Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WIN32 Evo Gen Poss Rootkit?


  • This topic is locked This topic is locked
23 replies to this topic

#1 kerrypn

kerrypn

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 04 February 2015 - 10:54 AM

Original post: http://www.bleepingcomputer.com/forums/t/565639/help-win32-evo-gen-and-multiplying/

and below:

 

Hi

 

I have attached a view of Avast. Last night avast was clean on scan but MBAM picked up PUP Gorilla. I vaulted it to deal with today (too tired!) Got up today and turned on comp. Before I had even accessed the internet, Avast is flagging Win 32 Evo Gen-Ive attached screenshot. I an Win 7 user, use secunia to keep up to date although not scanned for a little bit.

 

Use Avast free, MBAM and Sandboxie. Can someone help before my comp goes kaput?

 

avast_zpsjj9yfdmj.png

 

 

 

ETA: MBAM scan now coming up clean, avast in progress, don't know what else to do! Have also started seeing pop ups for bet365

 

Advised to run and post FRST logs Thanks Boopme :)

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Parkinsons (administrator) on PARKINSONS-PC on 04-02-2015 15:52:02
Running from C:\Users\Parkinsons\Desktop
Loaded Profiles: Parkinsons (Available profiles: Parkinsons)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(ITE Tech. Inc.) C:\Program Files (x86)\ITE\ITE Infrared Transceiver\CIRAP.exe
(Acer Corp.) C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer TouchPortal\TouchPortalLauncher.exe
() C:\Program Files (x86)\Acer\Acer TouchPortal\THIDTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\YouCam\YouCamService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer) C:\Program Files (x86)\Acer\Acer TouchPortal\TouchPortal.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieCrypto.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TouchORB] => C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe [153416 2010-05-06] (Acer Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [330840 2011-01-25] (Alcor Micro Corp.)
HKLM\...\Run: [VIAxHCUtl] => C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12879464 2011-09-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2278504 2011-09-19] (Realtek Semiconductor)
HKLM\...\Run: [TouchPortalV3Launcher] => C:\Program Files (x86)\Acer\Acer TouchPortal\TouchPortalLauncher.exe [430696 2011-08-24] (Acer Incorporated)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [185640 2011-08-31] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-11] ()
HKLM-x32\...\Run: [TouchPortalV3Launcher] => C:\Program Files (x86)\Acer\Acer TouchPortal\TouchPortalLauncher.exe [430696 2011-08-24] (Acer Incorporated)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [255208 2012-03-23] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-24] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-264748245-1948170674-918695094-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-264748245-1948170674-918695094-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKU\S-1-5-21-264748245-1948170674-918695094-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-264748245-1948170674-918695094-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-264748245-1948170674-918695094-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} -> c:\Program Files (x86)\PicLensIE\cooliris.dll (Cooliris Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Parkinsons\AppData\Roaming\Mozilla\Firefox\Profiles\mt3x5apu.default-1423054211188
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-08-25]

Chrome:
=======
CHR Profile: C:\Users\Parkinsons\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-29] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-29] (Avast Software)
S2 CLKMSVC10_34E30CCC; C:\Program Files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe [240112 2011-07-20] (CyberLink)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1328736 2012-09-24] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [656480 2012-09-24] (Secunia)
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-29] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-29] ()
R3 AVerIT13x; C:\Windows\System32\Drivers\AVerIT13x_x64.sys [192768 2011-07-11] (AVerMedia TECHNOLOGIES, Inc.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R3 ITECIRfilter; C:\Windows\System32\DRIVERS\ITECIRfilter.sys [28264 2011-03-22] (ITE Tech. Inc. )
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-29] (Avast Software)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [176640 2011-05-21] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [230400 2011-05-21] (VIA Technologies, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 15:52 - 2015-02-04 15:52 - 00015690 _____ () C:\Users\Parkinsons\Desktop\FRST.txt
2015-02-04 15:51 - 2015-02-04 15:52 - 00000000 ____D () C:\FRST
2015-02-04 15:50 - 2015-02-04 15:51 - 02131456 _____ (Farbar) C:\Users\Parkinsons\Desktop\FRST64.exe
2015-02-04 12:50 - 2015-02-04 12:50 - 00000000 ____D () C:\Users\Parkinsons\Desktop\Old Firefox Data
2015-02-04 11:22 - 2015-02-04 11:23 - 00000197 _____ () C:\Windows\system32\2015-02-04-11-22-34.010-AvastVBoxSVC.exe-2588.log
2015-02-03 20:09 - 2015-02-03 20:09 - 00000197 _____ () C:\Windows\system32\2015-02-03-20-09-27.040-AvastVBoxSVC.exe-2652.log
2015-02-02 17:29 - 2015-02-02 17:29 - 00000197 _____ () C:\Windows\system32\2015-02-02-17-29-41.061-AvastVBoxSVC.exe-2640.log
2015-02-02 10:08 - 2015-02-02 10:08 - 00000197 _____ () C:\Windows\system32\2015-02-02-10-08-29.048-AvastVBoxSVC.exe-2604.log
2015-02-01 18:54 - 2015-02-01 18:55 - 00000197 _____ () C:\Windows\system32\2015-02-01-18-54-53.006-AvastVBoxSVC.exe-2752.log
2015-02-01 13:37 - 2015-02-01 13:38 - 00000197 _____ () C:\Windows\system32\2015-02-01-13-37-51.039-AvastVBoxSVC.exe-2840.log
2015-01-31 20:06 - 2015-01-31 20:06 - 00000197 _____ () C:\Windows\system32\2015-01-31-20-06-17.085-AvastVBoxSVC.exe-2612.log
2015-01-29 20:07 - 2015-01-29 20:08 - 00000197 _____ () C:\Windows\system32\2015-01-29-20-07-51.079-AvastVBoxSVC.exe-2708.log
2015-01-29 10:15 - 2015-01-29 10:15 - 00000197 _____ () C:\Windows\system32\2015-01-29-10-15-24.087-AvastVBoxSVC.exe-2100.log
2015-01-27 17:36 - 2015-01-27 17:36 - 00000197 _____ () C:\Windows\system32\2015-01-27-17-36-13.043-AvastVBoxSVC.exe-2648.log
2015-01-27 10:00 - 2015-01-27 10:00 - 00000197 _____ () C:\Windows\system32\2015-01-27-10-00-21.061-AvastVBoxSVC.exe-2932.log
2015-01-26 17:45 - 2015-01-26 17:45 - 00000197 _____ () C:\Windows\system32\2015-01-26-17-45-14.003-AvastVBoxSVC.exe-3080.log
2015-01-25 15:41 - 2015-01-25 15:41 - 00000197 _____ () C:\Windows\system32\2015-01-25-15-41-03.052-AvastVBoxSVC.exe-2608.log
2015-01-24 19:31 - 2015-01-24 19:32 - 00000197 _____ () C:\Windows\system32\2015-01-24-19-31-58.044-AvastVBoxSVC.exe-2700.log
2015-01-22 11:42 - 2015-01-22 11:42 - 00000197 _____ () C:\Windows\system32\2015-01-22-11-42-17.068-AvastVBoxSVC.exe-2792.log
2015-01-21 11:04 - 2015-01-21 11:04 - 00000197 _____ () C:\Windows\system32\2015-01-21-11-04-10.036-AvastVBoxSVC.exe-2672.log
2015-01-20 19:15 - 2015-01-20 19:16 - 00000197 _____ () C:\Windows\system32\2015-01-20-19-15-51.002-AvastVBoxSVC.exe-2744.log
2015-01-19 18:43 - 2015-01-19 18:43 - 00000197 _____ () C:\Windows\system32\2015-01-19-18-43-06.033-AvastVBoxSVC.exe-3020.log
2015-01-18 20:03 - 2015-01-18 20:04 - 00000197 _____ () C:\Windows\system32\2015-01-18-20-03-56.054-AvastVBoxSVC.exe-2600.log
2015-01-17 19:23 - 2015-01-17 19:24 - 00000197 _____ () C:\Windows\system32\2015-01-17-19-23-42.039-AvastVBoxSVC.exe-2644.log
2015-01-16 17:49 - 2015-01-16 17:50 - 00000197 _____ () C:\Windows\system32\2015-01-16-17-49-55.035-AvastVBoxSVC.exe-2692.log
2015-01-15 18:21 - 2015-01-15 18:21 - 00000197 _____ () C:\Windows\system32\2015-01-15-18-21-17.063-AvastVBoxSVC.exe-2660.log
2015-01-15 09:23 - 2015-02-04 11:21 - 00001288 _____ () C:\Windows\setupact.log
2015-01-15 09:23 - 2015-01-15 09:24 - 00000197 _____ () C:\Windows\system32\2015-01-15-09-23-56.032-AvastVBoxSVC.exe-2612.log
2015-01-15 09:23 - 2015-01-15 09:23 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-14 18:25 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 18:25 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 18:25 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 18:25 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 18:25 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 18:25 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 18:25 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 18:25 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 18:25 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 18:25 - 2014-12-11 17:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 18:25 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 18:25 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 18:25 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 18:20 - 2015-01-14 18:20 - 00000197 _____ () C:\Windows\system32\2015-01-14-18-20-22.022-AvastVBoxSVC.exe-4948.log
2015-01-14 10:54 - 2015-01-14 10:54 - 00000197 _____ () C:\Windows\system32\2015-01-14-10-54-27.012-AvastVBoxSVC.exe-4920.log
2015-01-13 17:30 - 2015-01-13 17:31 - 00000197 _____ () C:\Windows\system32\2015-01-13-17-30-56.024-AvastVBoxSVC.exe-2668.log
2015-01-12 18:05 - 2015-01-12 18:05 - 00000197 _____ () C:\Windows\system32\2015-01-12-18-05-40.012-AvastVBoxSVC.exe-2804.log
2015-01-12 13:48 - 2015-01-12 13:49 - 00000197 _____ () C:\Windows\system32\2015-01-12-13-48-47.002-AvastVBoxSVC.exe-2572.log
2015-01-11 19:26 - 2015-01-11 19:27 - 00000197 _____ () C:\Windows\system32\2015-01-11-19-26-46.072-AvastVBoxSVC.exe-2992.log
2015-01-11 12:26 - 2015-01-11 12:27 - 00000197 _____ () C:\Windows\system32\2015-01-11-12-26-55.026-AvastVBoxSVC.exe-2628.log
2015-01-10 18:23 - 2015-01-10 18:23 - 00000197 _____ () C:\Windows\system32\2015-01-10-18-23-05.024-AvastVBoxSVC.exe-2800.log
2015-01-09 18:14 - 2015-01-09 18:14 - 00000197 _____ () C:\Windows\system32\2015-01-09-18-14-16.084-AvastVBoxSVC.exe-3452.log
2015-01-09 15:16 - 2015-01-09 15:16 - 00000197 _____ () C:\Windows\system32\2015-01-09-15-16-27.012-AvastVBoxSVC.exe-2948.log
2015-01-07 18:44 - 2015-01-07 18:44 - 00000197 _____ () C:\Windows\system32\2015-01-07-18-44-07.046-AvastVBoxSVC.exe-2972.log
2015-01-06 18:53 - 2015-01-06 18:53 - 00000197 _____ () C:\Windows\system32\2015-01-06-18-53-14.057-AvastVBoxSVC.exe-2788.log
2015-01-05 20:32 - 2015-01-05 20:32 - 00000197 _____ () C:\Windows\system32\2015-01-05-20-32-23.074-AvastVBoxSVC.exe-2152.log
2015-01-05 15:33 - 2015-01-05 15:33 - 00000197 _____ () C:\Windows\system32\2015-01-05-15-33-50.052-AvastVBoxSVC.exe-2972.log
2015-01-05 14:10 - 2015-01-05 14:11 - 00000197 _____ () C:\Windows\system32\2015-01-05-14-10-39.023-AvastVBoxSVC.exe-2644.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 15:14 - 2012-09-05 13:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-04 14:53 - 2014-05-20 16:10 - 00000348 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-02-04 14:27 - 2014-08-21 19:51 - 01225793 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 12:37 - 2014-08-08 15:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-04 11:29 - 2009-07-14 04:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-04 11:29 - 2009-07-14 04:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-04 11:23 - 2012-08-25 08:48 - 00000000 ____D () C:\Users\Parkinsons\AppData\Roaming\TouchGadget
2015-02-04 11:22 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 20:47 - 2012-08-25 17:54 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-02-03 20:41 - 2012-11-25 11:05 - 00000000 ____D () C:\Users\Parkinsons\Desktop\Security
2015-02-03 20:36 - 2014-08-08 15:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-03 20:36 - 2014-08-08 15:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-03 20:09 - 2012-08-25 08:54 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-29 10:23 - 2009-07-14 05:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-26 18:14 - 2012-09-05 13:04 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-26 18:14 - 2012-09-05 13:04 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-26 18:14 - 2011-10-25 11:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-26 17:55 - 2014-10-16 14:01 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-26 17:54 - 2014-10-16 14:01 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-26 17:54 - 2014-10-16 14:01 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-26 17:54 - 2014-10-16 14:01 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-26 17:54 - 2014-10-16 14:01 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-26 17:54 - 2013-10-21 13:00 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-14 19:42 - 2013-08-14 20:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 19:40 - 2012-08-25 09:20 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 18:50 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2015-01-09 15:17 - 2014-08-22 11:54 - 00000000 ____D () C:\Users\Parkinsons\Desktop\PORTFOLIO
2015-01-06 04:36 - 2010-11-21 03:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2013-04-20 11:46 - 2013-04-20 11:46 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-08-25 16:18 - 2012-08-25 16:19 - 0002640 _____ () C:\ProgramData\ArcadeDeluxe5.log
2012-08-26 10:48 - 2012-08-26 10:48 - 0000032 _____ () C:\ProgramData\PS.log

Some content of TEMP:
====================
C:\Users\Parkinsons\AppData\Local\Temp\jre-8u31-windows-au.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-04 13:32

==================== End Of Log ============================

Attached Files


Edited by kerrypn, 04 February 2015 - 11:07 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:26 AM

Posted 07 February 2015 - 09:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-264748245-1948170674-918695094-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-264748245-1948170674-918695094-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-264748245-1948170674-918695094-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
Task: {62BC8DA7-335F-4DA4-8B3F-24EA03237661} - System32\Tasks\4809 => Wscript.exe C:\Users\PARKIN~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {C16BD846-8A6D-4A70-ADC2-DF43286666AD} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {EDC01198-5CC0-48C6-A0EF-693D3FA2A907} - \ITECIR Filter Application for RCMM  No Task File <==== ATTENTION
C:\Users\PARKIN~1\AppData\Local\Temp\launchie.vbs

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

How is the computer running now?

#3 kerrypn

kerrypn
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 07 February 2015 - 05:40 PM

Hi Nasdaq Thank you so much for your help!

 

I am confused how we have got infected with anything-I never use the internet browser without it sandboxed, (never download executables either-in fact I don't think we have intentionally downloaded anything!) if you have any advice to prevent a recurrence as well I would be very grateful :)

 

When I turned on comp BEFORE running fix as you advised, avast was blocking something or other. I haven't done anything as wanted to just follow your advice. After reset it did not block anything when I accessed internet to post fixlog. Fixlog below

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2015
Ran by Parkinsons at 2015-02-07 22:50:14 Run:1
Running from C:\Users\Parkinsons\Desktop
Loaded Profiles: Parkinsons (Available profiles: Parkinsons)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-264748245-1948170674-918695094-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-264748245-1948170674-918695094-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-264748245-1948170674-918695094-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
Task: {62BC8DA7-335F-4DA4-8B3F-24EA03237661} - System32\Tasks\4809 => Wscript.exe C:\Users\PARKIN~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {C16BD846-8A6D-4A70-ADC2-DF43286666AD} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {EDC01198-5CC0-48C6-A0EF-693D3FA2A907} - \ITECIR Filter Application for RCMM  No Task File <==== ATTENTION
C:\Users\PARKIN~1\AppData\Local\Temp\launchie.vbs

End
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-264748245-1948170674-918695094-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKU\S-1-5-21-264748245-1948170674-918695094-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-264748245-1948170674-918695094-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/SAFFPlugin" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
catchme => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62BC8DA7-335F-4DA4-8B3F-24EA03237661}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62BC8DA7-335F-4DA4-8B3F-24EA03237661}" => Key deleted successfully.
C:\Windows\System32\Tasks\4809 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4809" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C16BD846-8A6D-4A70-ADC2-DF43286666AD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C16BD846-8A6D-4A70-ADC2-DF43286666AD}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EDC01198-5CC0-48C6-A0EF-693D3FA2A907}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDC01198-5CC0-48C6-A0EF-693D3FA2A907}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ITECIR Filter Application for RCMM " => Key deleted successfully.
"C:\Users\PARKIN~1\AppData\Local\Temp\launchie.vbs" => File/Directory not found.

The system needed a reboot.

==== End of Fixlog 22:50:17 ====

 

Thanks again I really appreciate the help x

 

ETA also being of the paranoid persuasion im worried about my laptop although no symptoms of infection there are some processes in task manager I am unsure of. I have taken a screenshot, if you have time would you mind reassuring me these are legit/safe please? (awfully sorry to introduce another machine into the problem)


Edited by kerrypn, 08 February 2015 - 06:28 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:26 AM

Posted 08 February 2015 - 08:25 AM


ETA also being of the paranoid persuasion im worried about my laptop although no symptoms of infection there are some processes in task manager I am unsure of.


You can check them here.

http://www.systemlookup.com/

If you check for a filename use the "Filename" section if looking forf a process using the "Name" section.

If you have any question please ask before doing anything.

===

I think the problem came from these 2 entries.
Task: {62BC8DA7-335F-4DA4-8B3F-24EA03237661} - System32\Tasks\4809 => Wscript.exe C:\Users\PARKIN~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {C16BD846-8A6D-4A70-ADC2-DF43286666AD} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION

How they got installed is unknown to me.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#5 kerrypn

kerrypn
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 08 February 2015 - 09:18 AM

Thank you so much for your help Nasdaq! I was confused with the processes as some are legit but are also known to be malicious as well! I will check the site you suggested later Thank you!!

 

The comp is painfully slow on bootup still, not noticed any weird behaviour or any flags from avast since you asked me to do the boot after FRST fix. Its slow after boot too, and its making that funny noise (when something is going on in the background)

 

Ive ran security check as asked and the text file contents are below:

 

 Results of screen317's Security Check version 0.99.96 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
avast! Antivirus  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File 
 Secunia PSI (3.0.0.4001)  
 Java 8 Update 31 
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31 
 Adobe Flash Player 16.0.0.296 
 Adobe Reader 10.1.13 Adobe Reader out of Date! 
 Mozilla Firefox 31.0 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastui.exe 
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe
 AVAST Software Avast ng ngservice.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

 

Thanks again for all your help so far-I do normally update adobe and literally updated FF two days ago so a bit perplexed! lol
 


Edited by kerrypn, 08 February 2015 - 09:26 AM.


#6 kerrypn

kerrypn
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 08 February 2015 - 10:09 AM

 

ETA also being of the paranoid persuasion im worried about my laptop although no symptoms of infection there are some processes in task manager I am unsure of.

You can check them here.

http://www.systemlookup.com/

If you check for a filename use the "Filename" section if looking forf a process using the "Name" section.

If you have any question please ask before doing anything.

 

winlogon.exe explorer.exe csrss.exe dllhost.exe :( all on the laptop-also its showing unknown users in the properties, I have posted another topic Nasdaq as feel cheeky asking for double help from you: http://www.bleepingcomputer.com/forums/t/566176/nightmare-iexploreexe-winlogonexe-and-more/ but if you are kind enough to be able to help me twice, please do close the topic. im so sorry I have no idea how Ive made such a mess of my computers :( x

 


Edited by kerrypn, 08 February 2015 - 01:31 PM.


#7 kerrypn

kerrypn
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 08 February 2015 - 01:25 PM

I am already being helped very kindly by Nasdaq for a desktop infection here: http://www.bleepingcomputer.com/forums/t/565664/win32-evo-gen-poss-rootkit/

 

I have posted separately as this relates to my laptop-AVAST MBAM all coming up clean. Win 7 user. I have all personal files backed up. I do not have a macrium reflect for this machine but would take back to factory if needed.

 

The processes in task manager seem suspicious and when I looked them up on System lookup they are listed as malicious. Apologies for posting a separate topic-if Nasdaq is kind enough to help with both please do close this topic.

 

ETA: I also tried to do an ESET online scan, despite following instructions to enable scripts/put in trusted sites it would not scan. I tried this as thought it might pick up something avast was missing.

 

My main concern is some of these processes have unknown users in properties. I have downloaded and run FRST as per prep guide please can someone help me, I feel like giving up on the internet altogether :/ im really sorry I have no idea how I have managed to mess up all my machines so badly, very very grateful for all help x

 

FRST Logs below:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Adrian's (administrator) on ADRIANS-HP on 08-02-2015 18:20:31
Running from C:\Users\Adrian's\Desktop
Loaded Profiles: Adrian's (Available profiles: Adrian's)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieCrypto.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-09-30] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2014-01-22] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2015-01-28] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-181939089-1530113625-3972236184-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784904 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-181939089-1530113625-3972236184-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-181939089-1530113625-3972236184-1001\...\Policies\system: [DisableChangePassword] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-181939089-1530113625-3972236184-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKU\S-1-5-21-181939089-1530113625-3972236184-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {6CFE476D-5A9B-4DA2-9845-BBB998B54DB2} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {6CFE476D-5A9B-4DA2-9845-BBB998B54DB2} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-181939089-1530113625-3972236184-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-181939089-1530113625-3972236184-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-181939089-1530113625-3972236184-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-181939089-1530113625-3972236184-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Adrian's\AppData\Roaming\Mozilla\Firefox\Profiles\qbq64exi.default
FF Homepage: hxxp://www.google.co.uk/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-09-15]

Chrome:
=======
CHR Profile: C:\Users\Adrian's\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Adrian's\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-17]
CHR Extension: (Google Drive) - C:\Users\Adrian's\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-17]
CHR Extension: (YouTube) - C:\Users\Adrian's\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-17]
CHR Extension: (Google Search) - C:\Users\Adrian's\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-17]
CHR Extension: (Gmail) - C:\Users\Adrian's\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-18] (AVAST Software)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-11-15] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-29] (Realsil Microelectronics Inc.) [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2014-01-22] (LeapFrog Enterprises, Inc.) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-18] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-18] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-18] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 18:20 - 2015-02-08 18:20 - 00019625 _____ () C:\Users\Adrian's\Desktop\FRST.txt
2015-02-08 18:19 - 2015-02-08 18:20 - 00000000 ____D () C:\FRST
2015-02-08 18:19 - 2015-02-08 18:19 - 02132992 _____ (Farbar) C:\Users\Adrian's\Desktop\FRST64.exe
2015-02-07 18:03 - 2015-02-07 18:03 - 00000505 _____ () C:\Users\Adrian's\Desktop\info.txt
2015-02-07 16:35 - 2015-02-07 16:35 - 00455680 _____ () C:\Users\Adrian's\Desktop\history_of_space_travel.ppt
2015-02-07 16:21 - 2015-02-07 17:29 - 00000000 ____D () C:\Users\Adrian's\Desktop\lessons
2015-02-07 08:41 - 2015-02-07 08:41 - 00032015 _____ () C:\Users\Adrian's\Desktop\BNurs_Annual Avg_Classification_Spreadsheet_final 2.xlsx
2015-02-03 11:01 - 2015-02-03 11:02 - 00793002 _____ () C:\Users\Adrian's\Desktop\space.odp
2015-01-29 13:16 - 2015-01-29 13:16 - 00000728 _____ () C:\Users\Adrian's\Desktop\passemails.txt
2015-01-29 11:20 - 2015-01-29 11:22 - 00000000 ____D () C:\Users\Adrian's\Desktop\leadership and Management
2015-01-14 09:48 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:48 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:48 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 09:48 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 09:48 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 09:48 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 09:48 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 09:48 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 09:48 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 09:48 - 2014-12-11 17:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 09:48 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 09:48 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 09:48 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 18:16 - 2013-01-16 11:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-08 17:18 - 2012-03-24 08:53 - 01981008 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 16:09 - 2014-08-09 08:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-08 07:54 - 2009-07-14 04:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 07:54 - 2009-07-14 04:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-08 07:47 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-07 18:46 - 2012-09-15 11:57 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{84B73DDB-A73D-4C05-89B8-F8628D70508B}
2015-02-05 18:16 - 2013-01-16 11:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 18:16 - 2013-01-16 11:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 18:16 - 2011-10-15 06:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 02:16 - 2013-09-22 18:18 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForAdrian's
2015-02-05 02:16 - 2013-09-22 18:18 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForAdrian's.job
2015-02-04 21:03 - 2014-10-21 17:10 - 00000000 ____D () C:\Users\Adrian's\Desktop\kerry 3rd yr
2015-02-04 21:03 - 2013-11-21 18:38 - 00000000 ____D () C:\Users\Adrian's\Desktop\kerry
2015-02-04 13:47 - 2014-08-09 08:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-04 13:47 - 2014-08-09 08:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-03 10:28 - 2013-05-17 11:51 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-02 14:49 - 2009-07-14 05:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-01 19:06 - 2012-12-09 19:29 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-02-01 19:06 - 2012-11-25 20:13 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-29 11:20 - 2013-05-24 12:45 - 00000000 ___RD () C:\Users\Adrian's\Desktop\Kerry all
2015-01-27 22:10 - 2014-10-17 14:53 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-27 22:10 - 2013-10-17 08:36 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-27 22:07 - 2014-10-17 14:54 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-27 22:07 - 2014-10-17 14:54 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-27 22:07 - 2014-10-17 14:54 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-27 22:07 - 2014-10-17 14:54 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-21 19:42 - 2012-10-28 15:47 - 00003222 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForADRIANS-HP$
2015-01-21 19:42 - 2012-10-28 15:47 - 00000346 _____ () C:\Windows\Tasks\HPCeeScheduleForADRIANS-HP$.job
2015-01-14 19:41 - 2013-07-27 20:41 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 19:36 - 2012-09-15 13:14 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-02-14 10:46 - 2014-02-14 10:56 - 0000077 _____ () C:\Users\Adrian's\AppData\Roaming\Rim.Desktop.Exception.log
2014-02-14 10:45 - 2014-02-14 10:58 - 0002021 _____ () C:\Users\Adrian's\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-02-14 10:46 - 2014-02-14 10:56 - 0000077 _____ () C:\Users\Adrian's\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-11-09 17:12 - 2012-11-10 09:27 - 0004608 _____ () C:\Users\Adrian's\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-03-23 13:46 - 2013-03-23 13:46 - 0007605 _____ () C:\Users\Adrian's\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-04 11:41

==================== End Of Log ============================

 

 

 

 

 

ETA: I have installed CryptoPrevent from bleeping computer and am attempting to install Hitman pro with cryptoguard atm-Im sorry if this means I need new logs but wanted some extra protection, hope that's ok x

Attached Files


Edited by kerrypn, 09 February 2015 - 04:44 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:26 AM

Posted 09 February 2015 - 08:44 AM

I have merged your new topic with the one we are working on.

literally updated FF two days ago so a bit perplexed! lol

The security check tool must be updated to reflect this latest version. No problems.
===

winlogon.exe
C:\Windows\System32\winlogon.exe => File is digitally signed
This file is an operating system file and is good. It's not bein used as a process.

explorer.exe
C:\Windows\explorer.exe => File is digitally signed
This file is the heart of the operating system.

csrss.exe
C:\Windows\System32\rpcss.dll => File is digitally signed
This file is an operating system file and is good. It's not bein used as a process.

dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
This is the only file shown in your log and is good.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

#9 kerrypn

kerrypn
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 09 February 2015 - 09:24 AM

Nasdaq, Thank you for being so lovely! Can I just check the laptop seems clear then? I have done as you asked above-thanks.

 

I ran AdW then accidentally closed it instead of deleting what it found, Im sorry-I ran it again. I have the log from the first scan too, but the one below is for the second scan when I deleted stuff. It required a reboot: I will post roguekiller report below this-none of the boxes were checked for deletion and I didn't know if you wanted me to check them or not-so I didn't and pressed delete (it deleted nothing) and generated the report. Sorry if this was not right. Once RK finished it launched IE to tell me it had found an IAT hook I have screenshotted this if you need it. Thank you once again for all your help and patience

 

# AdwCleaner v4.110 - Logfile created 09/02/2015 at 14:07:56
# Updated 05/02/2015 by Xplode
# Database : 2015-02-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Parkinsons - PARKINSONS-PC
# Running from : C:\Users\Parkinsons\Desktop\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\MyPC Backup

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v31.0 (x86 en-US)

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [1059 bytes] - [09/02/2015 14:02:45]
AdwCleaner[R1].txt - [1119 bytes] - [09/02/2015 14:06:46]
AdwCleaner[S0].txt - [1051 bytes] - [09/02/2015 14:07:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1110  bytes] ##########

 

 

ROGUE KILLER

 

RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Parkinsons [Administrator]
Mode : Delete -- Date : 02/09/2015  14:18:07

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 14 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-264748245-1948170674-918695094-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-264748245-1948170674-918695094-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 2 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - LdrUnloadDll : Unknown @ 0x1d075c (jmp 0xffffffff8897cc4b)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - LdrLoadDll : Unknown @ 0x1d03a4 (jmp 0xffffffff889788e3)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EARX-22N0YB0 +++++
--- User ---
[MBR] 2cc88729553647aa20d14d998cfc6d5c
[BSP] 7c6e9978e200d8ef434d244af8098748 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 17408 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 35653632 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 35858432 | Size: 468179 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 994689024 | Size: 468180 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_02092015_141649.log

 

Please advise If I should have deleted the stuff from RK, I just wasn't sure



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:26 AM

Posted 09 February 2015 - 09:51 AM

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Wait for further instructions.

Please let me know of any issues with this computer.

#11 kerrypn

kerrypn
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 09 February 2015 - 10:09 AM

Thanks again for all your help Nasdaq! TDSS came up clean. Other than a very slow start up and the noise suggesting a back ground process running-nothing unusual noticed atm. Every time I close the computer down it does force something to close, I assumed that was virus related but I don't know what it was/is. Logs below as requested :)

 

14:56:35.0535 0x0508  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
14:56:48.0062 0x0508  ============================================================
14:56:48.0062 0x0508  Current date / time: 2015/02/09 14:56:48.0062
14:56:48.0062 0x0508  SystemInfo:
14:56:48.0062 0x0508 
14:56:48.0062 0x0508  OS Version: 6.1.7601 ServicePack: 1.0
14:56:48.0062 0x0508  Product type: Workstation
14:56:48.0062 0x0508  ComputerName: PARKINSONS-PC
14:56:48.0062 0x0508  UserName: Parkinsons
14:56:48.0062 0x0508  Windows directory: C:\Windows
14:56:48.0062 0x0508  System windows directory: C:\Windows
14:56:48.0062 0x0508  Running under WOW64
14:56:48.0062 0x0508  Processor architecture: Intel x64
14:56:48.0062 0x0508  Number of processors: 4
14:56:48.0062 0x0508  Page size: 0x1000
14:56:48.0062 0x0508  Boot type: Normal boot
14:56:48.0062 0x0508  ============================================================
14:56:48.0296 0x0508  KLMD registered as C:\Windows\system32\drivers\76394724.sys
14:56:48.0733 0x0508  System UUID: {31C97384-844E-7A73-C8D9-D3603B8338F0}
14:56:49.0185 0x0508  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:56:49.0185 0x0508  ============================================================
14:56:49.0185 0x0508  \Device\Harddisk0\DR0:
14:56:49.0185 0x0508  MBR partitions:
14:56:49.0185 0x0508  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2200800, BlocksNum 0x32000
14:56:49.0185 0x0508  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2232800, BlocksNum 0x39269800
14:56:49.0185 0x0508  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3B49C000, BlocksNum 0x3926A000
14:56:49.0185 0x0508  ============================================================
14:56:49.0201 0x0508  C: <-> \Device\Harddisk0\DR0\Partition2
14:56:49.0248 0x0508  D: <-> \Device\Harddisk0\DR0\Partition3
14:56:49.0248 0x0508  ============================================================
14:56:49.0248 0x0508  Initialize success
14:56:49.0248 0x0508  ============================================================
14:56:53.0038 0x1324  ============================================================
14:56:53.0038 0x1324  Scan started
14:56:53.0038 0x1324  Mode: Manual;
14:56:53.0038 0x1324  ============================================================
14:56:53.0038 0x1324  KSN ping started
14:56:55.0534 0x1324  KSN ping finished: true
14:56:55.0987 0x1324  ================ Scan system memory ========================
14:56:55.0987 0x1324  System memory - ok
14:56:55.0987 0x1324  ================ Scan services =============================
14:56:56.0127 0x1324  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:56:56.0127 0x1324  1394ohci - ok
14:56:56.0174 0x1324  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:56:56.0190 0x1324  ACPI - ok
14:56:56.0205 0x1324  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:56:56.0205 0x1324  AcpiPmi - ok
14:56:56.0268 0x1324  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:56:56.0283 0x1324  AdobeARMservice - ok
14:56:56.0361 0x1324  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:56:56.0361 0x1324  AdobeFlashPlayerUpdateSvc - ok
14:56:56.0392 0x1324  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:56:56.0408 0x1324  adp94xx - ok
14:56:56.0424 0x1324  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:56:56.0424 0x1324  adpahci - ok
14:56:56.0439 0x1324  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:56:56.0455 0x1324  adpu320 - ok
14:56:56.0486 0x1324  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:56:56.0486 0x1324  AeLookupSvc - ok
14:56:56.0533 0x1324  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
14:56:56.0533 0x1324  AFD - ok
14:56:56.0548 0x1324  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
14:56:56.0548 0x1324  agp440 - ok
14:56:56.0564 0x1324  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
14:56:56.0580 0x1324  ALG - ok
14:56:56.0595 0x1324  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:56:56.0595 0x1324  aliide - ok
14:56:56.0611 0x1324  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
14:56:56.0611 0x1324  amdide - ok
14:56:56.0626 0x1324  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:56:56.0642 0x1324  AmdK8 - ok
14:56:56.0642 0x1324  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
14:56:56.0658 0x1324  AmdPPM - ok
14:56:56.0673 0x1324  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:56:56.0673 0x1324  amdsata - ok
14:56:56.0689 0x1324  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:56:56.0704 0x1324  amdsbs - ok
14:56:56.0704 0x1324  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:56:56.0720 0x1324  amdxata - ok
14:56:56.0720 0x1324  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
14:56:56.0736 0x1324  AppID - ok
14:56:56.0736 0x1324  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:56:56.0751 0x1324  AppIDSvc - ok
14:56:56.0782 0x1324  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
14:56:56.0782 0x1324  Appinfo - ok
14:56:56.0814 0x1324  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
14:56:56.0814 0x1324  arc - ok
14:56:56.0829 0x1324  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:56:56.0829 0x1324  arcsas - ok
14:56:56.0892 0x1324  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:56:56.0892 0x1324  aspnet_state - ok
14:56:56.0970 0x1324  [ 9BE9F2B83DE80E2752B1405CC427E2EC, 6015CA66553B3B882083B33F24FB338249A110D9769831C3D3D3C681AAFA9411 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
14:56:56.0970 0x1324  aswHwid - ok
14:56:57.0016 0x1324  [ 2DA1C1AEDF454F8E32A863A1AEACDD8C, F02E4D197AE00B9A9507CF6007A7B7BEA54AF0F255B752FBA7174FA2596D1CA9 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
14:56:57.0016 0x1324  aswMonFlt - ok
14:56:57.0032 0x1324  [ 4750016EF9CC1DEC6DA3FE5AF9A7F095, C4CF46246D8A3FF9BD8D2FE899685654ADD45EB9B032F33804D0B8131882BC74 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
14:56:57.0032 0x1324  aswRdr - ok
14:56:57.0094 0x1324  [ 1323269A92645705DEFA053F3596829D, 83EC58E0577A1E45D1FCBC0C0AF182099FB70B9005B9F8161166EBB4E9F58F35 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
14:56:57.0094 0x1324  aswRvrt - ok
14:56:57.0157 0x1324  [ E74FD717476B30E23F45354B8F3ACB30, 951D1655E1FA4CF0ACB29F2EEDDB3B42522D392F46DD826C63DCA8941E17ABA8 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
14:56:57.0172 0x1324  aswSnx - ok
14:56:57.0219 0x1324  [ B1881A01E301990B671694CA1623F1B6, 5299C713EA7CF96F0550943DB37E963CDA09258F65C471CCEEAB44C4736B7A08 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
14:56:57.0235 0x1324  aswSP - ok
14:56:57.0282 0x1324  [ 7509F07BA6F84C1E3B2C0D78A1F6F782, A90A36E8E23F58E430DE98B3623688DC09D34B62906EF7796DFC90F581FC385F ] aswStm          C:\Windows\system32\drivers\aswStm.sys
14:56:57.0282 0x1324  aswStm - ok
14:56:57.0313 0x1324  [ 1A5BDDE65B648DC3AD48B6ECAA3AE9C8, 858F674C3B775F9C8C782B7AFAC0B02AE9410C9F3B7F5B3AE1C4AD3BF6448C14 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
14:56:57.0328 0x1324  aswVmm - ok
14:56:57.0328 0x1324  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:56:57.0328 0x1324  AsyncMac - ok
14:56:57.0360 0x1324  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:56:57.0375 0x1324  atapi - ok
14:56:57.0438 0x1324  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:56:57.0469 0x1324  AudioEndpointBuilder - ok
14:56:57.0484 0x1324  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:56:57.0500 0x1324  AudioSrv - ok
14:56:57.0578 0x1324  [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:56:57.0578 0x1324  avast! Antivirus - ok
14:56:57.0750 0x1324  [ 4F4EBF6163D3A02D52A66BBD145B0069, 179B2FD2671F6BB8D3F77B39001F546A0DEBE85BFF9782060AF1DC50DFA071EF ] AvastVBoxSvc    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
14:56:57.0906 0x1324  AvastVBoxSvc - ok
14:56:57.0937 0x1324  [ F607704C811C9BE5B15F2A2E2C69F47C, 2AD8B8D635E0FCB813E5213ED0F6C0A834EB524D637B658D8FE2BECE522D55DE ] AVerIT13x       C:\Windows\system32\Drivers\AVerIT13x_x64.sys
14:56:57.0937 0x1324  AVerIT13x - ok
14:56:57.0968 0x1324  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:56:57.0968 0x1324  AxInstSV - ok
14:56:57.0984 0x1324  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
14:56:57.0999 0x1324  b06bdrv - ok
14:56:58.0015 0x1324  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:56:58.0015 0x1324  b57nd60a - ok
14:56:58.0046 0x1324  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:56:58.0046 0x1324  BDESVC - ok
14:56:58.0046 0x1324  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:56:58.0062 0x1324  Beep - ok
14:56:58.0108 0x1324  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
14:56:58.0124 0x1324  BFE - ok
14:56:58.0155 0x1324  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
14:56:58.0186 0x1324  BITS - ok
14:56:58.0186 0x1324  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
14:56:58.0186 0x1324  blbdrive - ok
14:56:58.0202 0x1324  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:56:58.0202 0x1324  bowser - ok
14:56:58.0218 0x1324  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
14:56:58.0218 0x1324  BrFiltLo - ok
14:56:58.0233 0x1324  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
14:56:58.0233 0x1324  BrFiltUp - ok
14:56:58.0233 0x1324  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
14:56:58.0249 0x1324  BridgeMP - ok
14:56:58.0264 0x1324  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
14:56:58.0264 0x1324  Browser - ok
14:56:58.0280 0x1324  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:56:58.0296 0x1324  Brserid - ok
14:56:58.0296 0x1324  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:56:58.0296 0x1324  BrSerWdm - ok
14:56:58.0311 0x1324  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:56:58.0311 0x1324  BrUsbMdm - ok
14:56:58.0327 0x1324  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:56:58.0327 0x1324  BrUsbSer - ok
14:56:58.0342 0x1324  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:56:58.0342 0x1324  BTHMODEM - ok
14:56:58.0342 0x1324  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
14:56:58.0342 0x1324  bthserv - ok
14:56:58.0342 0x1324  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:56:58.0358 0x1324  cdfs - ok
14:56:58.0374 0x1324  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:56:58.0374 0x1324  cdrom - ok
14:56:58.0389 0x1324  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:56:58.0389 0x1324  CertPropSvc - ok
14:56:58.0389 0x1324  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
14:56:58.0389 0x1324  circlass - ok
14:56:58.0405 0x1324  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
14:56:58.0420 0x1324  CLFS - ok
14:56:58.0498 0x1324  [ 4DB5EFC5E755BBB2C5879C4F7BC393AF, E832FACA8A61A29EACDF9BAADC15CC0A14C148E3359944515F9B72B17F83AB4C ] CLKMSVC10_34E30CCC C:\Program Files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe
14:56:58.0514 0x1324  CLKMSVC10_34E30CCC - ok
14:56:58.0561 0x1324  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:56:58.0561 0x1324  clr_optimization_v2.0.50727_32 - ok
14:56:58.0576 0x1324  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:56:58.0592 0x1324  clr_optimization_v2.0.50727_64 - ok
14:56:58.0639 0x1324  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:56:58.0654 0x1324  clr_optimization_v4.0.30319_32 - ok
14:56:58.0654 0x1324  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:56:58.0670 0x1324  clr_optimization_v4.0.30319_64 - ok
14:56:58.0686 0x1324  [ E13A438F9E51DD034730678E33B73290, 3BB111DFDAEAB8DA6124600C7F6E080C2950A0BB420803FC12560343E1A9280A ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
14:56:58.0701 0x1324  clwvd - ok
14:56:58.0701 0x1324  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
14:56:58.0701 0x1324  CmBatt - ok
14:56:58.0732 0x1324  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:56:58.0732 0x1324  cmdide - ok
14:56:58.0779 0x1324  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
14:56:58.0795 0x1324  CNG - ok
14:56:58.0826 0x1324  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
14:56:58.0826 0x1324  Compbatt - ok
14:56:58.0842 0x1324  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:56:58.0842 0x1324  CompositeBus - ok
14:56:58.0842 0x1324  COMSysApp - ok
14:56:58.0857 0x1324  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:56:58.0857 0x1324  crcdisk - ok
14:56:58.0888 0x1324  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:56:58.0904 0x1324  CryptSvc - ok
14:56:58.0920 0x1324  [ 44BDDEB03C84A1C993C992FFB5700357, 29080E9A434BB2A932783B0B5104BC9E3C514A0FFB387123B75F4F4045E353BC ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA64.sys
14:56:58.0920 0x1324  CVirtA - ok
14:56:59.0029 0x1324  [ 98C413E1A2FB6E5A4C101C25B3D0B275, 86C02211285F1807A6B276F07C56DE1A54BD5947E513884D8D971A22F4362849 ] CVPND           C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
14:56:59.0060 0x1324  CVPND - ok
14:56:59.0091 0x1324  [ 79AF0E203D089AF442A3F70ED00A37FB, BF28BF9AEE23A3052D5ADA6C1B4C255C5F09DED69BB88D2CA3C011D2C3CFA8C1 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
14:56:59.0091 0x1324  CVPNDRVA - ok
14:56:59.0122 0x1324  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:56:59.0138 0x1324  DcomLaunch - ok
14:56:59.0169 0x1324  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
14:56:59.0169 0x1324  defragsvc - ok
14:56:59.0200 0x1324  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:56:59.0200 0x1324  DfsC - ok
14:56:59.0216 0x1324  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:56:59.0232 0x1324  Dhcp - ok
14:56:59.0232 0x1324  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
14:56:59.0232 0x1324  discache - ok
14:56:59.0247 0x1324  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
14:56:59.0247 0x1324  Disk - ok
14:56:59.0263 0x1324  [ 05CB5910B3CA6019FC3CCA815EE06FFB, 8FA532ED500BB1F08E8034A6125BDD53B74D5E6AB0A83A6185B07AAFCD90AA82 ] DNE             C:\Windows\system32\DRIVERS\dne64x.sys
14:56:59.0263 0x1324  DNE - ok
14:56:59.0294 0x1324  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:56:59.0294 0x1324  Dnscache - ok
14:56:59.0310 0x1324  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:56:59.0310 0x1324  dot3svc - ok
14:56:59.0341 0x1324  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
14:56:59.0341 0x1324  DPS - ok
14:56:59.0388 0x1324  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:56:59.0388 0x1324  drmkaud - ok
14:56:59.0450 0x1324  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:56:59.0466 0x1324  DXGKrnl - ok
14:56:59.0481 0x1324  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
14:56:59.0497 0x1324  EapHost - ok
14:56:59.0575 0x1324  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
14:56:59.0684 0x1324  ebdrv - ok
14:56:59.0715 0x1324  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
14:56:59.0715 0x1324  EFS - ok
14:56:59.0778 0x1324  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:56:59.0809 0x1324  ehRecvr - ok
14:56:59.0824 0x1324  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
14:56:59.0824 0x1324  ehSched - ok
14:56:59.0856 0x1324  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:56:59.0871 0x1324  elxstor - ok
14:56:59.0887 0x1324  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:56:59.0887 0x1324  ErrDev - ok
14:56:59.0918 0x1324  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
14:56:59.0918 0x1324  EventSystem - ok
14:56:59.0949 0x1324  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
14:56:59.0949 0x1324  exfat - ok
14:56:59.0965 0x1324  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:56:59.0965 0x1324  fastfat - ok
14:56:59.0996 0x1324  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
14:57:00.0012 0x1324  Fax - ok
14:57:00.0012 0x1324  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
14:57:00.0012 0x1324  fdc - ok
14:57:00.0027 0x1324  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
14:57:00.0027 0x1324  fdPHost - ok
14:57:00.0043 0x1324  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:57:00.0043 0x1324  FDResPub - ok
14:57:00.0058 0x1324  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:57:00.0058 0x1324  FileInfo - ok
14:57:00.0074 0x1324  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:57:00.0074 0x1324  Filetrace - ok
14:57:00.0090 0x1324  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
14:57:00.0090 0x1324  flpydisk - ok
14:57:00.0105 0x1324  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:57:00.0121 0x1324  FltMgr - ok
14:57:00.0168 0x1324  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
14:57:00.0183 0x1324  FontCache - ok
14:57:00.0214 0x1324  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:57:00.0214 0x1324  FontCache3.0.0.0 - ok
14:57:00.0246 0x1324  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:57:00.0246 0x1324  FsDepends - ok
14:57:00.0277 0x1324  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:57:00.0277 0x1324  Fs_Rec - ok
14:57:00.0308 0x1324  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:57:00.0308 0x1324  fvevol - ok
14:57:00.0324 0x1324  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:57:00.0324 0x1324  gagp30kx - ok
14:57:00.0355 0x1324  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:57:00.0370 0x1324  gpsvc - ok
14:57:00.0386 0x1324  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:57:00.0386 0x1324  hcw85cir - ok
14:57:00.0417 0x1324  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:57:00.0433 0x1324  HdAudAddService - ok
14:57:00.0464 0x1324  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
14:57:00.0464 0x1324  HDAudBus - ok
14:57:00.0480 0x1324  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
14:57:00.0480 0x1324  HidBatt - ok
14:57:00.0495 0x1324  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:57:00.0495 0x1324  HidBth - ok
14:57:00.0511 0x1324  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
14:57:00.0511 0x1324  HidIr - ok
14:57:00.0526 0x1324  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
14:57:00.0542 0x1324  hidserv - ok
14:57:00.0558 0x1324  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:57:00.0573 0x1324  HidUsb - ok
14:57:00.0573 0x1324  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:57:00.0573 0x1324  hkmsvc - ok
14:57:00.0604 0x1324  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:57:00.0604 0x1324  HomeGroupListener - ok
14:57:00.0636 0x1324  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:57:00.0636 0x1324  HomeGroupProvider - ok
14:57:00.0651 0x1324  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:57:00.0667 0x1324  HpSAMD - ok
14:57:00.0698 0x1324  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:57:00.0729 0x1324  HTTP - ok
14:57:00.0745 0x1324  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:57:00.0745 0x1324  hwpolicy - ok
14:57:00.0760 0x1324  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:57:00.0760 0x1324  i8042prt - ok
14:57:00.0776 0x1324  [ F7CE9BE72EDAC499B713ECA6DAE5D26F, AF158C8ADF0815C406435AB051C8D8DD0ECBDBA8644CB75D7611980D70662193 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
14:57:00.0792 0x1324  iaStor - ok
14:57:00.0854 0x1324  [ B25F192EA1F84A316EB7C19EFCCCF33D, 00BACE87CCA40722FF3AD7243439201CDCC23D0BA01E25F928BF63DA12816F8F ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
14:57:00.0870 0x1324  IAStorDataMgrSvc - ok
14:57:00.0885 0x1324  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:57:00.0901 0x1324  iaStorV - ok
14:57:00.0979 0x1324  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:57:01.0010 0x1324  idsvc - ok
14:57:01.0026 0x1324  IEEtwCollectorService - ok
14:57:01.0353 0x1324  [ A47D902F5C0C43DCF5EE2CAE02BF39A8, 9616B25152BB8B51D5EBC7CB3004902A089E56899EC55D975246F7F6D1FEBF00 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
14:57:01.0665 0x1324  igfx - ok
14:57:01.0681 0x1324  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:57:01.0681 0x1324  iirsp - ok
14:57:01.0743 0x1324  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
14:57:01.0759 0x1324  IKEEXT - ok
14:57:01.0884 0x1324  [ 05778ABC033D327656C55BC6F8B244D8, 6297D45BDC83E251EC568C1339FBC0F350F4590BFFD6DC45D13B7F9BC069B5DE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:57:01.0930 0x1324  IntcAzAudAddService - ok
14:57:01.0946 0x1324  [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
14:57:01.0962 0x1324  IntcDAud - ok
14:57:01.0977 0x1324  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:57:01.0977 0x1324  intelide - ok
14:57:01.0993 0x1324  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:57:02.0008 0x1324  intelppm - ok
14:57:02.0024 0x1324  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:57:02.0040 0x1324  IPBusEnum - ok
14:57:02.0055 0x1324  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:57:02.0055 0x1324  IpFilterDriver - ok
14:57:02.0086 0x1324  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:57:02.0133 0x1324  iphlpsvc - ok
14:57:02.0149 0x1324  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:57:02.0149 0x1324  IPMIDRV - ok
14:57:02.0164 0x1324  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:57:02.0164 0x1324  IPNAT - ok
14:57:02.0180 0x1324  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:57:02.0180 0x1324  IRENUM - ok
14:57:02.0196 0x1324  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:57:02.0196 0x1324  isapnp - ok
14:57:02.0227 0x1324  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:57:02.0242 0x1324  iScsiPrt - ok
14:57:02.0274 0x1324  [ 8D990A44B4F2B68E2C56A3724EC3EB84, 5768FC5B156FC9CEEA735C933B50ADD8AE018F5609B83634F001E847E3101ACA ] itecir          C:\Windows\system32\DRIVERS\itecir.sys
14:57:02.0274 0x1324  itecir - ok
14:57:02.0289 0x1324  [ E5AAC07B053D15BA8F67BA7D49C20971, 37C9A4B1491ED6B9F769C56AF74E641CC4FCE82E502B603C07D47A962629C755 ] ITECIRfilter    C:\Windows\system32\DRIVERS\ITECIRfilter.sys
14:57:02.0289 0x1324  ITECIRfilter - ok
14:57:02.0305 0x1324  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:57:02.0305 0x1324  kbdclass - ok
14:57:02.0336 0x1324  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:57:02.0336 0x1324  kbdhid - ok
14:57:02.0336 0x1324  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
14:57:02.0352 0x1324  KeyIso - ok
14:57:02.0383 0x1324  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:57:02.0383 0x1324  KSecDD - ok
14:57:02.0414 0x1324  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:57:02.0430 0x1324  KSecPkg - ok
14:57:02.0445 0x1324  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:57:02.0445 0x1324  ksthunk - ok
14:57:02.0492 0x1324  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:57:02.0492 0x1324  KtmRm - ok
14:57:02.0523 0x1324  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
14:57:02.0539 0x1324  LanmanServer - ok
14:57:02.0554 0x1324  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:57:02.0554 0x1324  LanmanWorkstation - ok
14:57:02.0586 0x1324  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:57:02.0586 0x1324  lltdio - ok
14:57:02.0601 0x1324  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:57:02.0617 0x1324  lltdsvc - ok
14:57:02.0617 0x1324  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:57:02.0632 0x1324  lmhosts - ok
14:57:02.0648 0x1324  [ 2ED1786B7542CDA261029F6B526EDF44, C6131B65B045EF5B4F62CF6CF089DF0921BA6A8EFC83BCBA45D5DDE78E9D78E2 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:57:02.0648 0x1324  LMS - ok
14:57:02.0664 0x1324  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:57:02.0664 0x1324  LSI_FC - ok
14:57:02.0679 0x1324  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:57:02.0679 0x1324  LSI_SAS - ok
14:57:02.0695 0x1324  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
14:57:02.0695 0x1324  LSI_SAS2 - ok
14:57:02.0710 0x1324  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:57:02.0710 0x1324  LSI_SCSI - ok
14:57:02.0726 0x1324  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
14:57:02.0726 0x1324  luafv - ok
14:57:02.0742 0x1324  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:57:02.0742 0x1324  Mcx2Svc - ok
14:57:02.0757 0x1324  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
14:57:02.0757 0x1324  megasas - ok
14:57:02.0788 0x1324  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
14:57:02.0788 0x1324  MegaSR - ok
14:57:02.0804 0x1324  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
14:57:02.0820 0x1324  MEIx64 - ok
14:57:02.0835 0x1324  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
14:57:02.0835 0x1324  MMCSS - ok
14:57:02.0851 0x1324  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
14:57:02.0851 0x1324  Modem - ok
14:57:02.0866 0x1324  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:57:02.0866 0x1324  monitor - ok
14:57:02.0882 0x1324  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:57:02.0882 0x1324  mouclass - ok
14:57:02.0882 0x1324  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:57:02.0882 0x1324  mouhid - ok
14:57:02.0913 0x1324  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:57:02.0913 0x1324  mountmgr - ok
14:57:02.0976 0x1324  [ 4E9D8041D352A33332FD6F59A3A78B03, D4E6229B07EF9866993EEE4F6223DC7F1FF1108273FE14A3DC74E65C181DE56A ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:57:02.0976 0x1324  MozillaMaintenance - ok
14:57:02.0991 0x1324  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:57:03.0007 0x1324  mpio - ok
14:57:03.0007 0x1324  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:57:03.0022 0x1324  mpsdrv - ok
14:57:03.0054 0x1324  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:57:03.0069 0x1324  MpsSvc - ok
14:57:03.0100 0x1324  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:57:03.0100 0x1324  MRxDAV - ok
14:57:03.0132 0x1324  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:57:03.0132 0x1324  mrxsmb - ok
14:57:03.0147 0x1324  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:57:03.0163 0x1324  mrxsmb10 - ok
14:57:03.0194 0x1324  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:57:03.0194 0x1324  mrxsmb20 - ok
14:57:03.0210 0x1324  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:57:03.0210 0x1324  msahci - ok
14:57:03.0225 0x1324  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:57:03.0225 0x1324  msdsm - ok
14:57:03.0241 0x1324  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
14:57:03.0241 0x1324  MSDTC - ok
14:57:03.0256 0x1324  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:57:03.0256 0x1324  Msfs - ok
14:57:03.0288 0x1324  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:57:03.0288 0x1324  mshidkmdf - ok
14:57:03.0303 0x1324  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:57:03.0303 0x1324  msisadrv - ok
14:57:03.0319 0x1324  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:57:03.0319 0x1324  MSiSCSI - ok
14:57:03.0319 0x1324  msiserver - ok
14:57:03.0334 0x1324  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:57:03.0350 0x1324  MSKSSRV - ok
14:57:03.0366 0x1324  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:57:03.0366 0x1324  MSPCLOCK - ok
14:57:03.0366 0x1324  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:57:03.0366 0x1324  MSPQM - ok
14:57:03.0397 0x1324  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:57:03.0397 0x1324  MsRPC - ok
14:57:03.0412 0x1324  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:57:03.0412 0x1324  mssmbios - ok
14:57:03.0428 0x1324  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:57:03.0428 0x1324  MSTEE - ok
14:57:03.0444 0x1324  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
14:57:03.0444 0x1324  MTConfig - ok
14:57:03.0444 0x1324  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
14:57:03.0444 0x1324  Mup - ok
14:57:03.0490 0x1324  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
14:57:03.0490 0x1324  napagent - ok
14:57:03.0522 0x1324  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:57:03.0522 0x1324  NativeWifiP - ok
14:57:03.0584 0x1324  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:57:03.0615 0x1324  NDIS - ok
14:57:03.0615 0x1324  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:57:03.0631 0x1324  NdisCap - ok
14:57:03.0646 0x1324  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:57:03.0646 0x1324  NdisTapi - ok
14:57:03.0646 0x1324  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:57:03.0662 0x1324  Ndisuio - ok
14:57:03.0662 0x1324  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:57:03.0678 0x1324  NdisWan - ok
14:57:03.0678 0x1324  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:57:03.0678 0x1324  NDProxy - ok
14:57:03.0693 0x1324  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:57:03.0693 0x1324  NetBIOS - ok
14:57:03.0693 0x1324  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:57:03.0709 0x1324  NetBT - ok
14:57:03.0724 0x1324  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
14:57:03.0724 0x1324  Netlogon - ok
14:57:03.0756 0x1324  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
14:57:03.0756 0x1324  Netman - ok
14:57:03.0802 0x1324  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:57:03.0818 0x1324  NetMsmqActivator - ok
14:57:03.0818 0x1324  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:57:03.0818 0x1324  NetPipeActivator - ok
14:57:03.0849 0x1324  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
14:57:03.0849 0x1324  netprofm - ok
14:57:03.0958 0x1324  [ 8CE69B2C4934A1C0321F4C8E9C6C4A41, 880A57194D52E4C90BCFAF149C74E3119B5FA5A91C6A3F50A1BBB3C8C35C6921 ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
14:57:04.0005 0x1324  netr28x - ok
14:57:04.0021 0x1324  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:57:04.0021 0x1324  NetTcpActivator - ok
14:57:04.0021 0x1324  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:57:04.0021 0x1324  NetTcpPortSharing - ok
14:57:04.0052 0x1324  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:57:04.0052 0x1324  nfrd960 - ok
14:57:04.0083 0x1324  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:57:04.0083 0x1324  NlaSvc - ok
14:57:04.0099 0x1324  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:57:04.0099 0x1324  Npfs - ok
14:57:04.0114 0x1324  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
14:57:04.0114 0x1324  nsi - ok
14:57:04.0130 0x1324  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:57:04.0130 0x1324  nsiproxy - ok
14:57:04.0208 0x1324  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:57:04.0255 0x1324  Ntfs - ok
14:57:04.0255 0x1324  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
14:57:04.0255 0x1324  Null - ok
14:57:04.0270 0x1324  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:57:04.0286 0x1324  nvraid - ok
14:57:04.0302 0x1324  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:57:04.0302 0x1324  nvstor - ok
14:57:04.0302 0x1324  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:57:04.0302 0x1324  nv_agp - ok
14:57:04.0317 0x1324  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:57:04.0333 0x1324  ohci1394 - ok
14:57:04.0348 0x1324  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:57:04.0364 0x1324  p2pimsvc - ok
14:57:04.0380 0x1324  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
14:57:04.0395 0x1324  p2psvc - ok
14:57:04.0395 0x1324  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
14:57:04.0395 0x1324  Parport - ok
14:57:04.0426 0x1324  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:57:04.0426 0x1324  partmgr - ok
14:57:04.0442 0x1324  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:57:04.0458 0x1324  PcaSvc - ok
14:57:04.0473 0x1324  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
14:57:04.0473 0x1324  pci - ok
14:57:04.0489 0x1324  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:57:04.0489 0x1324  pciide - ok
14:57:04.0504 0x1324  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:57:04.0504 0x1324  pcmcia - ok
14:57:04.0536 0x1324  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:57:04.0536 0x1324  pcw - ok
14:57:04.0551 0x1324  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:57:04.0567 0x1324  PEAUTH - ok
14:57:04.0645 0x1324  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:57:04.0660 0x1324  PerfHost - ok
14:57:04.0723 0x1324  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
14:57:04.0754 0x1324  pla - ok
14:57:04.0816 0x1324  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:57:04.0832 0x1324  PlugPlay - ok
14:57:04.0848 0x1324  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:57:04.0848 0x1324  PNRPAutoReg - ok
14:57:04.0863 0x1324  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:57:04.0863 0x1324  PNRPsvc - ok
14:57:04.0910 0x1324  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:57:04.0941 0x1324  PolicyAgent - ok
14:57:04.0957 0x1324  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
14:57:04.0972 0x1324  Power - ok
14:57:04.0988 0x1324  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:57:04.0988 0x1324  PptpMiniport - ok
14:57:05.0004 0x1324  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
14:57:05.0004 0x1324  Processor - ok
14:57:05.0050 0x1324  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:57:05.0066 0x1324  ProfSvc - ok
14:57:05.0082 0x1324  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:57:05.0082 0x1324  ProtectedStorage - ok
14:57:05.0097 0x1324  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:57:05.0113 0x1324  Psched - ok
14:57:05.0175 0x1324  [ FB46E9A827A8799EBD7BFA9128C91F37, 7C40E9C1720522D76AF45A588DFF47BDF0E2A99AF3A396854A00F1273EA13193 ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
14:57:05.0175 0x1324  PSI - ok
14:57:05.0238 0x1324  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:57:05.0284 0x1324  ql2300 - ok
14:57:05.0300 0x1324  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:57:05.0300 0x1324  ql40xx - ok
14:57:05.0316 0x1324  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
14:57:05.0316 0x1324  QWAVE - ok
14:57:05.0331 0x1324  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:57:05.0331 0x1324  QWAVEdrv - ok
14:57:05.0347 0x1324  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:57:05.0347 0x1324  RasAcd - ok
14:57:05.0362 0x1324  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:57:05.0378 0x1324  RasAgileVpn - ok
14:57:05.0394 0x1324  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
14:57:05.0394 0x1324  RasAuto - ok
14:57:05.0425 0x1324  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:57:05.0425 0x1324  Rasl2tp - ok
14:57:05.0456 0x1324  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
14:57:05.0472 0x1324  RasMan - ok
14:57:05.0472 0x1324  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:57:05.0472 0x1324  RasPppoe - ok
14:57:05.0487 0x1324  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:57:05.0503 0x1324  RasSstp - ok
14:57:05.0518 0x1324  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:57:05.0518 0x1324  rdbss - ok
14:57:05.0534 0x1324  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
14:57:05.0550 0x1324  rdpbus - ok
14:57:05.0550 0x1324  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:57:05.0550 0x1324  RDPCDD - ok
14:57:05.0565 0x1324  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:57:05.0565 0x1324  RDPENCDD - ok
14:57:05.0581 0x1324  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:57:05.0581 0x1324  RDPREFMP - ok
14:57:05.0659 0x1324  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:57:05.0659 0x1324  RdpVideoMiniport - ok
14:57:05.0690 0x1324  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:57:05.0706 0x1324  RDPWD - ok
14:57:05.0721 0x1324  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:57:05.0721 0x1324  rdyboost - ok
14:57:05.0752 0x1324  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:57:05.0752 0x1324  RemoteAccess - ok
14:57:05.0768 0x1324  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:57:05.0784 0x1324  RemoteRegistry - ok
14:57:05.0799 0x1324  [ 5790BCA445CC40DF8B38C2C48608AAC2, E8CC273ECF44B6638FEC7AF443745C04E03580B5C6ECFE45648F18BA2B9B89E7 ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
14:57:05.0815 0x1324  RimUsb - ok
14:57:05.0815 0x1324  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:57:05.0830 0x1324  RpcEptMapper - ok
14:57:05.0846 0x1324  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
14:57:05.0846 0x1324  RpcLocator - ok
14:57:05.0877 0x1324  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
14:57:05.0877 0x1324  RpcSs - ok
14:57:05.0893 0x1324  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:57:05.0893 0x1324  rspndr - ok
14:57:05.0924 0x1324  [ 637646C63222E6ADCC19AF89983533E4, 9C40A2705FFC83012CF2C1D80F6DB53A07E86C94239406BE0C1EF1F0A3965844 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
14:57:05.0940 0x1324  RTL8167 - ok
14:57:05.0940 0x1324  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
14:57:05.0940 0x1324  SamSs - ok
14:57:06.0033 0x1324  [ E20128053F3F4641A2627ECFA7149ECA, CE5620BC170E76E53FEDCCEE12BBFBEE7C67B96E53E5D9C63FA7773C36699DC6 ] SbieDrv         C:\Program Files\Sandboxie\SbieDrv.sys
14:57:06.0033 0x1324  SbieDrv - ok
14:57:06.0064 0x1324  [ 0FA1025D7AC725EEA5EA3076965EEA6B, 80AFCFD77BCE07F34C1276F5F416A156ABB9FEDC2AAF7AE68CEA500A4468D125 ] SbieSvc         C:\Program Files\Sandboxie\SbieSvc.exe
14:57:06.0064 0x1324  SbieSvc - ok
14:57:06.0080 0x1324  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:57:06.0096 0x1324  sbp2port - ok
14:57:06.0111 0x1324  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:57:06.0111 0x1324  SCardSvr - ok
14:57:06.0127 0x1324  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:57:06.0127 0x1324  scfilter - ok
14:57:06.0174 0x1324  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
14:57:06.0205 0x1324  Schedule - ok
14:57:06.0236 0x1324  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:57:06.0236 0x1324  SCPolicySvc - ok
14:57:06.0252 0x1324  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:57:06.0267 0x1324  SDRSVC - ok
14:57:06.0267 0x1324  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:57:06.0283 0x1324  secdrv - ok
14:57:06.0283 0x1324  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
14:57:06.0283 0x1324  seclogon - ok
14:57:06.0392 0x1324  [ 9901DCF2B6DD2AD12CB42BD559E0C92D, 857A91A716858348C625A1CDE7E2D9B94FCD5654E6F72104073E1DD3EE35CE93 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
14:57:06.0439 0x1324  Secunia PSI Agent - ok
14:57:06.0470 0x1324  [ 4F2056349F8BA4154D5213BF8A476B14, 2B0ABC151CE03C26F832F07CDAFD9A8FAE5D18B7E1197B01299B123FD821B89C ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
14:57:06.0486 0x1324  Secunia Update Agent - ok
14:57:06.0501 0x1324  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
14:57:06.0501 0x1324  SENS - ok
14:57:06.0517 0x1324  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:57:06.0532 0x1324  SensrSvc - ok
14:57:06.0548 0x1324  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
14:57:06.0548 0x1324  Serenum - ok
14:57:06.0564 0x1324  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
14:57:06.0564 0x1324  Serial - ok
14:57:06.0595 0x1324  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:57:06.0595 0x1324  sermouse - ok
14:57:06.0610 0x1324  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
14:57:06.0626 0x1324  SessionEnv - ok
14:57:06.0626 0x1324  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:57:06.0626 0x1324  sffdisk - ok
14:57:06.0642 0x1324  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:57:06.0642 0x1324  sffp_mmc - ok
14:57:06.0642 0x1324  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:57:06.0642 0x1324  sffp_sd - ok
14:57:06.0657 0x1324  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:57:06.0657 0x1324  sfloppy - ok
14:57:06.0704 0x1324  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:57:06.0720 0x1324  SharedAccess - ok
14:57:06.0735 0x1324  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:57:06.0751 0x1324  ShellHWDetection - ok
14:57:06.0766 0x1324  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:57:06.0766 0x1324  SiSRaid2 - ok
14:57:06.0782 0x1324  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:57:06.0782 0x1324  SiSRaid4 - ok
14:57:06.0798 0x1324  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:57:06.0813 0x1324  Smb - ok
14:57:06.0829 0x1324  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:57:06.0829 0x1324  SNMPTRAP - ok
14:57:06.0844 0x1324  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:57:06.0844 0x1324  spldr - ok
14:57:06.0891 0x1324  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
14:57:06.0907 0x1324  Spooler - ok
14:57:07.0047 0x1324  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
14:57:07.0156 0x1324  sppsvc - ok
14:57:07.0172 0x1324  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:57:07.0172 0x1324  sppuinotify - ok
14:57:07.0188 0x1324  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:57:07.0188 0x1324  srv - ok
14:57:07.0203 0x1324  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:57:07.0219 0x1324  srv2 - ok
14:57:07.0219 0x1324  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:57:07.0234 0x1324  srvnet - ok
14:57:07.0234 0x1324  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:57:07.0250 0x1324  SSDPSRV - ok
14:57:07.0250 0x1324  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:57:07.0266 0x1324  SstpSvc - ok
14:57:07.0297 0x1324  [ EF806D212D34B0E173BAEB3564D53E37, 6EF229A7B7AFF0268CDF47B77F961BD44335C3B35499BB00CBA494A22B2BA39E ] ss_bbus         C:\Windows\system32\DRIVERS\ss_bbus.sys
14:57:07.0297 0x1324  ss_bbus - ok
14:57:07.0328 0x1324  [ 08B1B34ABEBEB6AC2DEA06900C56411E, 928EF9B9F194DB07049BA2D7127756B021C2729F562E54F7FECD0F2B2FF5A209 ] ss_bmdfl        C:\Windows\system32\DRIVERS\ss_bmdfl.sys
14:57:07.0328 0x1324  ss_bmdfl - ok
14:57:07.0344 0x1324  [ 71A9DA6BEAA4CB54DFB827FB78600A5D, 6393CA17CF6A6F30447FF599B2D27CAB44BA1A709D986AC5E14463303094BE5F ] ss_bmdm         C:\Windows\system32\DRIVERS\ss_bmdm.sys
14:57:07.0359 0x1324  ss_bmdm - ok
14:57:07.0375 0x1324  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:57:07.0375 0x1324  stexstor - ok
14:57:07.0422 0x1324  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
14:57:07.0453 0x1324  stisvc - ok
14:57:07.0468 0x1324  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:57:07.0468 0x1324  swenum - ok
14:57:07.0500 0x1324  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
14:57:07.0531 0x1324  swprv - ok
14:57:07.0578 0x1324  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
14:57:07.0640 0x1324  SysMain - ok
14:57:07.0656 0x1324  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:57:07.0656 0x1324  TabletInputService - ok
14:57:07.0687 0x1324  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:57:07.0702 0x1324  TapiSrv - ok
14:57:07.0718 0x1324  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
14:57:07.0718 0x1324  TBS - ok
14:57:07.0765 0x1324  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:57:07.0812 0x1324  Tcpip - ok
14:57:07.0858 0x1324  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:57:07.0890 0x1324  TCPIP6 - ok
14:57:07.0921 0x1324  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:57:07.0921 0x1324  tcpipreg - ok
14:57:07.0936 0x1324  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:57:07.0936 0x1324  TDPIPE - ok
14:57:07.0952 0x1324  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:57:07.0952 0x1324  TDTCP - ok
14:57:07.0999 0x1324  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:57:08.0014 0x1324  tdx - ok
14:57:08.0030 0x1324  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:57:08.0030 0x1324  TermDD - ok
14:57:08.0077 0x1324  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
14:57:08.0092 0x1324  TermService - ok
14:57:08.0108 0x1324  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
14:57:08.0108 0x1324  Themes - ok
14:57:08.0108 0x1324  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
14:57:08.0124 0x1324  THREADORDER - ok
14:57:08.0139 0x1324  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
14:57:08.0139 0x1324  TrkWks - ok
14:57:08.0186 0x1324  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:57:08.0186 0x1324  TrustedInstaller - ok
14:57:08.0202 0x1324  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:57:08.0217 0x1324  tssecsrv - ok
14:57:08.0233 0x1324  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:57:08.0233 0x1324  TsUsbFlt - ok
14:57:08.0264 0x1324  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
14:57:08.0264 0x1324  TsUsbGD - ok
14:57:08.0280 0x1324  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:57:08.0280 0x1324  tunnel - ok
14:57:08.0311 0x1324  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:57:08.0311 0x1324  uagp35 - ok
14:57:08.0326 0x1324  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:57:08.0326 0x1324  udfs - ok
14:57:08.0342 0x1324  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:57:08.0342 0x1324  UI0Detect - ok
14:57:08.0358 0x1324  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:57:08.0358 0x1324  uliagpkx - ok
14:57:08.0389 0x1324  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:57:08.0389 0x1324  umbus - ok
14:57:08.0404 0x1324  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:57:08.0404 0x1324  UmPass - ok
14:57:08.0529 0x1324  [ 7E5E1603D0FF2D240AE70295C5C3FEFC, 1E5F8E415ACE3C6DFBE636473DBE051329174F2A085516B6FC1515A54014D02B ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:57:08.0592 0x1324  UNS - ok
14:57:08.0623 0x1324  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
14:57:08.0638 0x1324  upnphost - ok
14:57:08.0654 0x1324  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:57:08.0670 0x1324  usbccgp - ok
14:57:08.0701 0x1324  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:57:08.0716 0x1324  usbcir - ok
14:57:08.0732 0x1324  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
14:57:08.0732 0x1324  usbehci - ok
14:57:08.0763 0x1324  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:57:08.0763 0x1324  usbhub - ok
14:57:08.0810 0x1324  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:57:08.0810 0x1324  usbohci - ok
14:57:08.0826 0x1324  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:57:08.0826 0x1324  usbprint - ok
14:57:08.0888 0x1324  [ B5E6C4F280EBF0B16F74A5B415F2E0DF, 4B1F7C95F267A29FC8AE4F285E2B19200C7E3F8505B1E75797A7A9EDE4CD1EDE ] USBS3S4Detection C:\OEM\USBDECTION\USBS3S4Detection.exe
14:57:08.0904 0x1324  USBS3S4Detection - ok
14:57:08.0935 0x1324  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
14:57:08.0950 0x1324  usbscan - ok
14:57:08.0966 0x1324  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:57:08.0966 0x1324  USBSTOR - ok
14:57:08.0982 0x1324  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:57:08.0982 0x1324  usbuhci - ok
14:57:09.0013 0x1324  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
14:57:09.0013 0x1324  usbvideo - ok
14:57:09.0044 0x1324  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
14:57:09.0044 0x1324  UxSms - ok
14:57:09.0060 0x1324  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
14:57:09.0060 0x1324  VaultSvc - ok
14:57:09.0200 0x1324  [ 1352B215BDC5807A5641E7C143796DD7, B54F95307253BB81E4CEE4F2033782210652364DE6A1E833B27ECE7E04A2BD51 ] VBoxAswDrv      C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
14:57:09.0200 0x1324  VBoxAswDrv - ok
14:57:09.0231 0x1324  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:57:09.0231 0x1324  vdrvroot - ok
14:57:09.0262 0x1324  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
14:57:09.0278 0x1324  vds - ok
14:57:09.0294 0x1324  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:57:09.0294 0x1324  vga - ok
14:57:09.0309 0x1324  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:57:09.0309 0x1324  VgaSave - ok
14:57:09.0309 0x1324  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:57:09.0325 0x1324  vhdmp - ok
14:57:09.0340 0x1324  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:57:09.0340 0x1324  viaide - ok
14:57:09.0356 0x1324  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:57:09.0356 0x1324  volmgr - ok
14:57:09.0372 0x1324  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:57:09.0387 0x1324  volmgrx - ok
14:57:09.0387 0x1324  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:57:09.0403 0x1324  volsnap - ok
14:57:09.0418 0x1324  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:57:09.0418 0x1324  vsmraid - ok
14:57:09.0465 0x1324  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
14:57:09.0512 0x1324  VSS - ok
14:57:09.0559 0x1324  [ 5BE34BFADE20FF6C154B4663605B6212, 810F7956588F1A177FEE9C4D45C834954122BB9429D7E915D7F6F8EA3DA9802A ] VUSB3HUB        C:\Windows\system32\DRIVERS\ViaHub3.sys
14:57:09.0559 0x1324  VUSB3HUB - ok
14:57:09.0559 0x1324  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:57:09.0559 0x1324  vwifibus - ok
14:57:09.0590 0x1324  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:57:09.0590 0x1324  vwififlt - ok
14:57:09.0606 0x1324  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
14:57:09.0606 0x1324  vwifimp - ok
14:57:09.0637 0x1324  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
14:57:09.0652 0x1324  W32Time - ok
14:57:09.0652 0x1324  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:57:09.0668 0x1324  WacomPen - ok
14:57:09.0684 0x1324  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:57:09.0684 0x1324  WANARP - ok
14:57:09.0684 0x1324  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:57:09.0699 0x1324  Wanarpv6 - ok
14:57:09.0762 0x1324  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
14:57:09.0793 0x1324  WatAdminSvc - ok
14:57:09.0840 0x1324  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
14:57:09.0886 0x1324  wbengine - ok
14:57:09.0918 0x1324  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:57:09.0918 0x1324  WbioSrvc - ok
14:57:09.0933 0x1324  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:57:09.0949 0x1324  wcncsvc - ok
14:57:09.0949 0x1324  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:57:09.0949 0x1324  WcsPlugInService - ok
14:57:09.0949 0x1324  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
14:57:09.0964 0x1324  Wd - ok
14:57:10.0011 0x1324  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:57:10.0011 0x1324  Wdf01000 - ok
14:57:10.0042 0x1324  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:57:10.0042 0x1324  WdiServiceHost - ok
14:57:10.0042 0x1324  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:57:10.0042 0x1324  WdiSystemHost - ok
14:57:10.0074 0x1324  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
14:57:10.0089 0x1324  WebClient - ok
14:57:10.0089 0x1324  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:57:10.0105 0x1324  Wecsvc - ok
14:57:10.0105 0x1324  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:57:10.0120 0x1324  wercplsupport - ok
14:57:10.0120 0x1324  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:57:10.0136 0x1324  WerSvc - ok
14:57:10.0152 0x1324  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:57:10.0152 0x1324  WfpLwf - ok
14:57:10.0152 0x1324  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:57:10.0152 0x1324  WIMMount - ok
14:57:10.0167 0x1324  WinDefend - ok
14:57:10.0183 0x1324  WinHttpAutoProxySvc - ok
14:57:10.0245 0x1324  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:57:10.0245 0x1324  Winmgmt - ok
14:57:10.0339 0x1324  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
14:57:10.0401 0x1324  WinRM - ok
14:57:10.0448 0x1324  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:57:10.0448 0x1324  WinUsb - ok
14:57:10.0495 0x1324  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:57:10.0526 0x1324  Wlansvc - ok
14:57:10.0698 0x1324  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:57:10.0760 0x1324  wlidsvc - ok
14:57:10.0791 0x1324  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:57:10.0791 0x1324  WmiAcpi - ok
14:57:10.0807 0x1324  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:57:10.0807 0x1324  wmiApSrv - ok
14:57:10.0838 0x1324  WMPNetworkSvc - ok
14:57:10.0854 0x1324  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:57:10.0854 0x1324  WPCSvc - ok
14:57:10.0869 0x1324  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:57:10.0885 0x1324  WPDBusEnum - ok
14:57:10.0885 0x1324  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:57:10.0885 0x1324  ws2ifsl - ok
14:57:10.0900 0x1324  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
14:57:10.0900 0x1324  wscsvc - ok
14:57:10.0900 0x1324  WSearch - ok
14:57:10.0978 0x1324  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:57:11.0072 0x1324  wuauserv - ok
14:57:11.0088 0x1324  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:57:11.0088 0x1324  WudfPf - ok
14:57:11.0134 0x1324  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:57:11.0134 0x1324  WUDFRd - ok
14:57:11.0166 0x1324  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:57:11.0166 0x1324  wudfsvc - ok
14:57:11.0197 0x1324  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:57:11.0212 0x1324  WwanSvc - ok
14:57:11.0244 0x1324  [ 109B6F1888845661D19B7A458776D5D1, 526F9655480726345A4E3395EC841BAFB25AFF7AD84C51AD2A6BBA9605BD26FD ] xhcdrv          C:\Windows\system32\DRIVERS\xhcdrv.sys
14:57:11.0244 0x1324  xhcdrv - ok
14:57:11.0275 0x1324  ================ Scan global ===============================
14:57:11.0290 0x1324  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
14:57:11.0322 0x1324  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
14:57:11.0322 0x1324  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
14:57:11.0337 0x1324  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
14:57:11.0368 0x1324  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
14:57:11.0368 0x1324  [ Global ] - ok
14:57:11.0368 0x1324  ================ Scan MBR ==================================
14:57:11.0384 0x1324  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:57:11.0587 0x1324  \Device\Harddisk0\DR0 - ok
14:57:11.0587 0x1324  ================ Scan VBR ==================================
14:57:11.0587 0x1324  [ F2E48239863E29490D6B26B65648B544 ] \Device\Harddisk0\DR0\Partition1
14:57:11.0634 0x1324  \Device\Harddisk0\DR0\Partition1 - ok
14:57:11.0634 0x1324  [ 042525643A7203786B10646FDFF63D14 ] \Device\Harddisk0\DR0\Partition2
14:57:11.0649 0x1324  \Device\Harddisk0\DR0\Partition2 - ok
14:57:11.0649 0x1324  [ E85205E9CBF515FA68579368B93E0B60 ] \Device\Harddisk0\DR0\Partition3
14:57:11.0665 0x1324  \Device\Harddisk0\DR0\Partition3 - ok
14:57:11.0665 0x1324  ================ Scan generic autorun ======================
14:57:11.0727 0x1324  [ 326A4422C8421A143C3087F41B7A2EFC, 2761411C8413BA66C4A1074F4CC256EF6481ABC092C07EA364864AF1F9A80826 ] C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
14:57:11.0727 0x1324  TouchORB - ok
14:57:11.0758 0x1324  [ CFDEB75CBC244C381456BEB47BACFA19, 29E2E3F42040A80A5FA8A75324144B616F0B566144F85B2D5CA779ADA3DB3ED2 ] C:\Windows\system32\igfxtray.exe
14:57:11.0758 0x1324  IgfxTray - ok
14:57:11.0774 0x1324  [ 624929DF3EDE450E6BE80DE5E7D78FC7, 707CCB695611E08CE5BE00D821B1107CF9A704749FE6F338D79C293FB48E3EF2 ] C:\Windows\system32\hkcmd.exe
14:57:11.0790 0x1324  HotKeysCmds - ok
14:57:11.0821 0x1324  [ E5F88ECF453C3E933EC81338ABEB13A7, 68300EE99B35A6CBF0BD52F9D611172828F8A468E682454A4524C8703D59E8D9 ] C:\Windows\system32\igfxpers.exe
14:57:11.0821 0x1324  Persistence - ok
14:57:11.0868 0x1324  [ 50483C7BE8C8607A32F86388C19C2628, 99E75DB1FB4A32871A85B85E38177198F31773F9A11AA0BF8E0814141AC9ACEA ] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
14:57:11.0883 0x1324  AmIcoSinglun64 - ok
14:57:11.0899 0x1324  [ 968EDA6EA6E00DFAE78586BFA6322B74, 8F3A01704E67D2F9212A08F0D5B4FF15DEE4791E1BB303DF4C9CF7DD3871E6E5 ] C:\VIA_XHCI\usb3Monitor.exe
14:57:11.0899 0x1324  VIAxHCUtl - ok
14:57:12.0226 0x1324  [ 893D09A65316970632A25D5F4AC7AFCE, 86351D6714806160767894765C5156B57FBD17B4535A8C101C95CBCA74391CF2 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
14:57:12.0414 0x1324  RtHDVCpl - ok
14:57:12.0445 0x1464  Object required for P2P: [ 96BB922A0981BC7432C8CF52B5410FE6 ] iScsiPrt
14:57:12.0460 0x1324  [ 4912F15F275B47D5021641648CC90BC6, 31985B1A4F035BCDC7F0EB95026973D06B2DB671FE662AE20BBEE2890A948895 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
14:57:12.0492 0x1324  RtHDVBg_Dolby - ok
14:57:12.0538 0x1324  [ 31B5BCF6364200965BF4BDBD52F734E9, 25F5907FCCE63887EA4E51094D41C5DF7E6746198D65672A4B120A0EFA43B3E8 ] C:\Program Files (x86)\Acer\Acer TouchPortal\TouchPortalLauncher.exe
14:57:12.0554 0x1324  TouchPortalV3Launcher - ok
14:57:12.0601 0x1324  [ 1AA5CE8A101B34121A50173F8A115D88, B17EA897ECA314A9ACCF78EC1A8202BD58C55DD764CC2126B9E9A4184325F11D ] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
14:57:12.0601 0x1324  ArcadeMovieService - ok
14:57:12.0663 0x1324  [ 278C64B644C224B28E601381103811A6, FF80C2DCDBB6954C84223B01B430A3A250A3937E6A77AD63627C1BDD94E86C6B ] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
14:57:12.0679 0x1324  Hotkey Utility - ok
14:57:12.0679 0x1324  [ 31B5BCF6364200965BF4BDBD52F734E9, 25F5907FCCE63887EA4E51094D41C5DF7E6746198D65672A4B120A0EFA43B3E8 ] C:\Program Files (x86)\Acer\Acer TouchPortal\TouchPortalLauncher.exe
14:57:12.0694 0x1324  TouchPortalV3Launcher - ok
14:57:12.0741 0x1324  [ 8D2B47285BCDE1943A16166702E3FA95, 621156A7861CA83BCD146D1CCCAC13F72951F2A64866C185796D7954E2EBAEA0 ] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
14:57:12.0757 0x1324  Dolby Home Theater v4 - ok
14:57:12.0788 0x1324  [ AAA16A137623AFA14ED6E859D9516821, AA42CBC1F468D034A16C3DCCE7552F9B78B252DFE95C0BEF3F3E2D938EB11BBB ] C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
14:57:12.0804 0x1324  YouCam Service - ok
14:57:12.0960 0x1324  [ 44ADDA5FB88EE14F57A246285775AC2F, 2776225BA9F22C553453541DA0285E093B4F2019DB6FE640D033BA45045299C8 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
14:57:13.0100 0x1324  AvastUI.exe - ok
14:57:13.0147 0x1324  [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
14:57:13.0147 0x1324  HP Software Update - ok
14:57:13.0147 0x1324  Waiting for KSN requests completion. In queue: 280
14:57:14.0161 0x1324  Waiting for KSN requests completion. In queue: 280
14:57:15.0175 0x1324  Waiting for KSN requests completion. In queue: 280
14:57:16.0189 0x1324  Waiting for KSN requests completion. In queue: 237
14:57:17.0203 0x1324  Waiting for KSN requests completion. In queue: 237
14:57:18.0217 0x1324  Waiting for KSN requests completion. In queue: 237
14:57:19.0231 0x1324  Waiting for KSN requests completion. In queue: 237
14:57:20.0245 0x1324  Waiting for KSN requests completion. In queue: 237
14:57:21.0259 0x1324  Waiting for KSN requests completion. In queue: 237
14:57:22.0273 0x1324  Waiting for KSN requests completion. In queue: 237
14:57:23.0287 0x1324  Waiting for KSN requests completion. In queue: 237
14:57:24.0301 0x1324  Waiting for KSN requests completion. In queue: 237
14:57:25.0315 0x1324  Waiting for KSN requests completion. In queue: 237
14:57:26.0329 0x1324  Waiting for KSN requests completion. In queue: 237
14:57:27.0343 0x1324  Waiting for KSN requests completion. In queue: 237
14:57:28.0357 0x1324  Waiting for KSN requests completion. In queue: 237
14:57:29.0371 0x1324  Waiting for KSN requests completion. In queue: 237
14:57:30.0385 0x1324  Waiting for KSN requests completion. In queue: 237
14:57:31.0399 0x1324  Waiting for KSN requests completion. In queue: 237
14:57:32.0413 0x1324  Waiting for KSN requests completion. In queue: 237
14:57:32.0460 0x1464  Object send P2P result: false
14:57:32.0475 0x1464  Object required for P2P: [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64
14:57:33.0427 0x1324  Waiting for KSN requests completion. In queue: 214
14:57:34.0441 0x1324  Waiting for KSN requests completion. In queue: 214
14:57:35.0455 0x1324  Waiting for KSN requests completion. In queue: 214
14:57:36.0469 0x1324  Waiting for KSN requests completion. In queue: 214
14:57:37.0483 0x1324  Waiting for KSN requests completion. In queue: 214
14:57:38.0497 0x1324  Waiting for KSN requests completion. In queue: 214
14:57:39.0511 0x1324  Waiting for KSN requests completion. In queue: 214
14:57:40.0525 0x1324  Waiting for KSN requests completion. In queue: 214
14:57:41.0539 0x1324  Waiting for KSN requests completion. In queue: 214
14:57:42.0553 0x1324  Waiting for KSN requests completion. In queue: 214
14:57:43.0567 0x1324  Waiting for KSN requests completion. In queue: 214
14:57:44.0581 0x1324  Waiting for KSN requests completion. In queue: 214
14:57:45.0595 0x1324  Waiting for KSN requests completion. In queue: 214
14:57:46.0609 0x1324  Waiting for KSN requests completion. In queue: 214
14:57:47.0623 0x1324  Waiting for KSN requests completion. In queue: 214
14:57:48.0637 0x1324  Waiting for KSN requests completion. In queue: 214
14:57:49.0651 0x1324  Waiting for KSN requests completion. In queue: 214
14:57:50.0665 0x1324  Waiting for KSN requests completion. In queue: 214
14:57:51.0679 0x1324  Waiting for KSN requests completion. In queue: 214
14:57:52.0506 0x1464  Object send P2P result: false
14:57:52.0506 0x1464  Object required for P2P: [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci
14:57:52.0693 0x1324  Waiting for KSN requests completion. In queue: 149
14:57:53.0707 0x1324  Waiting for KSN requests completion. In queue: 149
14:57:54.0721 0x1324  Waiting for KSN requests completion. In queue: 149
14:57:55.0392 0x1464  Object send P2P result: true
14:57:55.0750 0x1324  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x41000 ( enabled : updated )
14:57:55.0782 0x1324  Win FW state via NFP2: enabled
14:57:58.0231 0x1324  ============================================================
14:57:58.0231 0x1324  Scan finished
14:57:58.0231 0x1324  ============================================================
14:57:58.0231 0x0d24  Detected object count: 0
14:57:58.0231 0x0d24  Actual detected object count: 0

 

 

asw mbr

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-02-09 14:59:27
-----------------------------
14:59:27.618    OS Version: Windows x64 6.1.7601 Service Pack 1
14:59:27.618    Number of processors: 4 586 0x2A07
14:59:27.633    ComputerName: PARKINSONS-PC  UserName: Parkinsons
14:59:28.382    Initialize success
14:59:28.413    VM: initialized successfully
14:59:28.413    VM: Intel CPU supported virtualized
14:59:40.901    VM: supported disk I/O iaStor.sys
14:59:44.395    AVAST engine defs: 15020900
15:00:04.831    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:00:04.847    Disk 0 Vendor: WDC_WD10 51.0 Size: 953869MB BusType: 3
15:00:04.925    VM: Disk 0 MBR read successfully
15:00:04.925    Disk 0 MBR scan
15:00:04.940    Disk 0 Windows 7 default MBR code
15:00:04.940    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        17408 MB offset 2048
15:00:04.956    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 35653632
15:00:04.956    Disk 0 default boot code
15:00:04.972    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       468179 MB offset 35858432
15:00:04.987    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       468180 MB offset 994689024
15:00:05.003    Disk 0 scanning C:\Windows\system32\drivers
15:00:11.726    Service scanning
15:00:23.910    Modules scanning
15:00:23.910    Disk 0 trace - called modules:
15:00:23.926    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:00:23.926    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065e2060]
15:00:23.941    3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046af050]
15:00:24.456    AVAST engine scan C:\Windows
15:00:26.078    AVAST engine scan C:\Windows\system32
15:02:07.962    AVAST engine scan C:\Windows\system32\drivers
15:02:15.903    AVAST engine scan C:\Users\Parkinsons
15:03:06.493    AVAST engine scan C:\ProgramData
15:03:51.078    Disk 0 statistics 3481172/0/26 @ 10.48 MB/s
15:03:51.078    Scan finished successfully
15:03:59.580    Disk 0 MBR has been saved successfully to "C:\Users\Parkinsons\Desktop\MBR.dat"
15:03:59.596    The log file has been saved successfully to "C:\Users\Parkinsons\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   570bytes   0 downloads

Edited by kerrypn, 09 February 2015 - 10:18 AM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:26 AM

Posted 09 February 2015 - 02:32 PM

This looked strange to me

14:57:32.0460 0x1464 Object send P2P result: false
14:57:32.0475 0x1464 Object required for P2P: [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64



A further check I see that it's file is good.

14:57:02.0804 0x1324 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

It may just be that your security software do not see it or is reporting a false positive.
===

If not already done please close all browsers and programs.
Restart the computer normally.

Run Internet Explorer. Do you still see that IAT notice?

#13 kerrypn

kerrypn
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 09 February 2015 - 03:02 PM

Hi again Nasdaq! After your previous instructions were completed I shutdown the PC as didn't want to leave it on until I know whats happening with it (I have been using laptop to check for replies etc) The IAT notice was generated from Rogue Killer as it finished-and only happened once, I screenshot it just in case, but the browser is working normally if a little slow.

 

Am I clean or are we still diagnosing? RK threw up a lot of results as risks which I didn't delete-were these false positives? Sorry I don't really understand any of the results I have produced for you, so I cant tell where we are up to!

 

Thanks again for your help!


Edited by kerrypn, 09 February 2015 - 03:19 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:26 AM

Posted 10 February 2015 - 08:52 AM

Restore your Windows 7 to the Last good configuration
Follow the instructions on this page.

http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7
<<<>>>

How is the computer running now?

#15 kerrypn

kerrypn
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 10 February 2015 - 11:43 AM

Hi again Nasdaq! I have done as you asked and started in last known good configuration. Booted up a bit quicker, does still seem to be making a noise in the background like something is happening. To be honest other than the slow boot up and the AVAST flagging (which caused me to post) and that pop up I haven't noticed any major symptoms of infection. I am worried as I did not delete the stuff avast pulled, nor the PUP Gorilla-I just vaulted and came here straight away. The only things I have done on that comp have been on your instruction :)

 

ETA: I came across this thread whilst browsing Nasdaq about Rogue Killer throwing up pages about hooks-I don't know if this helps/is relevant but thought I would mention it :) http://www.bleepingcomputer.com/forums/t/566529/roguekiller-hooks/


Edited by kerrypn, 10 February 2015 - 12:09 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users