============================================================
16:52:30.0443 0x20c4  ============================================================
16:52:30.0443 0x20c4  Scan started
16:52:30.0443 0x20c4  Mode: Manual; SigCheck; TDLFS;
16:52:30.0443 0x20c4  ============================================================
16:52:30.0443 0x20c4  KSN ping started
16:52:33.0142 0x20c4  KSN ping finished: true
16:52:39.0561 0x20c4  ================ Scan system memory ========================
16:52:39.0561 0x20c4  System memory - ok
16:52:39.0561 0x20c4  ================ Scan services =============================
16:52:41.0539 0x20c4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:52:41.0739 0x20c4  1394ohci - ok
16:52:42.0068 0x20c4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:52:42.0096 0x20c4  ACPI - ok
16:52:42.0259 0x20c4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:52:42.0297 0x20c4  AcpiPmi - ok
16:52:42.0420 0x20c4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:52:42.0429 0x20c4  adp94xx - ok
16:52:42.0513 0x20c4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:52:42.0538 0x20c4  adpahci - ok
16:52:42.0756 0x20c4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:52:42.0782 0x20c4  adpu320 - ok
16:52:42.0950 0x20c4  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:52:43.0017 0x20c4  AeLookupSvc - ok
16:52:43.0383 0x20c4  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
16:52:43.0422 0x20c4  AFD - ok
16:52:43.0612 0x20c4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
16:52:43.0626 0x20c4  agp440 - ok
16:52:43.0676 0x20c4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
16:52:43.0880 0x20c4  ALG - ok
16:52:43.0952 0x20c4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:52:43.0973 0x20c4  aliide - ok
16:52:44.0076 0x20c4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:52:44.0097 0x20c4  amdide - ok
16:52:44.0366 0x20c4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
16:52:44.0402 0x20c4  AmdK8 - ok
16:52:44.0802 0x20c4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
16:52:44.0948 0x20c4  AmdPPM - ok
16:52:45.0186 0x20c4  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:52:45.0210 0x20c4  amdsata - ok
16:52:45.0533 0x20c4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:52:45.0554 0x20c4  amdsbs - ok
16:52:45.0791 0x20c4  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:52:45.0813 0x20c4  amdxata - ok
16:52:45.0840 0x20c4  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
16:52:45.0952 0x20c4  AppID - ok
16:52:46.0000 0x20c4  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:52:46.0146 0x20c4  AppIDSvc - ok
16:52:46.0409 0x20c4  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
16:52:46.0446 0x20c4  Appinfo - ok
16:52:46.0947 0x20c4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
16:52:46.0952 0x20c4  arc - ok
16:52:47.0138 0x20c4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:52:47.0143 0x20c4  arcsas - ok
16:52:48.0188 0x20c4  [ BBF8F831C7720DD5135D8C4C8325187A, 2630C68200D7BD49A5772830D6B369C0EC337C2558A9562DD564DF042249ECC0 ] asComSvc        C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
16:52:48.0218 0x20c4  asComSvc - ok
16:52:50.0306 0x20c4  [ 798DE15F187C1F013095BBBEB6FB6197, 436CCAB6F62FA2D29827916E054ADE7ACAE485B3DE1D3E5C6C62D3DEBF1480E7 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
16:52:50.0326 0x20c4  AsIO - ok
16:52:50.0657 0x20c4  [ 30284361A316A61306D3494953B72BF8, 169B7E1439A506C8E827988DAD796B37CE81A32B5EB2DEBDD5032AC6C9845380 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
16:52:50.0680 0x20c4  asmthub3 - ok
16:52:51.0144 0x20c4  [ 7E75F23151F893E9B6620784994BFCE1, 53D4F655FC29B182A58A482E3199C322D1466D12841E5087159C937AEE14C6E4 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
16:52:51.0167 0x20c4  asmtxhci - ok
16:52:52.0094 0x20c4  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:52:52.0119 0x20c4  aspnet_state - ok
16:52:52.0367 0x20c4  [ D95E64416A4A3ED6986E0F474DA934BD, DBB4A0DED0DABE1F8FF0DB8C0E9EC4EC906A85A45DC0AEC013A8744F9BF5D40E ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
16:52:52.0382 0x20c4  aswHwid - ok
16:52:52.0604 0x20c4  [ FF1E537A3632CBB9A0BF72B9FD0878D5, B26E6A1F6E6FA5280A12861EFAD44D8F49353F47B21843EBA73E149CF613DCBC ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
16:52:52.0614 0x20c4  aswMonFlt - ok
16:52:52.0690 0x20c4  [ A5757DE5F9C83AB40667A53D5126EA40, 58B72B1B126CF641188703CE82E26BEB0C41AD7587CFFCCCE9E3C64CC7AACC90 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
16:52:52.0711 0x20c4  aswRdr - ok
16:52:52.0981 0x20c4  [ 645D97385F3F284FB5604F9B970F4D24, 15A9D7F0F4C1062210E4E744A9069B8645177D19F35B8740D74022639DC05F2E ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
16:52:53.0004 0x20c4  aswRvrt - ok
16:52:53.0438 0x20c4  [ B8FDEDE963B82CFD23B3A53A3084666D, 3537E5B684FB6F0AA589A5FA7CD111E1744DF384AB1A266D4114100F104ED11B ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
16:52:53.0454 0x20c4  aswSnx - ok
16:52:53.0780 0x20c4  [ 0DEDC041DF594AEC2C3BD00417CFAF60, 0D3A8924503986546EE256D185225C0B080FDB6B0C8B0BED7516B07A7334371B ] aswSP           C:\Windows\system32\drivers\aswSP.sys
16:52:53.0804 0x20c4  aswSP - ok
16:52:53.0882 0x20c4  [ 48DED912CDE54FC0923B9858512366E1, 9B216B934408A7CB3CE2B41240B7EF01EAA3BC066211B784064FF8AC97A29B4E ] aswStm          C:\Windows\system32\drivers\aswStm.sys
16:52:53.0906 0x20c4  aswStm - ok
16:52:54.0088 0x20c4  [ 471A311745848B80339436688A8286E6, E51C57236CEC19AC38E85D115DB97875517D837811188AD2E53FA49055B53890 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
16:52:54.0119 0x20c4  aswVmm - ok
16:52:54.0441 0x20c4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:52:54.0559 0x20c4  AsyncMac - ok
16:52:54.0787 0x20c4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:52:54.0808 0x20c4  atapi - ok
16:52:55.0323 0x20c4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:52:55.0362 0x20c4  AudioEndpointBuilder - ok
16:52:55.0416 0x20c4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:52:55.0439 0x20c4  AudioSrv - ok
16:52:56.0150 0x20c4  [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] avast! Antivirus C:\Program Files (x86)\AVAST\AvastSvc.exe
16:52:56.0163 0x20c4  avast! Antivirus - ok
16:52:56.0406 0x20c4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:52:56.0467 0x20c4  AxInstSV - ok
16:52:56.0812 0x20c4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
16:52:56.0912 0x20c4  b06bdrv - ok
16:52:57.0381 0x20c4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:52:57.0572 0x20c4  b57nd60a - ok
16:52:58.0047 0x20c4  [ 44E6E51AEDBF3E0B38A6CD5432649E57, AB7F3EF0F5859B6C759BF1B9704C2F839166905C02300057997836C4B07A2221 ] BCMH43XX        C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
16:52:58.0066 0x20c4  BCMH43XX - ok
16:52:58.0410 0x20c4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:52:58.0477 0x20c4  BDESVC - ok
16:52:58.0529 0x20c4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:52:58.0623 0x20c4  Beep - ok
16:52:58.0906 0x20c4  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
16:52:59.0014 0x20c4  BFE - ok
16:52:59.0324 0x20c4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
16:52:59.0381 0x20c4  BITS - ok
16:52:59.0591 0x20c4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:52:59.0619 0x20c4  blbdrive - ok
16:52:59.0675 0x20c4  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:52:59.0818 0x20c4  bowser - ok
16:52:59.0886 0x20c4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
16:52:59.0994 0x20c4  BrFiltLo - ok
16:52:59.0999 0x20c4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
16:53:00.0008 0x20c4  BrFiltUp - ok
16:53:00.0123 0x20c4  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
16:53:00.0216 0x20c4  Browser - ok
16:53:00.0362 0x20c4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:53:00.0601 0x20c4  Brserid - ok
16:53:00.0627 0x20c4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:53:00.0650 0x20c4  BrSerWdm - ok
16:53:00.0689 0x20c4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:53:00.0695 0x20c4  BrUsbMdm - ok
16:53:00.0807 0x20c4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:53:00.0843 0x20c4  BrUsbSer - ok
16:53:00.0878 0x20c4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:53:00.0956 0x20c4  BTHMODEM - ok
16:53:01.0026 0x20c4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
16:53:01.0118 0x20c4  bthserv - ok
16:53:01.0682 0x20c4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:53:01.0837 0x20c4  cdfs - ok
16:53:02.0374 0x20c4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:53:02.0452 0x20c4  cdrom - ok
16:53:02.0519 0x20c4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:53:02.0634 0x20c4  CertPropSvc - ok
16:53:02.0890 0x20c4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
16:53:02.0918 0x20c4  circlass - ok
16:53:02.0945 0x20c4  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
16:53:02.0959 0x20c4  CLFS - ok
16:53:03.0220 0x20c4  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:53:03.0242 0x20c4  clr_optimization_v2.0.50727_32 - ok
16:53:03.0483 0x20c4  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:53:03.0493 0x20c4  clr_optimization_v2.0.50727_64 - ok
16:53:04.0049 0x20c4  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:53:04.0074 0x20c4  clr_optimization_v4.0.30319_32 - ok
16:53:04.0199 0x20c4  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:53:04.0228 0x20c4  clr_optimization_v4.0.30319_64 - ok
16:53:04.0258 0x20c4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
16:53:04.0303 0x20c4  CmBatt - ok
16:53:04.0421 0x20c4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:53:04.0441 0x20c4  cmdide - ok
16:53:04.0647 0x20c4  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
16:53:04.0667 0x20c4  CNG - ok
16:53:04.0798 0x20c4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
16:53:04.0812 0x20c4  Compbatt - ok
16:53:05.0083 0x20c4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
16:53:05.0132 0x20c4  CompositeBus - ok
16:53:05.0202 0x20c4  COMSysApp - ok
16:53:05.0422 0x20c4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
16:53:05.0426 0x20c4  crcdisk - ok
16:53:05.0739 0x20c4  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:53:05.0770 0x20c4  CryptSvc - ok
16:53:06.0116 0x20c4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:53:06.0216 0x20c4  DcomLaunch - ok
16:53:06.0582 0x20c4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
16:53:06.0642 0x20c4  defragsvc - ok
16:53:06.0912 0x20c4  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:53:06.0967 0x20c4  DfsC - ok
16:53:07.0244 0x20c4  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:53:07.0376 0x20c4  Dhcp - ok
16:53:07.0538 0x20c4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
16:53:07.0717 0x20c4  discache - ok
16:53:07.0963 0x20c4  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
16:53:07.0967 0x20c4  Disk - ok
16:53:08.0212 0x20c4  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:53:08.0264 0x20c4  Dnscache - ok
16:53:08.0458 0x20c4  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:53:08.0611 0x20c4  dot3svc - ok
16:53:08.0782 0x20c4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
16:53:08.0918 0x20c4  DPS - ok
16:53:09.0373 0x20c4  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:53:09.0427 0x20c4  drmkaud - ok
16:53:09.0795 0x20c4  [ 33F90B202E9DD9B7D489EB59310FDC34, 6ECF6669433E090E9CF6B1875AF18D2C06F8CDB3901D58BF89C3E2202574ABBD ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:53:09.0818 0x20c4  dtsoftbus01 - ok
16:53:10.0002 0x20c4  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:53:10.0026 0x20c4  DXGKrnl - ok
16:53:10.0389 0x20c4  [ A16FD7174C8D5A4021F8C5ED45C4EC82, 57080E6926C8E2E2589FD29B823F62A9ED38FD97284E3ACAA55B183BAA7621C4 ] e1dexpress      C:\Windows\system32\DRIVERS\e1d62x64.sys
16:53:10.0413 0x20c4  e1dexpress - ok
16:53:10.0934 0x20c4  EagleX64 - ok
16:53:11.0004 0x20c4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
16:53:11.0066 0x20c4  EapHost - ok
16:53:11.0884 0x20c4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
16:53:11.0931 0x20c4  ebdrv - ok
16:53:12.0134 0x20c4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
16:53:12.0168 0x20c4  EFS - ok
16:53:12.0450 0x20c4  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:53:12.0545 0x20c4  ehRecvr - ok
16:53:12.0800 0x20c4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
16:53:12.0833 0x20c4  ehSched - ok
16:53:13.0212 0x20c4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
16:53:13.0242 0x20c4  elxstor - ok
16:53:13.0386 0x20c4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:53:13.0509 0x20c4  ErrDev - ok
16:53:13.0844 0x20c4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
16:53:13.0877 0x20c4  EventSystem - ok
16:53:14.0027 0x20c4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
16:53:14.0071 0x20c4  exfat - ok
16:53:14.0268 0x20c4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:53:14.0445 0x20c4  fastfat - ok
16:53:14.0980 0x20c4  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
16:53:15.0101 0x20c4  Fax - ok
16:53:15.0368 0x20c4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
16:53:15.0498 0x20c4  fdc - ok
16:53:15.0650 0x20c4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
16:53:15.0769 0x20c4  fdPHost - ok
16:53:15.0853 0x20c4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:53:15.0903 0x20c4  FDResPub - ok
16:53:15.0915 0x20c4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:53:15.0921 0x20c4  FileInfo - ok
16:53:16.0042 0x20c4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:53:16.0241 0x20c4  Filetrace - ok
16:53:16.0284 0x20c4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
16:53:16.0305 0x20c4  flpydisk - ok
16:53:16.0543 0x20c4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:53:16.0568 0x20c4  FltMgr - ok
16:53:17.0170 0x20c4  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
16:53:17.0215 0x20c4  FontCache - ok
16:53:17.0360 0x20c4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:53:17.0525 0x20c4  FontCache3.0.0.0 - ok
16:53:17.0559 0x20c4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:53:17.0580 0x20c4  FsDepends - ok
16:53:17.0778 0x20c4  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:53:17.0790 0x20c4  Fs_Rec - ok
16:53:18.0145 0x20c4  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:53:18.0181 0x20c4  fvevol - ok
16:53:18.0454 0x20c4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:53:18.0478 0x20c4  gagp30kx - ok
16:53:18.0682 0x20c4  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:53:18.0706 0x20c4  gpsvc - ok
16:53:18.0729 0x20c4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:53:18.0843 0x20c4  hcw85cir - ok
16:53:19.0311 0x20c4  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:53:19.0377 0x20c4  HdAudAddService - ok
16:53:19.0651 0x20c4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:53:19.0712 0x20c4  HDAudBus - ok
16:53:19.0849 0x20c4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
16:53:20.0297 0x20c4  HidBatt - ok
16:53:20.0442 0x20c4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:53:20.0485 0x20c4  HidBth - ok
16:53:20.0594 0x20c4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
16:53:20.0623 0x20c4  HidIr - ok
16:53:21.0435 0x20c4  [ BB1F112964789EED537584C75CE8D355, 7668398A44662C368ADF9B6982C4B87BBD8D64071049FFCF87AB55BC834E97E8 ] hidkmdf         C:\Windows\system32\DRIVERS\hidkmdf.sys
16:53:21.0442 0x20c4  hidkmdf - ok
16:53:21.0570 0x20c4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
16:53:21.0613 0x20c4  hidserv - ok
16:53:21.0774 0x20c4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:53:21.0779 0x20c4  HidUsb - ok
16:53:21.0804 0x20c4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:53:21.0997 0x20c4  hkmsvc - ok
16:53:22.0097 0x20c4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:53:22.0135 0x20c4  HomeGroupListener - ok
16:53:22.0271 0x20c4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:53:22.0414 0x20c4  HomeGroupProvider - ok
16:53:22.0480 0x20c4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:53:22.0501 0x20c4  HpSAMD - ok
16:53:22.0820 0x20c4  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:53:23.0074 0x20c4  HTTP - ok
16:53:23.0187 0x20c4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:53:23.0209 0x20c4  hwpolicy - ok
16:53:23.0494 0x20c4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:53:23.0513 0x20c4  i8042prt - ok
16:53:23.0695 0x20c4  [ 6655615C7E4E29E6481F75A93ED99954, C7387D85DEC6BEF74DAD3B36398D1DA8914E9CF6F460D36E30088E3F6754E972 ] iaStorA         C:\Windows\system32\DRIVERS\iaStorA.sys
16:53:23.0720 0x20c4  iaStorA - ok
16:53:24.0276 0x20c4  [ F35FBCEB1B71BC20BBAFA526E203D6A1, F389B689B5DF0D204E3EA21B7201A89D29DE518716781BB390AC6E5CED64C790 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
16:53:24.0284 0x20c4  IAStorDataMgrSvc - ok
16:53:24.0336 0x20c4  [ ABE52EF9AF37C8D4FC67FDB9BE368142, 75B2787A0E45ED4801530D13381E596D1DB635D0A9C3FDFAB3951063048A5ECF ] iaStorF         C:\Windows\system32\DRIVERS\iaStorF.sys
16:53:24.0345 0x20c4  iaStorF - ok
16:53:24.0629 0x20c4  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:53:24.0638 0x20c4  iaStorV - ok
16:53:25.0075 0x20c4  [ 8F5031663CBB1A9922074E8E23151FFA, EF69CD92096291F5FC18550B2B6DBD4F61058603691F4BD3E61DEC97FD15E5FE ] ICCS            C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
16:53:25.0104 0x20c4  ICCS - ok
16:53:25.0425 0x20c4  [ B9187F0E4F990357B9A5372066A40B57, BF9535335DAD8E26A3841FA07CFA937F9645AE4B1914C08C8029EDB020E8C694 ] ICCWDT          C:\Windows\system32\DRIVERS\ICCWDT.sys
16:53:25.0443 0x20c4  ICCWDT - ok
16:53:25.0999 0x20c4  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:53:26.0012 0x20c4  idsvc - ok
16:53:26.0024 0x20c4  IEEtwCollectorService - ok
16:53:26.0315 0x20c4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:53:26.0338 0x20c4  iirsp - ok
16:53:26.0492 0x20c4  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
16:53:26.0626 0x20c4  IKEEXT - ok
16:53:27.0346 0x20c4  [ 5B301323F69E653CEFE6C14C86627FCA, 2B462CA6C3E1AFB21C41A4C46E4853B0C1DBBF481654C08C1E540001FC0839CC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:53:27.0393 0x20c4  IntcAzAudAddService - ok
16:53:27.0817 0x20c4  [ 4C17F57E43645E75800E9E84787E34E5, 6A1531D97462BA3B3DBDAD472AF15B717C958AA8C5CE2373DE0B2A41C35BE33E ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
16:53:27.0850 0x20c4  Intel® Capability Licensing Service TCP IP Interface - ok
16:53:28.0066 0x20c4  [ E42505363945956ECB5D38A4EB21CB39, C6A46A7621721EB1EA46E5F7D2E560D8022A97241F0792814015F803D96A2C92 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
16:53:28.0094 0x20c4  Intel® PROSet Monitoring Service - ok
16:53:28.0204 0x20c4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:53:28.0208 0x20c4  intelide - ok
16:53:28.0516 0x20c4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:53:28.0659 0x20c4  intelppm - ok
16:53:28.0823 0x20c4  [ 6D71CC813AC0963C5C78C19EC656048A, E6D7AA29A5860C7FB8AA76A47BF64C12D7E68CF98EABB7A3F9D9F3A918155FA7 ] iocbios2        C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys
16:53:28.0828 0x20c4  iocbios2 - ok
16:53:28.0920 0x20c4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:53:29.0029 0x20c4  IPBusEnum - ok
16:53:29.0176 0x20c4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:53:29.0233 0x20c4  IpFilterDriver - ok
16:53:29.0487 0x20c4  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:53:29.0500 0x20c4  iphlpsvc - ok
16:53:29.0510 0x20c4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:53:29.0710 0x20c4  IPMIDRV - ok
16:53:29.0886 0x20c4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:53:30.0089 0x20c4  IPNAT - ok
16:53:30.0225 0x20c4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:53:30.0232 0x20c4  IRENUM - ok
16:53:30.0332 0x20c4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:53:30.0469 0x20c4  isapnp - ok
16:53:30.0620 0x20c4  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:53:30.0642 0x20c4  iScsiPrt - ok
16:53:30.0929 0x20c4  [ 45392E76EE30DC9C8F0181C785F0BA48, 7FB522E1AA9B877B9FB1A29C2ADC42EA794E8864AD2411AD275F00F00547F8F3 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
16:53:30.0935 0x20c4  iusb3hcs - ok
16:53:31.0095 0x20c4  [ C6E8FB7FF41877378CCB30DE6E9941DF, CA808A00C0CC21C1C7BE54F0D1E5D3F24C0032BE821C064E0A63901F20F3C6BC ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
16:53:31.0102 0x20c4  iusb3hub - ok
16:53:31.0579 0x20c4  [ 6FBA980433B2B21604CE990FBF542D3F, ACB35A5558DD9EF9A339C9D061207AF5527D3AEFC9AC99AB6CFBA1CE92F8B62D ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
16:53:31.0592 0x20c4  iusb3xhc - ok
16:53:31.0816 0x20c4  [ 0B93A01F786F37A4B1EDE84E639FFF10, 8747109A2FA2B80C8C5F5B6D2372C1B0DA4F4BF9DC1D551195ADF0715C260223 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
16:53:31.0836 0x20c4  jhi_service - ok
16:53:32.0002 0x20c4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:53:32.0020 0x20c4  kbdclass - ok
16:53:32.0153 0x20c4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:53:32.0326 0x20c4  kbdhid - ok
16:53:32.0352 0x20c4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
16:53:32.0380 0x20c4  KeyIso - ok
16:53:32.0461 0x20c4  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:53:32.0466 0x20c4  KSecDD - ok
16:53:32.0501 0x20c4  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:53:32.0507 0x20c4  KSecPkg - ok
16:53:32.0715 0x20c4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:53:32.0866 0x20c4  ksthunk - ok
16:53:33.0030 0x20c4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:53:33.0212 0x20c4  KtmRm - ok
16:53:33.0688 0x20c4  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:53:33.0915 0x20c4  LanmanServer - ok
16:53:34.0054 0x20c4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:53:34.0103 0x20c4  LanmanWorkstation - ok
16:53:34.0598 0x20c4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:53:34.0697 0x20c4  lltdio - ok
16:53:34.0871 0x20c4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:53:34.0915 0x20c4  lltdsvc - ok
16:53:35.0032 0x20c4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:53:35.0077 0x20c4  lmhosts - ok
16:53:35.0469 0x20c4  [ C31139E0907170E2A3FA8D19DCC23D35, C504E93D2018E9E487A428483C646C67B4ECE122560CF0FA49A1626E1509EEAE ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:53:35.0497 0x20c4  LMS - ok
16:53:35.0637 0x20c4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:53:35.0653 0x20c4  LSI_FC - ok
16:53:35.0855 0x20c4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:53:36.0028 0x20c4  LSI_SAS - ok
16:53:36.0194 0x20c4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
16:53:36.0297 0x20c4  LSI_SAS2 - ok
16:53:36.0718 0x20c4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:53:36.0745 0x20c4  LSI_SCSI - ok
16:53:37.0552 0x20c4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
16:53:38.0055 0x20c4  luafv - ok
16:53:38.0222 0x20c4  [ 0C85B2B6FB74B36A251792D45E0EF860, 2E04204560C1159ABC25F273B0B7F81FDF9BA5E88C17929FD924C4E945DE5020 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
16:53:38.0229 0x20c4  LVRS64 - ok
16:53:38.0411 0x20c4  [ 8A50D5304E6AE48664CF5838EC32F647, C76943FABEE1B5E1B641AA610668CCD4227E2C4B191DD30B79D3AB31A9E8B5BE ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
16:53:38.0432 0x20c4  MBAMSwissArmy - ok
16:53:38.0495 0x20c4  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:53:38.0512 0x20c4  Mcx2Svc - ok
16:53:38.0585 0x20c4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
16:53:38.0598 0x20c4  megasas - ok
16:53:38.0687 0x20c4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
16:53:38.0709 0x20c4  MegaSR - ok
16:53:38.0922 0x20c4  [ 9042E630FE102F1A2436EE05857CD139, 96C855824E46E2863EBC4A70FC195A14BD9FDD35107358B83D6C3CD01C522F3C ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
16:53:38.0944 0x20c4  MEIx64 - ok
16:53:39.0217 0x20c4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
16:53:39.0369 0x20c4  MMCSS - ok
16:53:39.0443 0x20c4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
16:53:39.0582 0x20c4  Modem - ok
16:53:39.0839 0x20c4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:53:39.0946 0x20c4  monitor - ok
16:53:40.0139 0x20c4  [ C030F9E822A057C1A7A9BB4EA3E8877E, 2CCEC87DEB972B6B0196A08D3781002929E9107137FE3A61F1626D3BEE26630A ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
16:53:40.0163 0x20c4  MotioninJoyXFilter - ok
16:53:40.0234 0x20c4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:53:40.0254 0x20c4  mouclass - ok
16:53:40.0407 0x20c4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:53:40.0468 0x20c4  mouhid - ok
16:53:40.0496 0x20c4  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:53:40.0501 0x20c4  mountmgr - ok
16:53:40.0752 0x20c4  [ 4E9D8041D352A33332FD6F59A3A78B03, D4E6229B07EF9866993EEE4F6223DC7F1FF1108273FE14A3DC74E65C181DE56A ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:53:40.0773 0x20c4  MozillaMaintenance - ok
16:53:40.0852 0x20c4  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:53:40.0881 0x20c4  mpio - ok
16:53:41.0109 0x20c4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:53:41.0158 0x20c4  mpsdrv - ok
16:53:41.0491 0x20c4  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:53:41.0524 0x20c4  MpsSvc - ok
16:53:41.0679 0x20c4  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:53:41.0706 0x20c4  MRxDAV - ok
16:53:41.0868 0x20c4  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:53:41.0948 0x20c4  mrxsmb - ok
16:53:42.0106 0x20c4  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:53:42.0118 0x20c4  mrxsmb10 - ok
16:53:42.0136 0x20c4  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:53:42.0142 0x20c4  mrxsmb20 - ok
16:53:42.0202 0x20c4  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:53:42.0213 0x20c4  msahci - ok
16:53:42.0260 0x20c4  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:53:42.0270 0x20c4  msdsm - ok
16:53:42.0395 0x20c4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
16:53:42.0518 0x20c4  MSDTC - ok
16:53:42.0685 0x20c4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:53:42.0701 0x20c4  Msfs - ok
16:53:42.0718 0x20c4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:53:42.0734 0x20c4  mshidkmdf - ok
16:53:42.0780 0x20c4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:53:42.0785 0x20c4  msisadrv - ok
16:53:42.0861 0x20c4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:53:42.0879 0x20c4  MSiSCSI - ok
16:53:42.0880 0x20c4  msiserver - ok
16:53:42.0941 0x20c4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:53:42.0985 0x20c4  MSKSSRV - ok
16:53:43.0043 0x20c4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:53:43.0058 0x20c4  MSPCLOCK - ok
16:53:43.0103 0x20c4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:53:43.0161 0x20c4  MSPQM - ok
16:53:43.0308 0x20c4  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:53:43.0353 0x20c4  MsRPC - ok
16:53:43.0499 0x20c4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:53:43.0510 0x20c4  mssmbios - ok
16:53:43.0611 0x20c4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:53:43.0658 0x20c4  MSTEE - ok
16:53:43.0721 0x20c4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
16:53:43.0726 0x20c4  MTConfig - ok
16:53:43.0763 0x20c4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
16:53:43.0768 0x20c4  Mup - ok
16:53:43.0978 0x20c4  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
16:53:44.0036 0x20c4  napagent - ok
16:53:44.0279 0x20c4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:53:44.0354 0x20c4  NativeWifiP - ok
16:53:44.0474 0x20c4  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:53:44.0489 0x20c4  NDIS - ok
16:53:44.0590 0x20c4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:53:44.0606 0x20c4  NdisCap - ok
16:53:44.0885 0x20c4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:53:44.0923 0x20c4  NdisTapi - ok
16:53:45.0155 0x20c4  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:53:45.0425 0x20c4  Ndisuio - ok
16:53:45.0472 0x20c4  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:53:45.0517 0x20c4  NdisWan - ok
16:53:45.0541 0x20c4  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:53:45.0557 0x20c4  NDProxy - ok
16:53:45.0872 0x20c4  [ A95A292AE79C042E1217A5475D2772A9, 6E63B68A114EE688A9909F197AC629CD454D1F961CD68C147E0CD9EB57D22F97 ] Neo_VPN         C:\Windows\system32\DRIVERS\Neo_0084.sys
16:53:45.0878 0x20c4  Neo_VPN - ok
16:53:46.0060 0x20c4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:53:46.0271 0x20c4  NetBIOS - ok
16:53:46.0468 0x20c4  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:53:46.0525 0x20c4  NetBT - ok
16:53:46.0538 0x20c4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
16:53:46.0543 0x20c4  Netlogon - ok
16:53:46.0939 0x20c4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
16:53:46.0983 0x20c4  Netman - ok
16:53:47.0496 0x20c4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:53:47.0666 0x20c4  NetMsmqActivator - ok
16:53:48.0029 0x20c4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:53:48.0060 0x20c4  NetPipeActivator - ok
16:53:48.0269 0x20c4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
16:53:48.0318 0x20c4  netprofm - ok
16:53:48.0355 0x20c4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:53:48.0372 0x20c4  NetTcpActivator - ok
16:53:48.0432 0x20c4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:53:48.0455 0x20c4  NetTcpPortSharing - ok
16:53:48.0571 0x20c4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:53:48.0595 0x20c4  nfrd960 - ok
16:53:48.0827 0x20c4  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:53:48.0912 0x20c4  NlaSvc - ok
16:53:49.0164 0x20c4  [ C31FA031335EFF434B2D94278E74BCCE, F5DFD40C16E4013CBAD0E4FB8EF2B4419702B9C215218F69C4A2DD7C4C4C1E2B ] NPF             C:\Windows\system32\DRIVERS\npf.sys
16:53:49.0184 0x20c4  NPF - ok
16:53:49.0312 0x20c4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:53:49.0359 0x20c4  Npfs - ok
16:53:49.0721 0x20c4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
16:53:49.0773 0x20c4  nsi - ok
16:53:49.0869 0x20c4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:53:50.0008 0x20c4  nsiproxy - ok
16:53:50.0421 0x20c4  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:53:50.0443 0x20c4  Ntfs - ok
16:53:50.0588 0x20c4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
16:53:50.0644 0x20c4  Null - ok
16:53:50.0884 0x20c4  [ E366A5681C50785D4ED04FCFD65C3415, 7FF7B4B8F09E773401AE879897E60BF494B57B9ACEE990204A4C98A3FB183A33 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
16:53:50.0908 0x20c4  NVHDA - ok
16:53:54.0086 0x20c4  [ 2232AE1BB51A96A7381A2CA17DF12E24, 4813E27BC14EB3CBD55AF89B098EA5C8DA4C7FF0B6CCB7AACFC43BC0E578C988 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:53:54.0232 0x20c4  nvlddmkm - ok
16:53:55.0008 0x20c4  [ D6310F79E51D1F997E964E81DD368AEA, 27D0159F45C712C6165FDB9F40823438225555E71BB01E3B55F5B5D7BE15D389 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
16:53:55.0037 0x20c4  NvNetworkService - ok
16:53:55.0287 0x20c4  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:53:55.0316 0x20c4  nvraid - ok
16:53:55.0831 0x20c4  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:53:55.0859 0x20c4  nvstor - ok
16:53:56.0413 0x20c4  [ 0FB368E71D9F178BCFC7F0BBA317FECA, 97FA87219E95ED53B5E0B0D3305326DD950EE5CEECDC051E7DC7E9BA05CEB214 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
16:53:56.0433 0x20c4  NvStreamKms - ok
16:53:59.0041 0x20c4  [ AEC2796DF28AB7494A0C688E40D7B38C, B5B495259489B7A49EA4243EEF13BF598EC5791E0FD59FAB4227C906D635D09E ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
16:53:59.0836 0x20c4  NvStreamSvc - ok
16:54:00.0385 0x20c4  [ 2C8DD5A34A81715865D66D7AF39362A6, 62F9D873127921EE2EAA80B73E8994C4BF6DA7EEDACAEA030B8D58E086FD3850 ] nvsvc           C:\Windows\system32\nvvsvc.exe
16:54:00.0436 0x20c4  nvsvc - ok
16:54:00.0621 0x20c4  [ 75034A4D7C02327D150B617571D4196A, 8E7DAFEC4307E883D52BD0B5F0732E26E019C953770B52ACBBAD3074A66393CB ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
16:54:00.0639 0x20c4  nvvad_WaveExtensible - ok
16:54:00.0692 0x20c4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:54:00.0697 0x20c4  nv_agp - ok
16:54:00.0760 0x20c4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:54:00.0787 0x20c4  ohci1394 - ok
16:54:01.0043 0x20c4  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:54:01.0048 0x20c4  ose - ok
16:54:01.0169 0x20c4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:54:01.0271 0x20c4  p2pimsvc - ok
16:54:01.0667 0x20c4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
16:54:01.0697 0x20c4  p2psvc - ok
16:54:01.0759 0x20c4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
16:54:01.0790 0x20c4  Parport - ok
16:54:01.0877 0x20c4  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:54:01.0902 0x20c4  partmgr - ok
16:54:01.0937 0x20c4  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:54:02.0128 0x20c4  PcaSvc - ok
16:54:02.0362 0x20c4  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
16:54:02.0368 0x20c4  pci - ok
16:54:02.0420 0x20c4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
16:54:02.0441 0x20c4  pciide - ok
16:54:02.0512 0x20c4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:54:02.0545 0x20c4  pcmcia - ok
16:54:02.0581 0x20c4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:54:02.0604 0x20c4  pcw - ok
16:54:02.0831 0x20c4  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:54:03.0011 0x20c4  PEAUTH - ok
16:54:04.0834 0x20c4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:54:04.0895 0x20c4  PerfHost - ok
16:54:05.0136 0x20c4  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
16:54:05.0251 0x20c4  pla - ok
16:54:05.0633 0x20c4  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:54:05.0749 0x20c4  PlugPlay - ok
16:54:05.0805 0x20c4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:54:06.0001 0x20c4  PNRPAutoReg - ok
16:54:06.0388 0x20c4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:54:06.0413 0x20c4  PNRPsvc - ok
16:54:06.0599 0x20c4  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:54:06.0655 0x20c4  PolicyAgent - ok
16:54:06.0739 0x20c4  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
16:54:06.0812 0x20c4  Power - ok
16:54:07.0019 0x20c4  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:54:07.0156 0x20c4  PptpMiniport - ok
16:54:07.0368 0x20c4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
16:54:07.0671 0x20c4  Processor - ok
16:54:08.0194 0x20c4  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:54:08.0295 0x20c4  ProfSvc - ok
16:54:08.0345 0x20c4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:54:08.0361 0x20c4  ProtectedStorage - ok
16:54:08.0473 0x20c4  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:54:08.0601 0x20c4  Psched - ok
16:54:09.0163 0x20c4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:54:09.0193 0x20c4  ql2300 - ok
16:54:09.0520 0x20c4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:54:09.0543 0x20c4  ql40xx - ok
16:54:09.0645 0x20c4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
16:54:09.0666 0x20c4  QWAVE - ok
16:54:09.0777 0x20c4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:54:09.0839 0x20c4  QWAVEdrv - ok
16:54:10.0017 0x20c4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:54:10.0051 0x20c4  RasAcd - ok
16:54:10.0260 0x20c4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:54:10.0332 0x20c4  RasAgileVpn - ok
16:54:10.0827 0x20c4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
16:54:10.0880 0x20c4  RasAuto - ok
16:54:11.0123 0x20c4  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:54:11.0181 0x20c4  Rasl2tp - ok
16:54:11.0248 0x20c4  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
16:54:11.0310 0x20c4  RasMan - ok
16:54:11.0588 0x20c4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:54:11.0617 0x20c4  RasPppoe - ok
16:54:11.0836 0x20c4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:54:12.0011 0x20c4  RasSstp - ok
16:54:12.0167 0x20c4  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:54:12.0363 0x20c4  rdbss - ok
16:54:12.0399 0x20c4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
16:54:12.0411 0x20c4  rdpbus - ok
16:54:12.0873 0x20c4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:54:13.0006 0x20c4  RDPCDD - ok
16:54:13.0249 0x20c4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:54:13.0440 0x20c4  RDPENCDD - ok
16:54:13.0567 0x20c4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:54:13.0607 0x20c4  RDPREFMP - ok
16:54:13.0702 0x20c4  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:54:13.0725 0x20c4  RDPWD - ok
16:54:13.0874 0x20c4  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:54:13.0888 0x20c4  rdyboost - ok
16:54:13.0912 0x20c4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:54:13.0985 0x20c4  RemoteAccess - ok
16:54:14.0053 0x20c4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:54:14.0101 0x20c4  RemoteRegistry - ok
16:54:14.0244 0x20c4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:54:14.0309 0x20c4  RpcEptMapper - ok
16:54:14.0438 0x20c4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
16:54:14.0458 0x20c4  RpcLocator - ok
16:54:14.0691 0x20c4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
16:54:14.0740 0x20c4  RpcSs - ok
16:54:14.0892 0x20c4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:54:14.0952 0x20c4  rspndr - ok
16:54:14.0983 0x20c4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
16:54:14.0989 0x20c4  SamSs - ok
16:54:15.0161 0x20c4  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:54:15.0187 0x20c4  sbp2port - ok
16:54:15.0370 0x20c4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:54:15.0420 0x20c4  SCardSvr - ok
16:54:15.0505 0x20c4  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:54:15.0639 0x20c4  scfilter - ok
16:54:15.0817 0x20c4  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
16:54:15.0878 0x20c4  Schedule - ok
16:54:15.0984 0x20c4  [ 2A50BE713FAF033420466C25979C028E, 46EAF744B8EB23F5D134D63C4600EE46662FAB28282CD762945DFB448D2463B3 ] SCMNdisP        C:\Windows\system32\DRIVERS\scmndisp.sys
16:54:16.0040 0x20c4  SCMNdisP - ok
16:54:16.0190 0x20c4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:54:16.0289 0x20c4  SCPolicySvc - ok
16:54:16.0474 0x20c4  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:54:16.0556 0x20c4  SDRSVC - ok
16:54:16.0888 0x20c4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:54:16.0959 0x20c4  secdrv - ok
16:54:17.0039 0x20c4  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
16:54:17.0091 0x20c4  seclogon - ok
16:54:17.0324 0x20c4  [ 99183A28DDF90D5FB1FA9530DA109ACC, D50D1B57681427E12483B7DA35032365F6F2A941286EE8E224F0958262ECC2B4 ] SEE             C:\Windows\system32\drivers\see.sys
16:54:17.0336 0x20c4  SEE - ok
16:54:17.0474 0x20c4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
16:54:17.0528 0x20c4  SENS - ok
16:54:17.0880 0x20c4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:54:18.0044 0x20c4  SensrSvc - ok
16:54:18.0276 0x20c4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
16:54:18.0425 0x20c4  Serenum - ok
16:54:18.0624 0x20c4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
16:54:18.0680 0x20c4  Serial - ok
16:54:18.0927 0x20c4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:54:19.0023 0x20c4  sermouse - ok
16:54:19.0126 0x20c4  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
16:54:19.0165 0x20c4  SessionEnv - ok
16:54:20.0766 0x20c4  [ D6963D2EFF69D97C229C503F24366A38, 3B1F730DA7CA08980B69A15265F59BBC55CCE57875C639A45EDC822D2EB73F5E ] SEVPNCLIENT     C:\Program Files (x86)\SoftEther VPN Client\vpnclient_x64.exe
16:54:20.0817 0x20c4  SEVPNCLIENT - ok
16:54:20.0862 0x20c4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:54:20.0884 0x20c4  sffdisk - ok
16:54:20.0905 0x20c4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:54:20.0913 0x20c4  sffp_mmc - ok
16:54:21.0003 0x20c4  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:54:21.0031 0x20c4  sffp_sd - ok
16:54:21.0129 0x20c4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
16:54:21.0199 0x20c4  sfloppy - ok
16:54:21.0470 0x20c4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:54:21.0550 0x20c4  SharedAccess - ok
16:54:21.0739 0x20c4  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:54:21.0924 0x20c4  ShellHWDetection - ok
16:54:22.0204 0x20c4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
16:54:22.0226 0x20c4  SiSRaid2 - ok
16:54:22.0358 0x20c4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:54:22.0380 0x20c4  SiSRaid4 - ok
16:54:22.0663 0x20c4  [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:54:22.0689 0x20c4  SkypeUpdate - ok
16:54:22.0992 0x20c4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:54:23.0055 0x20c4  Smb - ok
16:54:23.0203 0x20c4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:54:23.0350 0x20c4  SNMPTRAP - ok
16:54:23.0503 0x20c4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:54:23.0525 0x20c4  spldr - ok
16:54:23.0966 0x20c4  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
16:54:23.0978 0x20c4  Spooler - ok
16:54:24.0854 0x20c4  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
16:54:25.0043 0x20c4  sppsvc - ok
16:54:25.0081 0x20c4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:54:25.0112 0x20c4  sppuinotify - ok
16:54:25.0220 0x20c4  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:54:25.0231 0x20c4  srv - ok
16:54:25.0561 0x20c4  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:54:25.0645 0x20c4  srv2 - ok
16:54:25.0757 0x20c4  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:54:25.0770 0x20c4  srvnet - ok
16:54:25.0847 0x20c4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:54:25.0887 0x20c4  SSDPSRV - ok
16:54:25.0934 0x20c4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:54:25.0951 0x20c4  SstpSvc - ok
16:54:26.0305 0x20c4  [ B5C26A6A92C9A6CD64399D2B06D29464, 6CAF09892D4C516361125AAF5387D5BF306EC26133EE45DBBC35C8B6190BAD24 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
16:54:26.0403 0x20c4  Steam Client Service - ok
16:54:26.0521 0x20c4  [ D2230317777033CD0456990BFC4994E5, 0F2F559593EAD7AB4596E67E9AE56E5ABF5C945201366CFC972357C22A4F776A ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:54:26.0530 0x20c4  Stereo Service - ok
16:54:26.0545 0x20c4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
16:54:26.0550 0x20c4  stexstor - ok
16:54:26.0803 0x20c4  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
16:54:26.0861 0x20c4  StillCam - ok
16:54:27.0073 0x20c4  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
16:54:27.0115 0x20c4  stisvc - ok
16:54:27.0189 0x20c4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:54:27.0209 0x20c4  swenum - ok
16:54:27.0388 0x20c4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
16:54:27.0599 0x20c4  swprv - ok
16:54:27.0943 0x20c4  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
16:54:28.0043 0x20c4  SysMain - ok
16:54:28.0190 0x20c4  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:54:28.0231 0x20c4  TabletInputService - ok
16:54:28.0523 0x20c4  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:54:28.0724 0x20c4  TapiSrv - ok
16:54:28.0910 0x20c4  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
16:54:28.0975 0x20c4  TBS - ok
16:54:29.0579 0x20c4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:54:29.0852 0x20c4  Tcpip - ok
16:54:30.0132 0x20c4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:54:30.0156 0x20c4  TCPIP6 - ok
16:54:30.0282 0x20c4  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:54:30.0304 0x20c4  tcpipreg - ok
16:54:30.0772 0x20c4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:54:30.0877 0x20c4  TDPIPE - ok
16:54:30.0951 0x20c4  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:54:30.0972 0x20c4  TDTCP - ok
16:54:31.0164 0x20c4  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:54:31.0222 0x20c4  tdx - ok
16:54:31.0518 0x20c4  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:54:31.0542 0x20c4  TermDD - ok
16:54:31.0899 0x20c4  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
16:54:32.0038 0x20c4  TermService - ok
16:54:32.0163 0x20c4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
16:54:32.0193 0x20c4  Themes - ok
16:54:32.0296 0x20c4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
16:54:32.0352 0x20c4  THREADORDER - ok
16:54:32.0670 0x20c4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
16:54:32.0724 0x20c4  TrkWks - ok
16:54:32.0941 0x20c4  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:54:32.0994 0x20c4  TrustedInstaller - ok
16:54:33.0130 0x20c4  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:54:33.0209 0x20c4  tssecsrv - ok
16:54:33.0272 0x20c4  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:54:33.0298 0x20c4  TsUsbFlt - ok
16:54:33.0417 0x20c4  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
16:54:33.0464 0x20c4  TsUsbGD - ok
16:54:33.0760 0x20c4  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:54:33.0911 0x20c4  tunnel - ok
16:54:33.0949 0x20c4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:54:33.0958 0x20c4  uagp35 - ok
16:54:34.0053 0x20c4  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:54:34.0093 0x20c4  udfs - ok
16:54:34.0125 0x20c4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:54:34.0134 0x20c4  UI0Detect - ok
16:54:34.0301 0x20c4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:54:34.0322 0x20c4  uliagpkx - ok
16:54:34.0546 0x20c4  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:54:34.0648 0x20c4  umbus - ok
16:54:34.0783 0x20c4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
16:54:34.0868 0x20c4  UmPass - ok
16:54:35.0027 0x20c4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
16:54:35.0073 0x20c4  upnphost - ok
16:54:35.0293 0x20c4  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
16:54:35.0494 0x20c4  usbaudio - ok
16:54:35.0667 0x20c4  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:54:35.0750 0x20c4  usbccgp - ok
16:54:35.0967 0x20c4  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:54:36.0016 0x20c4  usbcir - ok
16:54:36.0337 0x20c4  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:54:36.0425 0x20c4  usbehci - ok
16:54:36.0625 0x20c4  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:54:36.0665 0x20c4  usbhub - ok
16:54:36.0717 0x20c4  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:54:36.0741 0x20c4  usbohci - ok
16:54:36.0863 0x20c4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
16:54:36.0920 0x20c4  usbprint - ok
16:54:37.0063 0x20c4  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
16:54:37.0203 0x20c4  USBSTOR - ok
16:54:37.0306 0x20c4  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:54:37.0532 0x20c4  usbuhci - ok
16:54:37.0777 0x20c4  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
16:54:37.0827 0x20c4  usbvideo - ok
16:54:37.0876 0x20c4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
16:54:37.0988 0x20c4  UxSms - ok
16:54:38.0089 0x20c4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
16:54:38.0110 0x20c4  VaultSvc - ok
16:54:38.0253 0x20c4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:54:38.0275 0x20c4  vdrvroot - ok
16:54:38.0465 0x20c4  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
16:54:38.0644 0x20c4  vds - ok
16:54:38.0831 0x20c4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:54:38.0837 0x20c4  vga - ok
16:54:38.0965 0x20c4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:54:39.0071 0x20c4  VgaSave - ok
16:54:39.0113 0x20c4  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:54:39.0299 0x20c4  vhdmp - ok
16:54:39.0470 0x20c4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:54:39.0492 0x20c4  viaide - ok
16:54:39.0544 0x20c4  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:54:39.0557 0x20c4  volmgr - ok
16:54:39.0835 0x20c4  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:54:39.0860 0x20c4  volmgrx - ok
16:54:39.0944 0x20c4  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:54:39.0969 0x20c4  volsnap - ok
16:54:40.0133 0x20c4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:54:40.0163 0x20c4  vsmraid - ok
16:54:40.0441 0x20c4  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
16:54:40.0611 0x20c4  VSS - ok
16:54:40.0670 0x20c4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:54:40.0805 0x20c4  vwifibus - ok
16:54:40.0942 0x20c4  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:54:41.0114 0x20c4  vwififlt - ok
16:54:41.0165 0x20c4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
16:54:41.0220 0x20c4  W32Time - ok
16:54:41.0743 0x20c4  [ 3FC4AD0528B06A48747494F80D1D8B6A, D2C77A2006B61B10CA613809B2AD43E008B9423A4F92FA2DB79A89B3286EC9C4 ] WacHidRouter    C:\Windows\system32\DRIVERS\wachidrouter.sys
16:54:41.0762 0x20c4  WacHidRouter - ok
16:54:41.0855 0x20c4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:54:41.0981 0x20c4  WacomPen - ok
16:54:42.0439 0x20c4  [ 7C1C4BCDD2729F942F7AF8E1A9F9B536, 6448D1E680B7D14C99F1D52AA755EF87287BA05AFC6F360A8D6812BDF887BC90 ] wacomrouterfilter C:\Windows\system32\DRIVERS\wacomrouterfilter.sys
16:54:42.0455 0x20c4  wacomrouterfilter - ok
16:54:42.0649 0x20c4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:54:42.0737 0x20c4  WANARP - ok
16:54:42.0908 0x20c4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:54:42.0957 0x20c4  Wanarpv6 - ok
16:54:43.0272 0x20c4  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
16:54:43.0299 0x20c4  WatAdminSvc - ok
16:54:43.0466 0x20c4  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
16:54:43.0498 0x20c4  wbengine - ok
16:54:43.0588 0x20c4  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:54:43.0624 0x20c4  WbioSrvc - ok
16:54:43.0677 0x20c4  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:54:43.0704 0x20c4  wcncsvc - ok
16:54:43.0754 0x20c4  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:54:43.0760 0x20c4  WcsPlugInService - ok
16:54:43.0776 0x20c4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
16:54:43.0781 0x20c4  Wd - ok
16:54:43.0920 0x20c4  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:54:43.0948 0x20c4  Wdf01000 - ok
16:54:44.0187 0x20c4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:54:44.0292 0x20c4  WdiServiceHost - ok
16:54:44.0358 0x20c4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:54:44.0402 0x20c4  WdiSystemHost - ok
16:54:44.0460 0x20c4  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
16:54:44.0487 0x20c4  WebClient - ok
16:54:44.0591 0x20c4  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:54:44.0663 0x20c4  Wecsvc - ok
16:54:44.0777 0x20c4  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:54:44.0813 0x20c4  wercplsupport - ok
16:54:45.0067 0x20c4  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:54:45.0119 0x20c4  WerSvc - ok
16:54:45.0536 0x20c4  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:54:45.0585 0x20c4  WfpLwf - ok
16:54:45.0609 0x20c4  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:54:45.0614 0x20c4  WIMMount - ok
16:54:45.0646 0x20c4  WinDefend - ok
16:54:46.0104 0x20c4  WinHttpAutoProxySvc - ok
16:54:46.0738 0x20c4  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:54:46.0793 0x20c4  Winmgmt - ok
16:54:47.0278 0x20c4  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
16:54:47.0319 0x20c4  WinRM - ok
16:54:47.0509 0x20c4  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:54:47.0520 0x20c4  WinUsb - ok
16:54:47.0698 0x20c4  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:54:47.0832 0x20c4  Wlansvc - ok
16:54:48.0720 0x20c4  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:54:48.0755 0x20c4  wlidsvc - ok
16:54:48.0875 0x20c4  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
16:54:48.0910 0x20c4  WmiAcpi - ok
16:54:49.0008 0x20c4  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:54:49.0105 0x20c4  wmiApSrv - ok
16:54:49.0204 0x20c4  WMPNetworkSvc - ok
16:54:49.0301 0x20c4  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:54:49.0322 0x20c4  WPCSvc - ok
16:54:49.0444 0x20c4  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:54:49.0474 0x20c4  WPDBusEnum - ok
16:54:49.0568 0x20c4  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:54:49.0714 0x20c4  ws2ifsl - ok
16:54:49.0767 0x20c4  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
16:54:49.0804 0x20c4  wscsvc - ok
16:54:49.0807 0x20c4  WSearch - ok
16:54:50.0041 0x20c4  [ E1C281225E6ECB16BC675D0687077E40, 79CD615FB6A05F791A554FC83717D2805829D07E16E96C2A9B41FF50847B5504 ] WSWNDA3100v2    C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
16:54:50.0072 0x20c4  WSWNDA3100v2 - ok
16:54:50.0567 0x20c4  [ 6F6F1A862FBC10F8FC7634ABBC651EA2, 2EBC3080205A00368D98066A61708A7DAFBC90974F3D603053F7048B81F195E0 ] WTabletServicePro C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
16:54:50.0577 0x20c4  WTabletServicePro - ok
16:54:51.0328 0x20c4  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:54:51.0361 0x20c4  wuauserv - ok
16:54:51.0517 0x20c4  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:54:51.0581 0x20c4  WudfPf - ok
16:54:51.0758 0x20c4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:54:51.0846 0x20c4  WUDFRd - ok
16:54:52.0068 0x20c4  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:54:52.0152 0x20c4  wudfsvc - ok
16:54:52.0406 0x20c4  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:54:52.0584 0x20c4  WwanSvc - ok
16:54:52.0886 0x20c4  [ 828896BF9BCB414BA583BC7879E35ACB, 2C9275ABE259101F79B000673A56F090E4C67D276A8F82E1F218E896479DDDCA ] XTU3SERVICE     C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe
16:54:52.0907 0x20c4  XTU3SERVICE - ok
16:54:52.0936 0x20c4  [ 9176C0822FAA649E45121875BE32F5D2, B7A7A906A7BB0F760ED241F998C647D728C4DB5D8778AFE585DF38331165803F ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
16:54:52.0947 0x20c4  xusb21 - ok
16:54:53.0166 0x20c4  ================ Scan global ===============================
16:54:53.0456 0x20c4  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
16:54:53.0592 0x20c4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
16:54:53.0699 0x20c4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
16:54:53.0792 0x20c4  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
16:54:54.0126 0x20c4  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
16:54:54.0148 0x20c4  [ Global ] - ok
16:54:54.0148 0x20c4  ================ Scan MBR ==================================
16:54:54.0186 0x20c4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:55:08.0881 0x20c4  \Device\Harddisk0\DR0 - ok
16:55:08.0882 0x20c4  ================ Scan VBR ==================================
16:55:08.0926 0x20c4  [ 6BFD4B72FEAAB966FFA250B2594C8191 ] \Device\Harddisk0\DR0\Partition1
16:55:09.0121 0x20c4  \Device\Harddisk0\DR0\Partition1 - ok
16:55:09.0181 0x20c4  [ F90CF641855E25491E1EA7B38027FDDA ] \Device\Harddisk0\DR0\Partition2
16:55:09.0433 0x20c4  \Device\Harddisk0\DR0\Partition2 - ok
16:55:09.0433 0x20c4  ================ Scan generic autorun ======================
16:55:09.0610 0x20c4  [ C9900177A954E22C84A696075A40A173, 33E32173FF811DF1B687916CB3CADAE2907DAF5AC4B80F559039D3B61553C48F ] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
16:55:09.0620 0x20c4  IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
16:55:19.0689 0x20c4  IAStorIcon ( UnsignedFile.Multi.Generic ) - warning
16:55:24.0434 0x20c4  [ 1446A63306CEC57C8EFE6F4B079D2AF2, 6C9E9539D19DF20474D563637786B6B457DE92A951CFF767797386C9B8285233 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
16:55:24.0523 0x20c4  RTHDVCPL - ok
16:55:24.0915 0x20c4  [ C56AEF21A76A6E2BB36A384B2C96389F, A9C8B90631AB4BBFEAABDE3D854283C5073B8786A263B941FF631531F30B7F9A ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
16:55:24.0948 0x20c4  NvBackend - ok
16:55:25.0026 0x20c4  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
16:55:25.0141 0x20c4  ShadowPlay - ok
16:55:26.0485 0x20c4  [ D6963D2EFF69D97C229C503F24366A38, 3B1F730DA7CA08980B69A15265F59BBC55CCE57875C639A45EDC822D2EB73F5E ] C:\Program Files (x86)\SoftEther VPN Client\vpnclient_x64.exe
16:55:26.0535 0x20c4  SoftEther VPN Client UI Helper - ok
16:55:26.0707 0x20c4  [ E4E7B29D050F5480071984FE6543C311, 9A4D8D1702AE74AB4FE4367EAF4AD6500F59D4F25B3CCACE3EF07613B7B5853C ] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
16:55:26.0733 0x20c4  USB3MON - ok
16:55:26.0902 0x20c4  [ 8A6683AC1DAFA824615BB3857EF8C709, 3E0C4A19E9DC29D74DBCE53A58E5E196BBA2D4603C9D0CDE73FACE6C214A4154 ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
16:55:26.0905 0x20c4  Adobe Reader Speed Launcher - ok
16:55:27.0511 0x20c4  [ BAD6BEA0DE1F69C82BDB74378CE0C20A, ADA84B75173E9D03C180B527E31475ACA16CB19532C3EDA11357BD37049927E3 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
16:55:27.0538 0x20c4  Adobe ARM - ok
16:55:27.0989 0x20c4  [ 308F2EE28005510DE616409148CF077B, A2126CB185B0053086BDD6F0A16A503F6CA629AC677E4B7AE6D43C770061D087 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
16:55:28.0018 0x20c4  SunJavaUpdateSched - ok
16:55:29.0376 0x20c4  [ 26AFC1F16494FFE66F2197153B342A27, 817436E38F832500E120F196941F2F8392B192262E16D5E52CD5DFAC34749C15 ] C:\Program Files (x86)\AVAST\AvastUI.exe
16:55:29.0426 0x20c4  AvastUI.exe - ok
16:55:29.0913 0x20c4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
16:55:30.0214 0x20c4  Sidebar - ok
16:55:30.0277 0x20c4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
16:55:30.0323 0x20c4  mctadmin - ok
16:55:30.0462 0x20c4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
16:55:30.0500 0x20c4  Sidebar - ok
16:55:30.0515 0x20c4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
16:55:30.0529 0x20c4  mctadmin - ok
16:55:30.0881 0x20c4  [ F73154E180105822A5F9B755BA933737, 1CD775B6CE3736A70EC5FC7A6B77A2FEDA70D59B49A66046CC20B341005501D9 ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
16:55:30.0925 0x20c4  DAEMON Tools Lite - ok
16:55:31.0402 0x20c4  [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
16:55:31.0435 0x20c4  HP Officejet 6600 (NET) - ok
16:55:31.0479 0x20c4  RGSC - ok
16:55:32.0133 0x20c4  [ B6EF24044DD4794240E914AB4CDB255B, 96FB13F26538B47345DC51F5BF89F29F2AC292C096EE83CE7F0A45F464A5642A ] C:\Program Files (x86)\Gyazo\GyStation.exe
16:55:32.0169 0x20c4  Gyazo - ok
16:55:32.0872 0x20c4  [ F77E0B5C07B77E258F7F67A01487DC8C, C83ADF1CA2D4BE14ADF0C847C77BC66D4F042E9D9EC4F38D9CA9EBA9A7617517 ] C:\Users\Georgie\AppData\Roaming\ChromeUpdate.exe
16:55:32.0945 0x20c4  ChromeUpdate - detected UnsignedFile.Multi.Generic ( 1 )
16:55:35.0704 0x20c4  Detect turned to UDS exact due to KSN untrusted
16:55:35.0704 0x20c4  ChromeUpdate ( UDS:DangerousObject.Multi.Generic ) - infected
16:55:35.0704 0x20c4  Force sending object to P2P due to detect: C:\Users\Georgie\AppData\Roaming\ChromeUpdate.exe
16:55:40.0014 0x20c4  Object send P2P result: true
16:55:43.0113 0x20c4  [ 90891933B128EFDA6FBFC9CCC3DC4BD7, B056CCA76B59E2D12C5259C2C945BBDCB993DA604116CC6EC527C66B5E2976E7 ] C:\Users\Georgie\AppData\Roaming\GoogleUpdate.exe
16:55:43.0182 0x20c4  GoogleUpdate - detected UnsignedFile.Multi.Generic ( 1 )
16:55:46.0160 0x20c4  GoogleUpdate ( UnsignedFile.Multi.Generic ) - warning
16:55:46.0160 0x20c4  Force sending object to P2P due to detect: C:\Users\Georgie\AppData\Roaming\GoogleUpdate.exe
16:55:50.0356 0x20c4  Object send P2P result: true
16:55:53.0471 0x20c4  AV detected via SS2: avast! Antivirus, C:\Program Files (x86)\AVAST\VisthAux.exe ( 9.0.2021.515 ), 0x41000 ( enabled : updated )
16:55:53.0661 0x20c4  Win FW state via NFP2: enabled
16:55:56.0458 0x20c4  ============================================================
16:55:56.0458 0x20c4  Scan finished
16:55:56.0458 0x20c4  ============================================================
16:55:56.0475 0x0d48  Detected object count: 3
16:55:56.0475 0x0d48  Actual detected object count: 3
16:56:19.0523 0x0d48  IAStorIcon ( UnsignedFile.Multi.Generic ) - skipped by user
16:56:19.0523 0x0d48  IAStorIcon ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:56:19.0523 0x0d48  ChromeUpdate ( UDS:DangerousObject.Multi.Generic ) - skipped by user
16:56:19.0523 0x0d48  ChromeUpdate ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip
16:56:19.0524 0x0d48  GoogleUpdate ( UnsignedFile.Multi.Generic ) - skipped by user
16:56:19.0524 0x0d48  GoogleUpdate ( UnsignedFile.Multi.Generic ) - User select action: Skip
 



#4 Accelerando

Accelerando
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 25 August 2014 - 04:08 PM

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2014
Ran by Georgie at 2014-08-25 17:02:31
Running from C:\Users\Georgie\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

«Severance: Blade of Darkness» 1.01 (HKLM-x32\...\Severance - Blade of Darkness_is1) (Version: 1.01 - R.G. Catalyst)
4K Video Downloader 3.4 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.4.0.1400 - Open Media LLC)
Action! (HKLM-x32\...\{7A9DEE45-1F8D-4D1A-A9EA-F0108DAE6FEC}) (Version: 1.9.0 - Mirillis)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader X (10.0.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
Archeage Beta (HKLM-x32\...\Glyph Archeage Beta) (Version:  - Trion Worlds, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.15.0 - Asmedia Technology)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Blender (remove only) (HKLM-x32\...\Blender) (Version:  - )
Blender NIF Scripts (remove only) (HKLM-x32\...\BlenderNIFScripts) (Version:  - )
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)
Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version:  - Eidos Montreal)
Divinity: Original Sin (HKLM-x32\...\Steam App 230230) (Version:  - Larian Studios)
ffdshow v1.3.4530 [2014-02-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4530.0 - )
foobar2000 v1.3.3 (HKLM-x32\...\foobar2000) (Version: 1.3.3 - Peter Pawlowski)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
gogrisen (HKLM\...\{6bd41b13-a359-4b67-811b-48b41f7a63ef}.sdb) (Version:  - )
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
GTA IV Vehicle Mod Installer v1.3 (HKLM-x32\...\GTA IV Vehicle Mod Installer v1.3_is1) (Version:  - MobileD2)
Gyazo 2.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HP Officejet 6600 Basic Device Software (HKLM\...\{B407F586-D027-45C3-9109-CC2943E839FA}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Intel Extreme Tuning Utility (HKLM-x32\...\{a6e81627-a651-408c-8fb6-19a078070830}) (Version: 5.1.0.23 - Intel Corporation)
Intel Extreme Tuning Utility (x32 Version: 5.1.0.23 - Intel Corporation) Hidden
Intel® Chipset Device Software (Version: 10.0.14 - Intel Corporation) Hidden
Intel® Chipset Device Software (x32 Version: 10.0.14 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.25.1036 - Intel Corporation)
Intel® Management Engine Components (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (Version: 10.0.25.1036 - Intel Corporation) Hidden
Intel® ME UninstallLegacy (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel® Network Connections 19.1.51.0 (Version: 19.1.51.0 - Intel) Hidden
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 13.0.3.1001 - Intel Corporation) Hidden
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.35.127.1 - Intel Corporation) Hidden
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version:  - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Preview (HKLM\...\{52AFC3E1-0FAA-4C05-88FF-373911EA68F5}) (Version: 1.4.3.429 - BabelSoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Morrowind (HKLM-x32\...\{C325F588-D6B1-4A7F-B6A2-914C75DDA348}) (Version:  - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 2.2.0.3 - NETGEAR)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.51.0 - Black Tree Gaming)
NifSkope (remove only) (HKLM-x32\...\NifSkope) (Version:  - )
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Control Panel 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Photoshop Plug-ins 64 bit (HKLM-x32\...\{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}) (Version: 8.50 - )
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PyFFI 2.1.10 (HKLM-x32\...\PyFFI) (Version: 2.1.10 - Amorilia <amorilia@users.sourceforge.net>)
Python 2.6 PyFFI-2.1.10 (HKLM-x32\...\PyFFI-py2.6) (Version:  - Python File Format Interface)
Python 2.6.6 (HKLM-x32\...\{6151cf20-0bd8-4023-a4a0-6a86dcfe58e5}) (Version: 2.6.6150 - Python Software Foundation)
qBittorrent 3.1.9.2 (HKLM-x32\...\qbittorrent) (Version: 3.1.9.2 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7224 - Realtek Semiconductor Corp.)
Risen (HKLM-x32\...\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}) (Version: 1.00.0000 - Deep Silver)
Risen (HKLM-x32\...\GOGPACKRISEN_is1) (Version: 2.0.0.6 - GOG.com)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SmoothVideo Project version 3.1.6 (HKLM-x32\...\SmoothVideo Project_is1) (Version: 3.1.6 - SVP)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.10.9473 - SoftEther VPN Project)
Source SDK Base 2013 Multiplayer (HKLM-x32\...\Steam App 243750) (Version:  - )
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TES Construction Set (HKLM-x32\...\{DB3C800B-081B-4146-B4E3-EFB5B77AA913}) (Version:  - )
The Elder Scrolls V Skyrim (HKLM-x32\...\{4FEF52F2-3C2C-4B80-9443-3D6A654328D0}_is1) (Version:  - Bethesda Softworks)
Ultra Street Fighter IV (HKLM-x32\...\Steam App 45760) (Version:  - Capcom)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.8-4 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 3.0.4.4 - Wrye & Wrye Bash Development Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

23-08-2014 07:39:48 Device Driver Package Install: SoftEther VPN Project Network adapters
24-08-2014 22:28:55 Installed Morrowind
24-08-2014 22:30:47 Installed TES Construction Set
24-08-2014 22:32:13 Installed Tribunal
24-08-2014 22:33:33 Installed Bloodmoon
25-08-2014 19:37:19 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {440F537D-C9E4-4A2D-9E4C-A00FBE05FFAA} - System32\Tasks\avast! Emergency Update => C:\Program Files (x86)\AVAST\AvastEmUpdate.exe [2014-08-25] (AVAST Software)
Task: {8419F6D9-FBFF-4F9B-85EF-499FE4B5563C} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-07-03] ()
Task: {C1A60B9E-8AF3-4468-8688-1E02F190D54B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {CE55CAAF-C66D-455D-ADBA-E3EB1BE2F5EF} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)

==================== Loaded Modules (whitelisted) =============

2014-07-31 03:14 - 2014-07-02 14:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-07-31 03:20 - 2014-01-27 23:16 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2014-07-31 03:48 - 2013-11-11 15:10 - 00307928 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
2014-08-04 22:11 - 2014-04-21 18:30 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-07-31 03:48 - 2013-12-09 17:01 - 08385240 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2014-07-31 03:20 - 2014-08-25 15:03 - 00036864 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2014-07-31 03:20 - 2014-01-27 23:16 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2014-07-31 03:48 - 2013-12-05 14:00 - 00380928 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll
2014-07-31 03:48 - 2013-11-01 17:31 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll
2014-03-20 11:43 - 2014-03-20 11:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-07-31 05:44 - 2014-07-17 01:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-08-25 15:43 - 2014-08-25 15:43 - 00301152 _____ () C:\Program Files (x86)\AVAST\aswProperty.dll
2014-08-25 15:44 - 2014-08-25 15:44 - 02801152 _____ () C:\Program Files (x86)\AVAST\defs\14082501\algo.dll
2014-08-25 15:43 - 2014-08-25 15:43 - 19329904 _____ () C:\Program Files (x86)\AVAST\libcef.dll
2014-08-23 15:51 - 2014-08-23 15:51 - 17048240 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/25/2014 04:24:33 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0xC004C008
Sku Id=9f83d90f-a151-4665-ae69-30b3f63ec659

Error: (08/25/2014 04:24:33 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0xC004C008

Error: (08/25/2014 03:25:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: perfmon.exe, version: 6.1.7601.17514, time stamp: 0x4ce7972c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x0000000000053290
Faulting process id: 0x2c6c
Faulting application start time: 0xperfmon.exe0
Faulting application path: perfmon.exe1
Faulting module path: perfmon.exe2
Report Id: perfmon.exe3

Error: (08/25/2014 03:04:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/25/2014 03:03:55 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]

Error: (08/25/2014 03:03:55 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]

Error: (08/25/2014 03:03:55 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]

Error: (08/25/2014 03:03:55 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]

Error: (08/25/2014 03:03:55 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]

Error: (08/25/2014 08:48:40 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0xC004C008
Sku Id=9f83d90f-a151-4665-ae69-30b3f63ec659


System errors:
=============
Error: (08/25/2014 04:46:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SoftEther VPN Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/25/2014 03:10:35 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (08/25/2014 03:03:55 PM) (Source: DCOM) (EventID: 10016) (User: Georgie-PC)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}Georgie-PCGeorgieS-1-5-21-375173307-3237176242-2681030609-1000LocalHost (Using LRPC)

Error: (08/25/2014 03:03:55 PM) (Source: DCOM) (EventID: 10016) (User: Georgie-PC)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}Georgie-PCGeorgieS-1-5-21-375173307-3237176242-2681030609-1000LocalHost (Using LRPC)

Error: (08/25/2014 03:03:55 PM) (Source: DCOM) (EventID: 10016) (User: Georgie-PC)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}Georgie-PCGeorgieS-1-5-21-375173307-3237176242-2681030609-1000LocalHost (Using LRPC)

Error: (08/25/2014 03:03:55 PM) (Source: DCOM) (EventID: 10016) (User: Georgie-PC)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}Georgie-PCGeorgieS-1-5-21-375173307-3237176242-2681030609-1000LocalHost (Using LRPC)

Error: (08/25/2014 03:03:55 PM) (Source: DCOM) (EventID: 10016) (User: Georgie-PC)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}Georgie-PCGeorgieS-1-5-21-375173307-3237176242-2681030609-1000LocalHost (Using LRPC)

Error: (08/25/2014 10:48:59 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (08/25/2014 10:47:04 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSWNDA3100v2 service.

Error: (08/23/2014 04:51:25 PM) (Source: DCOM) (EventID: 10016) (User: Georgie-PC)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Georgie-PCGeorgieS-1-5-21-375173307-3237176242-2681030609-1000LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (08/25/2014 04:24:33 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0xC004C0089f83d90f-a151-4665-ae69-30b3f63ec659

Error: (08/25/2014 04:24:33 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0xC004C00800010001(0x00000000, 16:24:32:948 - http://go.microsoft.com/fwlink/?LinkID=88341)
00020001(0x00000000, 16:24:32:948)
00030001(0x00000000, 16:24:32:948 - http://go.microsoft.com)
00030002(0x00000000, 16:24:32:948 - 1)
00020005(0x00000000, 16:24:32:948 - 0)
0002000C(0x00000000, 16:24:33:034 - 302)
0002000E(0x00000000, 16:24:33:034 - https://activation.sls.microsoft.com/sllicensing/SLLicense.asmx)
00020001(0x00000000, 16:24:33:034)
00030001(0x00000000, 16:24:33:034 - https://activation.sls.microsoft.com)
00030002(0x00000000, 16:24:33:034 - 1)
00020005(0x00000000, 16:24:33:034 - 0)
0002000C(0x00000000, 16:24:33:308 - 500)
00010002(0x8004FC01, 16:24:33:308 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C008</HRESULT><Messages><Message>113 (Activation) - [PA Maximum unlock exceeded.  ---&gt; Maximum unlock exceeded]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 16:24:33:308)

Error: (08/25/2014 03:25:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: perfmon.exe6.1.7601.175144ce7972cntdll.dll6.1.7601.18247521eaf24c000000500000000000532902c6c01cfc099d1b41a66C:\Windows\System32\perfmon.exeC:\Windows\SYSTEM32\ntdll.dll9d1224d0-2c8d-11e4-90f1-00ac11558e60

Error: (08/25/2014 03:04:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/25/2014 03:03:55 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.

Error: (08/25/2014 03:03:55 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.

Error: (08/25/2014 03:03:55 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.

Error: (08/25/2014 03:03:55 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.

Error: (08/25/2014 03:03:55 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.

Error: (08/25/2014 08:48:40 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0xC004C0089f83d90f-a151-4665-ae69-30b3f63ec659


==================== Memory info ===========================

Processor: Intel® Core™ i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 37%
Total physical RAM: 8131.99 MB
Available physical RAM: 5085.32 MB
Total Pagefile: 16262.16 MB
Available Pagefile: 12668.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:621.33 GB) NTFS
Drive f: (Morrowind) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C776BEE9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#5 Accelerando

Accelerando
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 25 August 2014 - 04:10 PM

FRST is too long to be posted so I put it in a pastebin

http://pastebin.com/Mtt5fphU



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 PM

Posted 25 August 2014 - 04:59 PM

Ok.


Step 1

Please download this attached Attached File  fixlist.txt   1.15KB   2 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Start FRST with administator privileges.
  • Make sure the option Addition.txt (under Optional Scan) is checked.
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.


#7 Accelerando

Accelerando
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 25 August 2014 - 05:36 PM

The iexplore.exe seems to be gone now and I'm not getting any blocks from svchost.exe although it seems like I still have an unusual amount of svchost.exe processes unless it's normal to have 13 different processes from all users (even though I'm the only one).

 

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-08-2014
Ran by Georgie at 2014-08-25 18:00:31 Run:1
Running from C:\Users\Georgie\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CMD: taskkill /f /t /im iexplore.exe
HKU\S-1-5-21-375173307-3237176242-2681030609-1000\...\Run: [ChromeUpdate] => C:\Users\Georgie\AppData\Roaming\ChromeUpdate.exe [397312 2014-08-25] ()
HKU\S-1-5-21-375173307-3237176242-2681030609-1000\...\Run: [GoogleUpdate] => C:\Users\Georgie\AppData\Roaming\GoogleUpdate.exe [150528 2014-08-25] (Google Inc.)
C:\Users\Georgie\AppData\Roaming\ChromeUpdate.exe
C:\Users\Georgie\AppData\Roaming\GoogleUpdate.exe
HKU\S-1-5-21-375173307-3237176242-2681030609-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ChromeUpdate] => C:\Users\Georgie\AppData\Roaming\ChromeUpdate.exe [397312 2014-08-25] ()
HKU\S-1-5-21-375173307-3237176242-2681030609-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleUpdate] => C:\Users\Georgie\AppData\Roaming\GoogleUpdate.exe [150528 2014-08-25] (Google Inc.)
2014-08-25 09:54 - 2014-08-25 16:06 - 00000000 _____ () C:\ProgramData\@system.att
2014-08-25 09:54 - 2014-08-25 15:04 - 00000601 _____ () C:\ProgramData\@system2.att
2014-08-25 09:53 - 2014-08-25 16:57 - 00087200 _____ () C:\ProgramData\wrnhoah.tmp
2014-08-25 09:53 - 2014-08-25 16:18 - 00000000 ___HD () C:\c5f01a0
EmptyTemp:
*****************


=========  taskkill /f /t /im iexplore.exe =========

SUCCESS: The process with PID 1372 (child process of PID 10292) has been terminated.
SUCCESS: The process with PID 1796 (child process of PID 10292) has been terminated.
SUCCESS: The process with PID 10292 (child process of PID 2380) has been terminated.

========= End of CMD: =========

HKU\S-1-5-21-375173307-3237176242-2681030609-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ChromeUpdate => value deleted successfully.
HKU\S-1-5-21-375173307-3237176242-2681030609-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleUpdate => value deleted successfully.
C:\Users\Georgie\AppData\Roaming\ChromeUpdate.exe => Moved successfully.
C:\Users\Georgie\AppData\Roaming\GoogleUpdate.exe => Moved successfully.
HKU\S-1-5-21-375173307-3237176242-2681030609-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\ChromeUpdate => value deleted successfully.
HKU\S-1-5-21-375173307-3237176242-2681030609-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleUpdate => value deleted successfully.
C:\ProgramData\@system.att => Moved successfully.
C:\ProgramData\@system2.att => Moved successfully.
C:\ProgramData\wrnhoah.tmp => Moved successfully.
C:\c5f01a0 => Moved successfully.
EmptyTemp: => Removed 51.6 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2014
Ran by Georgie at 2014-08-25 18:32:57
Running from C:\Users\Georgie\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

«Severance: Blade of Darkness» 1.01 (HKLM-x32\...\Severance - Blade of Darkness_is1) (Version: 1.01 - R.G. Catalyst)
4K Video Downloader 3.4 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.4.0.1400 - Open Media LLC)
Action! (HKLM-x32\...\{7A9DEE45-1F8D-4D1A-A9EA-F0108DAE6FEC}) (Version: 1.9.0 - Mirillis)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader X (10.0.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
Archeage Beta (HKLM-x32\...\Glyph Archeage Beta) (Version:  - Trion Worlds, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.15.0 - Asmedia Technology)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Blender (remove only) (HKLM-x32\...\Blender) (Version:  - )
Blender NIF Scripts (remove only) (HKLM-x32\...\BlenderNIFScripts) (Version:  - )
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)
Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version:  - Eidos Montreal)
Divinity: Original Sin (HKLM-x32\...\Steam App 230230) (Version:  - Larian Studios)
ffdshow v1.3.4530 [2014-02-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4530.0 - )
foobar2000 v1.3.3 (HKLM-x32\...\foobar2000) (Version: 1.3.3 - Peter Pawlowski)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
gogrisen (HKLM\...\{6bd41b13-a359-4b67-811b-48b41f7a63ef}.sdb) (Version:  - )
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
GTA IV Vehicle Mod Installer v1.3 (HKLM-x32\...\GTA IV Vehicle Mod Installer v1.3_is1) (Version:  - MobileD2)
Gyazo 2.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HP Officejet 6600 Basic Device Software (HKLM\...\{B407F586-D027-45C3-9109-CC2943E839FA}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Intel Extreme Tuning Utility (HKLM-x32\...\{a6e81627-a651-408c-8fb6-19a078070830}) (Version: 5.1.0.23 - Intel Corporation)
Intel Extreme Tuning Utility (x32 Version: 5.1.0.23 - Intel Corporation) Hidden
Intel® Chipset Device Software (Version: 10.0.14 - Intel Corporation) Hidden
Intel® Chipset Device Software (x32 Version: 10.0.14 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.25.1036 - Intel Corporation)
Intel® Management Engine Components (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (Version: 10.0.25.1036 - Intel Corporation) Hidden
Intel® ME UninstallLegacy (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel® Network Connections 19.1.51.0 (Version: 19.1.51.0 - Intel) Hidden
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 13.0.3.1001 - Intel Corporation) Hidden
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.35.127.1 - Intel Corporation) Hidden
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version:  - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Preview (HKLM\...\{52AFC3E1-0FAA-4C05-88FF-373911EA68F5}) (Version: 1.4.3.429 - BabelSoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Morrowind (HKLM-x32\...\{C325F588-D6B1-4A7F-B6A2-914C75DDA348}) (Version:  - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 2.2.0.3 - NETGEAR)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.51.0 - Black Tree Gaming)
NifSkope (remove only) (HKLM-x32\...\NifSkope) (Version:  - )
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Control Panel 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Photoshop Plug-ins 64 bit (HKLM-x32\...\{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}) (Version: 8.50 - )
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PyFFI 2.1.10 (HKLM-x32\...\PyFFI) (Version: 2.1.10 - Amorilia <amorilia@users.sourceforge.net>)
Python 2.6 PyFFI-2.1.10 (HKLM-x32\...\PyFFI-py2.6) (Version:  - Python File Format Interface)
Python 2.6.6 (HKLM-x32\...\{6151cf20-0bd8-4023-a4a0-6a86dcfe58e5}) (Version: 2.6.6150 - Python Software Foundation)
qBittorrent 3.1.9.2 (HKLM-x32\...\qbittorrent) (Version: 3.1.9.2 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7224 - Realtek Semiconductor Corp.)
Risen (HKLM-x32\...\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}) (Version: 1.00.0000 - Deep Silver)
Risen (HKLM-x32\...\GOGPACKRISEN_is1) (Version: 2.0.0.6 - GOG.com)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SmoothVideo Project version 3.1.6 (HKLM-x32\...\SmoothVideo Project_is1) (Version: 3.1.6 - SVP)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.10.9473 - SoftEther VPN Project)
Source SDK Base 2013 Multiplayer (HKLM-x32\...\Steam App 243750) (Version:  - )
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TES Construction Set (HKLM-x32\...\{DB3C800B-081B-4146-B4E3-EFB5B77AA913}) (Version:  - )
The Elder Scrolls V Skyrim (HKLM-x32\...\{4FEF52F2-3C2C-4B80-9443-3D6A654328D0}_is1) (Version:  - Bethesda Softworks)
Ultra Street Fighter IV (HKLM-x32\...\Steam App 45760) (Version:  - Capcom)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.8-4 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 3.0.4.4 - Wrye & Wrye Bash Development Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

23-08-2014 07:39:48 Device Driver Package Install: SoftEther VPN Project Network adapters
24-08-2014 22:28:55 Installed Morrowind
24-08-2014 22:30:47 Installed TES Construction Set
24-08-2014 22:32:13 Installed Tribunal
24-08-2014 22:33:33 Installed Bloodmoon
25-08-2014 19:37:19 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {440F537D-C9E4-4A2D-9E4C-A00FBE05FFAA} - System32\Tasks\avast! Emergency Update => C:\Program Files (x86)\AVAST\AvastEmUpdate.exe [2014-08-25] (AVAST Software)
Task: {8419F6D9-FBFF-4F9B-85EF-499FE4B5563C} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-07-03] ()
Task: {C1A60B9E-8AF3-4468-8688-1E02F190D54B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {CE55CAAF-C66D-455D-ADBA-E3EB1BE2F5EF} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)

==================== Loaded Modules (whitelisted) =============

2014-07-31 03:14 - 2014-07-02 14:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-07-31 03:20 - 2014-01-27 23:16 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2014-07-31 03:48 - 2013-11-11 15:10 - 00307928 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
2014-08-04 22:11 - 2014-04-21 18:30 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-07-31 03:48 - 2013-12-09 17:01 - 08385240 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2014-07-31 04:28 - 2014-07-25 10:02 - 00699680 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2014-07-31 04:28 - 2014-07-25 10:02 - 00855328 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2014-08-25 15:43 - 2014-08-25 15:43 - 00301152 _____ () C:\Program Files (x86)\AVAST\aswProperty.dll
2014-08-25 15:44 - 2014-08-25 15:44 - 02801152 _____ () C:\Program Files (x86)\AVAST\defs\14082501\algo.dll
2014-07-31 03:20 - 2014-08-25 18:29 - 00036864 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2014-07-31 03:20 - 2014-01-27 23:16 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2014-07-31 03:48 - 2013-12-05 14:00 - 00380928 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll
2014-07-31 03:48 - 2013-11-01 17:31 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll
2014-08-25 15:43 - 2014-08-25 15:43 - 19329904 _____ () C:\Program Files (x86)\AVAST\libcef.dll
2014-07-31 05:44 - 2014-07-17 01:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-20 11:43 - 2014-03-20 11:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/25/2014 06:30:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/25/2014 04:24:33 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0xC004C008
Sku Id=9f83d90f-a151-4665-ae69-30b3f63ec659

Error: (08/25/2014 04:24:33 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0xC004C008

Error: (08/25/2014 03:25:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: perfmon.exe, version: 6.1.7601.17514, time stamp: 0x4ce7972c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x0000000000053290
Faulting process id: 0x2c6c
Faulting application start time: 0xperfmon.exe0
Faulting application path: perfmon.exe1
Faulting module path: perfmon.exe2
Report Id: perfmon.exe3

Error: (08/25/2014 03:04:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/25/2014 03:03:55 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]

Error: (08/25/2014 03:03:55 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]

Error: (08/25/2014 03:03:55 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]

Error: (08/25/2014 03:03:55 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]

Error: (08/25/2014 03:03:55 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]


System errors:
=============
Error: (08/25/2014 06:30:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SoftEther VPN Client service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/25/2014 06:30:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SoftEther VPN Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/25/2014 04:46:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SoftEther VPN Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/25/2014 03:10:35 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (08/25/2014 03:03:55 PM) (Source: DCOM) (EventID: 10016) (User: Georgie-PC)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}Georgie-PCGeorgieS-1-5-21-375173307-3237176242-2681030609-1000LocalHost (Using LRPC)

Error: (08/25/2014 03:03:55 PM) (Source: DCOM) (EventID: 10016) (User: Georgie-PC)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}Georgie-PCGeorgieS-1-5-21-375173307-3237176242-2681030609-1000LocalHost (Using LRPC)

Error: (08/25/2014 03:03:55 PM) (Source: DCOM) (EventID: 10016) (User: Georgie-PC)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}Georgie-PCGeorgieS-1-5-21-375173307-3237176242-2681030609-1000LocalHost (Using LRPC)

Error: (08/25/2014 03:03:55 PM) (Source: DCOM) (EventID: 10016) (User: Georgie-PC)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}Georgie-PCGeorgieS-1-5-21-375173307-3237176242-2681030609-1000LocalHost (Using LRPC)

Error: (08/25/2014 03:03:55 PM) (Source: DCOM) (EventID: 10016) (User: Georgie-PC)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}Georgie-PCGeorgieS-1-5-21-375173307-3237176242-2681030609-1000LocalHost (Using LRPC)

Error: (08/25/2014 10:48:59 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}


Microsoft Office Sessions:
=========================
Error: (08/25/2014 06:30:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/25/2014 04:24:33 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0xC004C0089f83d90f-a151-4665-ae69-30b3f63ec659

Error: (08/25/2014 04:24:33 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0xC004C00800010001(0x00000000, 16:24:32:948 - http://go.microsoft.com/fwlink/?LinkID=88341)
00020001(0x00000000, 16:24:32:948)
00030001(0x00000000, 16:24:32:948 - http://go.microsoft.com)
00030002(0x00000000, 16:24:32:948 - 1)
00020005(0x00000000, 16:24:32:948 - 0)
0002000C(0x00000000, 16:24:33:034 - 302)
0002000E(0x00000000, 16:24:33:034 - https://activation.sls.microsoft.com/sllicensing/SLLicense.asmx)
00020001(0x00000000, 16:24:33:034)
00030001(0x00000000, 16:24:33:034 - https://activation.sls.microsoft.com)
00030002(0x00000000, 16:24:33:034 - 1)
00020005(0x00000000, 16:24:33:034 - 0)
0002000C(0x00000000, 16:24:33:308 - 500)
00010002(0x8004FC01, 16:24:33:308 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C008</HRESULT><Messages><Message>113 (Activation) - [PA Maximum unlock exceeded.  ---&gt; Maximum unlock exceeded]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 16:24:33:308)

Error: (08/25/2014 03:25:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: perfmon.exe6.1.7601.175144ce7972cntdll.dll6.1.7601.18247521eaf24c000000500000000000532902c6c01cfc099d1b41a66C:\Windows\System32\perfmon.exeC:\Windows\SYSTEM32\ntdll.dll9d1224d0-2c8d-11e4-90f1-00ac11558e60

Error: (08/25/2014 03:04:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/25/2014 03:03:55 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.

Error: (08/25/2014 03:03:55 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.

Error: (08/25/2014 03:03:55 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.

Error: (08/25/2014 03:03:55 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.

Error: (08/25/2014 03:03:55 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 25%
Total physical RAM: 8131.99 MB
Available physical RAM: 6070.03 MB
Total Pagefile: 16262.16 MB
Available Pagefile: 14128.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:672.44 GB) NTFS
Drive f: (Morrowind) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C776BEE9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#8 Accelerando

Accelerando
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 25 August 2014 - 05:38 PM

FRST was too big again, had to put it into another pastebin.

http://pastebin.com/4Xz8VLad



#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 PM

Posted 26 August 2014 - 03:49 AM

Ok, it's looking better already.


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#10 Accelerando

Accelerando
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 26 August 2014 - 01:39 PM

It looks like I got a ton of viruses and whatnot. But it also looks like a lot of them are falsepositives.

 

Once again, too big for reply. Put on pastebin.

 

http://pastebin.com/VjKi7tyB



#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 PM

Posted 26 August 2014 - 03:47 PM

These are just all those information files that the encryption malware that has hit you has put in all folders.
But ESET hasn't found any active malware. How is your computer running? Are there any symptoms or problems left?

#12 Accelerando

Accelerando
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 26 August 2014 - 04:00 PM

Computer is running just fine. No issues at all. What even caused this malware to come onto my system? I think I have an idea but not entirely sure.



#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 PM

Posted 26 August 2014 - 04:34 PM

It's not easy to tell what the cause was. What is your suspicion about it?

#14 Accelerando

Accelerando
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 26 August 2014 - 04:46 PM

Connecting to multiple VPNs using SoftEther. That's all I can think of.

 

But my computer is fine now. Thanks for the help aharonov.



#15 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 PM

Posted 26 August 2014 - 05:09 PM

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Adobe Reader X (10.0.1)




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users