Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FRST logs for possible Zeus infection


  • This topic is locked This topic is locked
12 replies to this topic

#1 IAmAUser

IAmAUser

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 25 March 2015 - 08:08 PM

Was told to post a new topic, my original post here.

 

Tried to attach Addition.txt but it says upload failed. Used basic uploader.

 

Edit: I knew it might be a bit before somone could take a look at this and I needed to use my computer, so last night I ran the zbot tool from ESET and it said no threat was found, I also modified my hosts file to block a bunch of known active zbot (C&C?) sites. So with some small peace of mind I can wait patiently :)

 

-FRST.txt-

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Mike (administrator) on MIKE-PC on 25-03-2015 19:43:33
Running from C:\Users\Mike\Desktop
Loaded Profiles: Mike (Available profiles: Mike)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Dropbox, Inc.) C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Users\Mike\Documents\MyClock.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2267689825-1851815236-125278167-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2267689825-1851815236-125278167-1000\...\MountPoints2: {53d69379-5c83-11e4-ad7c-74d43581fc70} - F:\StartClickFreeBackup.exe
HKU\S-1-5-21-2267689825-1851815236-125278167-1000\...\MountPoints2: {774546c2-063a-11e4-a136-74d43581fc70} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2267689825-1851815236-125278167-1000\...\MountPoints2: {78ef1c5a-92f0-11e4-a4f4-74d43581fc70} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2267689825-1851815236-125278167-1000\...\MountPoints2: {8c1cc26f-ab82-11e3-8f0c-806e6f6e6963} - E:\Run.exe
HKU\S-1-5-21-2267689825-1851815236-125278167-1000\...\MountPoints2: {ac8d7300-b2ea-11e4-ac86-74d43581fc70} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2267689825-1851815236-125278167-1000\...\MountPoints2: {ac8d7324-b2ea-11e4-ac86-74d43581fc70} - F:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyClock.exe.lnk
ShortcutTarget: MyClock.exe.lnk -> C:\Users\Mike\Documents\MyClock.exe ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2267689825-1851815236-125278167-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-17] (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-17] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-17] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-17] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\r7w2ht4z.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-18] ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-17] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\r7w2ht4z.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-03-14]
FF Extension: Adblock Plus - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\r7w2ht4z.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-14]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-12-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-22] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-22] (Avast Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [814464 2015-02-07] ()
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2015-01-31] (EasyAntiCheat Ltd)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-30] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-22] ()
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-03-22] (Emsisoft GmbH)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-29] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [89072 2013-03-21] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-24] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-22] (Avast Software)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 19:37 - 2015-03-25 19:37 - 00001430 _____ () C:\Users\Mike\Desktop\New Text Document.txt
2015-03-25 19:33 - 2015-03-25 19:33 - 00032607 _____ () C:\Users\Mike\Desktop\aAddition.txt
2015-03-25 19:31 - 2015-03-25 19:43 - 00017809 _____ () C:\Users\Mike\Desktop\FRST.txt
2015-03-25 19:31 - 2015-03-25 19:33 - 00031296 _____ () C:\Users\Mike\Desktop\aFRST.txt
2015-03-25 19:30 - 2015-03-25 19:43 - 00000000 ____D () C:\FRST
2015-03-25 19:30 - 2015-03-25 19:30 - 02095616 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2015-03-25 19:29 - 2015-03-25 19:30 - 00000197 _____ () C:\Windows\system32\2015-03-26-00-29-41.020-AvastVBoxSVC.exe-3392.log
2015-03-24 20:02 - 2015-03-24 20:02 - 00000197 _____ () C:\Windows\system32\2015-03-25-01-02-12.093-AvastVBoxSVC.exe-2756.log
2015-03-24 03:07 - 2015-03-24 03:07 - 00000000 ____D () C:\Users\Mike\AppData\Local\CrashDumps
2015-03-23 20:07 - 2015-03-23 20:08 - 00000197 _____ () C:\Windows\system32\2015-03-24-01-07-39.042-AvastVBoxSVC.exe-2552.log
2015-03-23 00:37 - 2015-03-23 00:37 - 00000247 _____ () C:\Windows\system32\2015-03-23-05-37-41.067-aswFe.exe-3332.log
2015-03-23 00:35 - 2015-03-23 00:37 - 00000247 _____ () C:\Windows\system32\2015-03-23-05-35-12.016-aswFe.exe-3972.log
2015-03-23 00:35 - 2015-03-23 00:35 - 00000197 _____ () C:\Windows\system32\2015-03-23-05-35-06.034-AvastVBoxSVC.exe-4480.log
2015-03-23 00:32 - 2015-03-23 00:32 - 00000222 _____ () C:\Users\Mike\Desktop\FTL Faster Than Light.url
2015-03-22 11:37 - 2015-03-22 11:37 - 00000197 _____ () C:\Windows\system32\2015-03-22-16-37-16.095-AvastVBoxSVC.exe-2816.log
2015-03-22 02:18 - 2015-03-22 02:18 - 00000830 _____ () C:\Users\Mike\Desktop\JRT.txt
2015-03-22 01:27 - 2015-03-22 12:18 - 00000000 ____D () C:\EEK
2015-03-22 01:27 - 2015-03-22 01:27 - 00000743 _____ () C:\Users\Mike\Desktop\Start Emsisoft Emergency Kit.lnk
2015-03-22 01:17 - 2015-03-22 01:27 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-22 01:17 - 2015-03-22 01:17 - 00000000 ____D () C:\Program Files\HitmanPro
2015-03-22 01:14 - 2015-03-22 01:14 - 01388672 _____ (Thisisu) C:\Users\Mike\Desktop\JRT.exe
2015-03-22 01:13 - 2015-03-22 01:17 - 10995632 _____ (SurfRight B.V.) C:\Users\Mike\Desktop\HitmanPro_x64.exe
2015-03-22 01:13 - 2015-03-22 01:14 - 164449000 _____ () C:\Users\Mike\Desktop\EmsisoftEmergencyKit.exe
2015-03-22 01:11 - 2015-03-24 03:07 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-22 01:11 - 2015-03-22 01:16 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-22 01:10 - 2015-03-22 01:11 - 16660056 _____ () C:\Users\Mike\Desktop\RogueKiller.exe
2015-03-22 00:59 - 2015-03-22 01:01 - 00003624 _____ () C:\Users\Mike\Desktop\Rkill.txt
2015-03-22 00:59 - 2015-03-22 00:59 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Mike\Desktop\tdsskiller.exe
2015-03-22 00:54 - 2015-03-22 00:54 - 00000197 _____ () C:\Windows\system32\2015-03-22-05-54-47.068-AvastVBoxSVC.exe-2592.log
2015-03-22 00:43 - 2015-03-22 00:43 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-22 00:43 - 2015-03-22 00:43 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-22 00:43 - 2015-03-22 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-22 00:43 - 2015-03-22 00:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-22 00:43 - 2015-03-22 00:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-22 00:43 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-22 00:43 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-22 00:43 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-22 00:38 - 2015-03-22 00:38 - 00000197 _____ () C:\Windows\system32\2015-03-22-05-38-36.091-AvastVBoxSVC.exe-2520.log
2015-03-22 00:33 - 2015-03-22 00:35 - 00000000 ____D () C:\AdwCleaner
2015-03-22 00:32 - 2015-03-22 00:33 - 02171392 _____ () C:\Users\Mike\Desktop\adwcleaner_4.112.exe
2015-03-22 00:05 - 2015-03-22 00:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-21 11:41 - 2015-03-21 11:42 - 00000197 _____ () C:\Windows\system32\2015-03-21-16-41-51.078-AvastVBoxSVC.exe-2440.log
2015-03-20 19:29 - 2015-03-20 19:30 - 00000197 _____ () C:\Windows\system32\2015-03-21-00-29-58.054-AvastVBoxSVC.exe-2512.log
2015-03-19 19:40 - 2015-03-19 19:41 - 00000197 _____ () C:\Windows\system32\2015-03-20-00-40-37.088-AvastVBoxSVC.exe-2464.log
2015-03-18 19:47 - 2015-03-18 19:47 - 00000197 _____ () C:\Windows\system32\2015-03-19-00-47-18.037-AvastVBoxSVC.exe-2576.log
2015-03-17 20:19 - 2015-03-17 20:19 - 00000197 _____ () C:\Windows\system32\2015-03-18-01-19-39.003-AvastVBoxSVC.exe-1660.log
2015-03-16 19:53 - 2015-03-16 19:54 - 00000197 _____ () C:\Windows\system32\2015-03-17-00-53-25.030-AvastVBoxSVC.exe-2536.log
2015-03-15 19:00 - 2015-03-15 19:00 - 00000197 _____ () C:\Windows\system32\2015-03-16-00-00-09.080-AvastVBoxSVC.exe-2412.log
2015-03-15 00:09 - 2015-03-15 00:09 - 00000197 _____ () C:\Windows\system32\2015-03-15-05-09-42.002-AvastVBoxSVC.exe-3000.log
2015-03-14 15:52 - 2015-03-14 15:53 - 00000197 _____ () C:\Windows\system32\2015-03-14-20-52-29.025-AvastVBoxSVC.exe-2540.log
2015-03-14 02:09 - 2015-03-14 02:10 - 00000247 _____ () C:\Windows\system32\2015-03-14-07-09-54.071-aswFe.exe-6312.log
2015-03-14 01:31 - 2015-03-14 02:09 - 00000247 _____ () C:\Windows\system32\2015-03-14-06-31-15.048-aswFe.exe-1552.log
2015-03-14 01:31 - 2015-03-14 01:31 - 00000197 _____ () C:\Windows\system32\2015-03-14-06-31-03.080-AvastVBoxSVC.exe-4700.log
2015-03-13 22:09 - 2015-03-13 22:09 - 38885078 _____ () C:\Users\Mike\Downloads\StarCitizenInstaller.exe
2015-03-13 20:54 - 2015-03-13 20:54 - 00000197 _____ () C:\Windows\system32\2015-03-14-01-54-17.040-AvastVBoxSVC.exe-2684.log
2015-03-12 21:28 - 2015-03-12 21:29 - 00000197 _____ () C:\Windows\system32\2015-03-13-02-28-50.089-AvastVBoxSVC.exe-3944.log
2015-03-11 18:32 - 2015-03-11 18:32 - 00000197 _____ () C:\Windows\system32\2015-03-11-23-32-14.021-AvastVBoxSVC.exe-2672.log
2015-03-10 20:03 - 2015-03-10 20:04 - 00000197 _____ () C:\Windows\system32\2015-03-11-01-03-29.073-AvastVBoxSVC.exe-3612.log
2015-03-09 19:51 - 2015-03-09 19:52 - 00000197 _____ () C:\Windows\system32\2015-03-10-00-51-56.045-AvastVBoxSVC.exe-2468.log
2015-03-08 13:57 - 2015-03-08 13:57 - 00000197 _____ () C:\Windows\system32\2015-03-08-18-57-02.088-AvastVBoxSVC.exe-2436.log
2015-03-07 12:22 - 2015-03-07 12:22 - 00000197 _____ () C:\Windows\system32\2015-03-07-17-22-21.062-AvastVBoxSVC.exe-2704.log
2015-03-06 21:11 - 2015-03-06 21:11 - 00000197 _____ () C:\Windows\system32\2015-03-07-02-11-19.012-AvastVBoxSVC.exe-2636.log
2015-03-05 21:10 - 2015-03-05 21:11 - 00000197 _____ () C:\Windows\system32\2015-03-06-02-10-58.061-AvastVBoxSVC.exe-2384.log
2015-03-04 20:50 - 2015-03-04 20:51 - 00000197 _____ () C:\Windows\system32\2015-03-05-01-50-37.095-AvastVBoxSVC.exe-2608.log
2015-03-03 22:12 - 2015-03-03 22:12 - 00000197 _____ () C:\Windows\system32\2015-03-04-03-12-00.047-AvastVBoxSVC.exe-2492.log
2015-03-02 20:18 - 2015-03-02 20:18 - 00000197 _____ () C:\Windows\system32\2015-03-03-01-18-00.020-AvastVBoxSVC.exe-2608.log
2015-03-01 18:00 - 2015-03-01 18:00 - 00000197 _____ () C:\Windows\system32\2015-03-01-23-00-09.094-AvastVBoxSVC.exe-1792.log
2015-03-01 04:35 - 2015-03-01 04:36 - 00000000 ____D () C:\Users\Mike\Documents\Heroes of the Storm
2015-02-28 13:51 - 2015-02-28 13:51 - 00000197 _____ () C:\Windows\system32\2015-02-28-18-51-33.092-AvastVBoxSVC.exe-2584.log
2015-02-28 01:09 - 2015-02-28 01:09 - 00001189 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2015-02-28 01:09 - 2015-02-28 01:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-02-28 01:05 - 2015-03-02 01:06 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2015-02-27 22:29 - 2015-02-27 22:29 - 00000197 _____ () C:\Windows\system32\2015-02-28-03-29-42.036-AvastVBoxSVC.exe-2612.log
2015-02-26 20:57 - 2015-02-26 20:57 - 00000197 _____ () C:\Windows\system32\2015-02-27-01-57-20.044-AvastVBoxSVC.exe-2900.log
2015-02-25 22:22 - 2015-02-25 22:23 - 00000197 _____ () C:\Windows\system32\2015-02-26-03-22-22.082-AvastVBoxSVC.exe-2584.log
2015-02-24 19:19 - 2015-02-24 19:19 - 00000197 _____ () C:\Windows\system32\2015-02-25-00-19-19.066-AvastVBoxSVC.exe-2528.log
2015-02-23 21:15 - 2015-02-23 21:16 - 00000197 _____ () C:\Windows\system32\2015-02-24-02-15-21.053-AvastVBoxSVC.exe-2544.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 19:36 - 2014-03-14 07:26 - 01670002 _____ () C:\Windows\WindowsUpdate.log
2015-03-25 19:33 - 2009-07-13 23:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-25 19:33 - 2009-07-13 23:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-25 19:32 - 2014-03-18 01:35 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-25 19:28 - 2014-03-27 01:25 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Dropbox
2015-03-25 19:26 - 2014-03-18 04:01 - 00179826 _____ () C:\Windows\PFRO.log
2015-03-25 19:26 - 2014-03-16 22:49 - 00000124 _____ () C:\HaxLogs.log
2015-03-25 19:26 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-25 19:26 - 2009-07-13 23:51 - 00090750 _____ () C:\Windows\setupact.log
2015-03-25 03:38 - 2015-02-01 03:24 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Kodi
2015-03-25 02:50 - 2014-03-16 03:54 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-23 00:34 - 2014-03-21 23:33 - 00000000 ____D () C:\Users\Mike\Documents\My Games
2015-03-22 23:23 - 2014-08-14 20:51 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\TS3Client
2015-03-22 11:35 - 2014-03-14 11:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-22 11:35 - 2009-07-14 00:08 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-22 00:52 - 2014-03-14 15:01 - 00000000 ____D () C:\Windows\Minidump
2015-03-22 00:35 - 2014-07-11 20:12 - 00000857 _____ () C:\Users\Mike\Desktop\Sweet Home 3D.lnk
2015-03-22 00:35 - 2014-07-11 20:12 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D
2015-03-18 20:12 - 2014-03-14 11:40 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-18 20:12 - 2014-03-14 11:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-18 20:11 - 2014-09-26 23:50 - 00000000 ____D () C:\Users\Mike\AppData\Local\Adobe
2015-03-17 20:22 - 2009-07-14 00:13 - 00784286 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-15 00:38 - 2014-06-14 22:47 - 00000222 _____ () C:\Users\Mike\Desktop\Chivalry Medieval Warfare.url
2015-03-15 00:22 - 2014-06-15 22:30 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-13 22:10 - 2014-05-16 23:04 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-03-12 21:32 - 2014-03-27 01:26 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-02 04:52 - 2014-03-14 12:16 - 00000000 ____D () C:\Users\Mike\AppData\Local\Battle.net
2015-03-01 04:36 - 2014-03-14 12:16 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-02-28 01:04 - 2014-03-14 12:16 - 00000000 ____D () C:\Program Files (x86)\Battle.net

==================== Files in the root of some directories =======

2014-09-27 02:33 - 2015-02-05 21:18 - 0000132 _____ () C:\Users\Mike\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-03-14 10:41 - 2014-03-14 10:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Mike\AppData\Local\Temp\D3DX9_43.dll
C:\Users\Mike\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Mike\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpedalib.dll
C:\Users\Mike\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\Mike\AppData\Local\Temp\paint.net.4.0.4.install.exe
C:\Users\Mike\AppData\Local\Temp\TexturePacker.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-15 20:35

==================== End Of Log ============================

Attached Files


Edited by IAmAUser, 26 March 2015 - 02:48 PM.


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 PM

Posted 27 March 2015 - 10:11 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:
HKU\S-1-5-21-2267689825-1851815236-125278167-1000\...\Run: [AdobeBridge] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Mike\AppData\Local\Temp\D3DX9_43.dll
C:\Users\Mike\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Mike\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpedalib.dll
C:\Users\Mike\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\Mike\AppData\Local\Temp\paint.net.4.0.4.install.exe
C:\Users\Mike\AppData\Local\Temp\TexturePacker.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 IAmAUser

IAmAUser
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 27 March 2015 - 10:13 PM

It's running fine, but it's always been running fine. It was the browser alert from Cox that was freaking me out.

 

Thanks for the help so far.

 

Edit: I didn't want to mess up your process for assisting me, but my curiosity was killing me so I uninstalled Dropbox and noticed that a dll in \Temp is still being created after each boot with different suffix, but always starting with "dropbox_sqlite_ext." and there's a same named .LCK being created as well. You might already be familiar with that, but I thought I'd let you know. I ran the fix before doing any of the above mentioned.

 

-Fixlog.txt-

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Mike at 2015-03-27 22:06:00 Run:1
Running from C:\Users\Mike\Desktop
Loaded Profiles: Mike (Available profiles: Mike)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:
HKU\S-1-5-21-2267689825-1851815236-125278167-1000\...\Run: [AdobeBridge] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Mike\AppData\Local\Temp\D3DX9_43.dll
C:\Users\Mike\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Mike\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpedalib.dll
C:\Users\Mike\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\Mike\AppData\Local\Temp\paint.net.4.0.4.install.exe
C:\Users\Mike\AppData\Local\Temp\TexturePacker.exe

End
*****************

Processes closed successfully.
HKU\S-1-5-21-2267689825-1851815236-125278167-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Users\Mike\AppData\Local\Temp\D3DX9_43.dll => Moved successfully.
C:\Users\Mike\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
"C:\Users\Mike\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpedalib.dll" => File/Directory not found.
C:\Users\Mike\AppData\Local\Temp\FoxitUpdater.exe => Moved successfully.
C:\Users\Mike\AppData\Local\Temp\paint.net.4.0.4.install.exe => Moved successfully.
C:\Users\Mike\AppData\Local\Temp\TexturePacker.exe => Moved successfully.


The system needed a reboot.


Edited by IAmAUser, 27 March 2015 - 11:09 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 PM

Posted 28 March 2015 - 08:02 AM

Run the Farbar tool and post a fresh FRST log for my review.

#5 IAmAUser

IAmAUser
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 28 March 2015 - 10:00 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Mike (administrator) on MIKE-PC on 28-03-2015 21:56:39
Running from C:\Users\Mike\Desktop
Loaded Profiles: Mike (Available profiles: Mike)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
() C:\Users\Mike\Documents\MyClock.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2267689825-1851815236-125278167-1000\...\MountPoints2: {53d69379-5c83-11e4-ad7c-74d43581fc70} - F:\StartClickFreeBackup.exe
HKU\S-1-5-21-2267689825-1851815236-125278167-1000\...\MountPoints2: {774546c2-063a-11e4-a136-74d43581fc70} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2267689825-1851815236-125278167-1000\...\MountPoints2: {78ef1c5a-92f0-11e4-a4f4-74d43581fc70} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2267689825-1851815236-125278167-1000\...\MountPoints2: {8c1cc26f-ab82-11e3-8f0c-806e6f6e6963} - E:\Run.exe
HKU\S-1-5-21-2267689825-1851815236-125278167-1000\...\MountPoints2: {ac8d7300-b2ea-11e4-ac86-74d43581fc70} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2267689825-1851815236-125278167-1000\...\MountPoints2: {ac8d7324-b2ea-11e4-ac86-74d43581fc70} - F:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyClock.exe.lnk
ShortcutTarget: MyClock.exe.lnk -> C:\Users\Mike\Documents\MyClock.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2267689825-1851815236-125278167-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-17] (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-17] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-17] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-17] (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\r7w2ht4z.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-18] ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-17] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\r7w2ht4z.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-03-14]
FF Extension: Adblock Plus - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\r7w2ht4z.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-14]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-12-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-22] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-22] (Avast Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [814464 2015-02-07] ()
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2015-01-31] (EasyAntiCheat Ltd)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-30] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-22] ()
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-03-22] (Emsisoft GmbH)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-29] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [89072 2013-03-21] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-24] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-22] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 21:46 - 2015-03-28 21:46 - 00000197 _____ () C:\Windows\system32\2015-03-29-02-46-16.035-AvastVBoxSVC.exe-3008.log
2015-03-27 23:23 - 2015-03-27 23:23 - 00000197 _____ () C:\Windows\system32\2015-03-28-04-23-08.056-AvastVBoxSVC.exe-2764.log
2015-03-27 23:00 - 2015-03-27 23:00 - 00000197 _____ () C:\Windows\system32\2015-03-28-04-00-13.054-AvastVBoxSVC.exe-2960.log
2015-03-27 22:47 - 2015-03-27 22:47 - 00000197 _____ () C:\Windows\system32\2015-03-28-03-47-32.081-AvastVBoxSVC.exe-2716.log
2015-03-27 22:09 - 2015-03-27 22:09 - 00000197 _____ () C:\Windows\system32\2015-03-28-03-09-26.092-AvastVBoxSVC.exe-3656.log
2015-03-27 22:00 - 2015-03-27 22:01 - 00000197 _____ () C:\Windows\system32\2015-03-28-03-00-40.047-AvastVBoxSVC.exe-2624.log
2015-03-26 20:11 - 2015-03-26 20:11 - 00000197 _____ () C:\Windows\system32\2015-03-27-01-11-30.008-AvastVBoxSVC.exe-2416.log
2015-03-25 19:43 - 2015-03-25 19:43 - 00031703 _____ () C:\Users\Mike\Desktop\Addition.txt
2015-03-25 19:37 - 2015-03-25 19:37 - 00001430 _____ () C:\Users\Mike\Desktop\New Text Document.txt
2015-03-25 19:33 - 2015-03-25 19:33 - 00032607 _____ () C:\Users\Mike\Desktop\aAddition.txt
2015-03-25 19:31 - 2015-03-28 21:56 - 00014478 _____ () C:\Users\Mike\Desktop\FRST.txt
2015-03-25 19:31 - 2015-03-25 19:33 - 00031296 _____ () C:\Users\Mike\Desktop\aFRST.txt
2015-03-25 19:30 - 2015-03-28 21:56 - 00000000 ____D () C:\FRST
2015-03-25 19:30 - 2015-03-25 19:30 - 02095616 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2015-03-25 19:29 - 2015-03-25 19:30 - 00000197 _____ () C:\Windows\system32\2015-03-26-00-29-41.020-AvastVBoxSVC.exe-3392.log
2015-03-24 20:02 - 2015-03-24 20:02 - 00000197 _____ () C:\Windows\system32\2015-03-25-01-02-12.093-AvastVBoxSVC.exe-2756.log
2015-03-24 03:07 - 2015-03-24 03:07 - 00000000 ____D () C:\Users\Mike\AppData\Local\CrashDumps
2015-03-23 20:07 - 2015-03-23 20:08 - 00000197 _____ () C:\Windows\system32\2015-03-24-01-07-39.042-AvastVBoxSVC.exe-2552.log
2015-03-23 00:37 - 2015-03-23 00:37 - 00000247 _____ () C:\Windows\system32\2015-03-23-05-37-41.067-aswFe.exe-3332.log
2015-03-23 00:35 - 2015-03-23 00:37 - 00000247 _____ () C:\Windows\system32\2015-03-23-05-35-12.016-aswFe.exe-3972.log
2015-03-23 00:35 - 2015-03-23 00:35 - 00000197 _____ () C:\Windows\system32\2015-03-23-05-35-06.034-AvastVBoxSVC.exe-4480.log
2015-03-23 00:32 - 2015-03-23 00:32 - 00000222 _____ () C:\Users\Mike\Desktop\FTL Faster Than Light.url
2015-03-22 11:37 - 2015-03-22 11:37 - 00000197 _____ () C:\Windows\system32\2015-03-22-16-37-16.095-AvastVBoxSVC.exe-2816.log
2015-03-22 02:18 - 2015-03-22 02:18 - 00000830 _____ () C:\Users\Mike\Desktop\JRT.txt
2015-03-22 01:27 - 2015-03-22 12:18 - 00000000 ____D () C:\EEK
2015-03-22 01:27 - 2015-03-22 01:27 - 00000743 _____ () C:\Users\Mike\Desktop\Start Emsisoft Emergency Kit.lnk
2015-03-22 01:17 - 2015-03-22 01:27 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-22 01:17 - 2015-03-22 01:17 - 00000000 ____D () C:\Program Files\HitmanPro
2015-03-22 01:14 - 2015-03-22 01:14 - 01388672 _____ (Thisisu) C:\Users\Mike\Desktop\JRT.exe
2015-03-22 01:13 - 2015-03-22 01:17 - 10995632 _____ (SurfRight B.V.) C:\Users\Mike\Desktop\HitmanPro_x64.exe
2015-03-22 01:13 - 2015-03-22 01:14 - 164449000 _____ () C:\Users\Mike\Desktop\EmsisoftEmergencyKit.exe
2015-03-22 01:11 - 2015-03-24 03:07 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-22 01:11 - 2015-03-22 01:16 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-22 01:10 - 2015-03-22 01:11 - 16660056 _____ () C:\Users\Mike\Desktop\RogueKiller.exe
2015-03-22 00:59 - 2015-03-22 01:01 - 00003624 _____ () C:\Users\Mike\Desktop\Rkill.txt
2015-03-22 00:59 - 2015-03-22 00:59 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Mike\Desktop\tdsskiller.exe
2015-03-22 00:54 - 2015-03-22 00:54 - 00000197 _____ () C:\Windows\system32\2015-03-22-05-54-47.068-AvastVBoxSVC.exe-2592.log
2015-03-22 00:43 - 2015-03-22 00:43 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-22 00:43 - 2015-03-22 00:43 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-22 00:43 - 2015-03-22 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-22 00:43 - 2015-03-22 00:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-22 00:43 - 2015-03-22 00:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-22 00:43 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-22 00:43 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-22 00:43 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-22 00:38 - 2015-03-22 00:38 - 00000197 _____ () C:\Windows\system32\2015-03-22-05-38-36.091-AvastVBoxSVC.exe-2520.log
2015-03-22 00:33 - 2015-03-22 00:35 - 00000000 ____D () C:\AdwCleaner
2015-03-22 00:32 - 2015-03-22 00:33 - 02171392 _____ () C:\Users\Mike\Desktop\adwcleaner_4.112.exe
2015-03-22 00:05 - 2015-03-22 00:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-21 11:41 - 2015-03-21 11:42 - 00000197 _____ () C:\Windows\system32\2015-03-21-16-41-51.078-AvastVBoxSVC.exe-2440.log
2015-03-20 19:29 - 2015-03-20 19:30 - 00000197 _____ () C:\Windows\system32\2015-03-21-00-29-58.054-AvastVBoxSVC.exe-2512.log
2015-03-19 19:40 - 2015-03-19 19:41 - 00000197 _____ () C:\Windows\system32\2015-03-20-00-40-37.088-AvastVBoxSVC.exe-2464.log
2015-03-18 19:47 - 2015-03-18 19:47 - 00000197 _____ () C:\Windows\system32\2015-03-19-00-47-18.037-AvastVBoxSVC.exe-2576.log
2015-03-17 20:19 - 2015-03-17 20:19 - 00000197 _____ () C:\Windows\system32\2015-03-18-01-19-39.003-AvastVBoxSVC.exe-1660.log
2015-03-16 19:53 - 2015-03-16 19:54 - 00000197 _____ () C:\Windows\system32\2015-03-17-00-53-25.030-AvastVBoxSVC.exe-2536.log
2015-03-15 19:00 - 2015-03-15 19:00 - 00000197 _____ () C:\Windows\system32\2015-03-16-00-00-09.080-AvastVBoxSVC.exe-2412.log
2015-03-15 00:09 - 2015-03-15 00:09 - 00000197 _____ () C:\Windows\system32\2015-03-15-05-09-42.002-AvastVBoxSVC.exe-3000.log
2015-03-14 15:52 - 2015-03-14 15:53 - 00000197 _____ () C:\Windows\system32\2015-03-14-20-52-29.025-AvastVBoxSVC.exe-2540.log
2015-03-14 02:09 - 2015-03-14 02:10 - 00000247 _____ () C:\Windows\system32\2015-03-14-07-09-54.071-aswFe.exe-6312.log
2015-03-14 01:31 - 2015-03-14 02:09 - 00000247 _____ () C:\Windows\system32\2015-03-14-06-31-15.048-aswFe.exe-1552.log
2015-03-14 01:31 - 2015-03-14 01:31 - 00000197 _____ () C:\Windows\system32\2015-03-14-06-31-03.080-AvastVBoxSVC.exe-4700.log
2015-03-13 22:09 - 2015-03-13 22:09 - 38885078 _____ () C:\Users\Mike\Downloads\StarCitizenInstaller.exe
2015-03-13 20:54 - 2015-03-13 20:54 - 00000197 _____ () C:\Windows\system32\2015-03-14-01-54-17.040-AvastVBoxSVC.exe-2684.log
2015-03-12 21:28 - 2015-03-12 21:29 - 00000197 _____ () C:\Windows\system32\2015-03-13-02-28-50.089-AvastVBoxSVC.exe-3944.log
2015-03-11 18:32 - 2015-03-11 18:32 - 00000197 _____ () C:\Windows\system32\2015-03-11-23-32-14.021-AvastVBoxSVC.exe-2672.log
2015-03-10 20:03 - 2015-03-10 20:04 - 00000197 _____ () C:\Windows\system32\2015-03-11-01-03-29.073-AvastVBoxSVC.exe-3612.log
2015-03-09 19:51 - 2015-03-09 19:52 - 00000197 _____ () C:\Windows\system32\2015-03-10-00-51-56.045-AvastVBoxSVC.exe-2468.log
2015-03-08 13:57 - 2015-03-08 13:57 - 00000197 _____ () C:\Windows\system32\2015-03-08-18-57-02.088-AvastVBoxSVC.exe-2436.log
2015-03-07 12:22 - 2015-03-07 12:22 - 00000197 _____ () C:\Windows\system32\2015-03-07-17-22-21.062-AvastVBoxSVC.exe-2704.log
2015-03-06 21:11 - 2015-03-06 21:11 - 00000197 _____ () C:\Windows\system32\2015-03-07-02-11-19.012-AvastVBoxSVC.exe-2636.log
2015-03-05 21:10 - 2015-03-05 21:11 - 00000197 _____ () C:\Windows\system32\2015-03-06-02-10-58.061-AvastVBoxSVC.exe-2384.log
2015-03-04 20:50 - 2015-03-04 20:51 - 00000197 _____ () C:\Windows\system32\2015-03-05-01-50-37.095-AvastVBoxSVC.exe-2608.log
2015-03-03 22:12 - 2015-03-03 22:12 - 00000197 _____ () C:\Windows\system32\2015-03-04-03-12-00.047-AvastVBoxSVC.exe-2492.log
2015-03-02 20:18 - 2015-03-02 20:18 - 00000197 _____ () C:\Windows\system32\2015-03-03-01-18-00.020-AvastVBoxSVC.exe-2608.log
2015-03-01 18:00 - 2015-03-01 18:00 - 00000197 _____ () C:\Windows\system32\2015-03-01-23-00-09.094-AvastVBoxSVC.exe-1792.log
2015-03-01 04:35 - 2015-03-01 04:36 - 00000000 ____D () C:\Users\Mike\Documents\Heroes of the Storm
2015-02-28 13:51 - 2015-02-28 13:51 - 00000197 _____ () C:\Windows\system32\2015-02-28-18-51-33.092-AvastVBoxSVC.exe-2584.log
2015-02-28 01:09 - 2015-02-28 01:09 - 00001189 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2015-02-28 01:09 - 2015-02-28 01:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-02-28 01:05 - 2015-03-02 01:06 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2015-02-27 22:29 - 2015-02-27 22:29 - 00000197 _____ () C:\Windows\system32\2015-02-28-03-29-42.036-AvastVBoxSVC.exe-2612.log
2015-02-26 20:57 - 2015-02-26 20:57 - 00000197 _____ () C:\Windows\system32\2015-02-27-01-57-20.044-AvastVBoxSVC.exe-2900.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 21:56 - 2014-08-14 20:51 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\TS3Client
2015-03-28 21:51 - 2009-07-13 23:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-28 21:51 - 2009-07-13 23:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-28 21:50 - 2014-03-14 07:26 - 02024280 _____ () C:\Windows\WindowsUpdate.log
2015-03-28 21:45 - 2014-03-16 22:49 - 00000124 _____ () C:\HaxLogs.log
2015-03-28 21:45 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-28 21:45 - 2009-07-13 23:51 - 00091142 _____ () C:\Windows\setupact.log
2015-03-28 01:47 - 2014-03-16 03:54 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-27 22:57 - 2014-03-18 04:01 - 00180422 _____ () C:\Windows\PFRO.log
2015-03-27 22:56 - 2014-03-27 01:25 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Dropbox
2015-03-27 22:02 - 2014-03-18 01:35 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-27 03:25 - 2015-02-01 03:24 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Kodi
2015-03-27 01:02 - 2014-03-14 12:16 - 00000000 ____D () C:\Users\Mike\AppData\Local\Battle.net
2015-03-26 22:23 - 2014-03-14 12:19 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-03-26 22:18 - 2014-03-14 12:20 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-03-26 22:17 - 2014-03-14 12:16 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-03-23 00:34 - 2014-03-21 23:33 - 00000000 ____D () C:\Users\Mike\Documents\My Games
2015-03-22 11:35 - 2014-03-14 11:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-22 11:35 - 2009-07-14 00:08 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-22 00:52 - 2014-03-14 15:01 - 00000000 ____D () C:\Windows\Minidump
2015-03-22 00:35 - 2014-07-11 20:12 - 00000857 _____ () C:\Users\Mike\Desktop\Sweet Home 3D.lnk
2015-03-22 00:35 - 2014-07-11 20:12 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D
2015-03-18 20:12 - 2014-03-14 11:40 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-18 20:12 - 2014-03-14 11:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-18 20:11 - 2014-09-26 23:50 - 00000000 ____D () C:\Users\Mike\AppData\Local\Adobe
2015-03-17 20:22 - 2009-07-14 00:13 - 00784286 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-15 00:38 - 2014-06-14 22:47 - 00000222 _____ () C:\Users\Mike\Desktop\Chivalry Medieval Warfare.url
2015-03-15 00:22 - 2014-06-15 22:30 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-13 22:10 - 2014-05-16 23:04 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-03-01 04:36 - 2014-03-14 12:16 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment

==================== Files in the root of some directories =======

2014-09-27 02:33 - 2015-02-05 21:18 - 0000132 _____ () C:\Users\Mike\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-03-14 10:41 - 2014-03-14 10:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Mike\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf_jtdw.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 20:27

==================== End Of Log ============================



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 PM

Posted 29 March 2015 - 08:32 AM

I uninstalled Dropbox and noticed that a dll in \Temp is still being created after each boot with different suffix, but always starting with "dropbox_sqlite_ext."


We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Wait for further instructions.

#7 IAmAUser

IAmAUser
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 29 March 2015 - 02:08 PM

note: aswMBR had a message box that said my cpu supported virtualization and that I could use it for rootkit detection, I clicked yes.

 

-TDSSKiller log-

 

13:29:09.0027 0x1194  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
13:29:13.0856 0x1194  ============================================================
13:29:13.0856 0x1194  Current date / time: 2015/03/29 13:29:13.0856
13:29:13.0856 0x1194  SystemInfo:
13:29:13.0856 0x1194  
13:29:13.0856 0x1194  OS Version: 6.1.7601 ServicePack: 1.0
13:29:13.0856 0x1194  Product type: Workstation
13:29:13.0856 0x1194  ComputerName: MIKE-PC
13:29:13.0857 0x1194  UserName: Mike
13:29:13.0857 0x1194  Windows directory: C:\Windows
13:29:13.0857 0x1194  System windows directory: C:\Windows
13:29:13.0857 0x1194  Running under WOW64
13:29:13.0857 0x1194  Processor architecture: Intel x64
13:29:13.0857 0x1194  Number of processors: 4
13:29:13.0857 0x1194  Page size: 0x1000
13:29:13.0857 0x1194  Boot type: Normal boot
13:29:13.0857 0x1194  ============================================================
13:29:15.0987 0x1194  KLMD registered as C:\Windows\system32\drivers\04297747.sys
13:29:16.0137 0x1194  System UUID: {D343C4E7-B57A-49DC-9C86-91404ACF4609}
13:29:16.0486 0x1194  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:29:16.0493 0x1194  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:29:16.0505 0x1194  ============================================================
13:29:16.0505 0x1194  \Device\Harddisk0\DR0:
13:29:16.0505 0x1194  MBR partitions:
13:29:16.0505 0x1194  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
13:29:16.0505 0x1194  \Device\Harddisk1\DR1:
13:29:16.0506 0x1194  MBR partitions:
13:29:16.0506 0x1194  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:29:16.0506 0x1194  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
13:29:16.0506 0x1194  ============================================================
13:29:16.0527 0x1194  C: <-> \Device\Harddisk1\DR1\Partition2
13:29:16.0529 0x1194  D: <-> \Device\Harddisk0\DR0\Partition1
13:29:16.0529 0x1194  ============================================================
13:29:16.0529 0x1194  Initialize success
13:29:16.0529 0x1194  ============================================================
13:29:27.0894 0x08f0  ============================================================
13:29:27.0894 0x08f0  Scan started
13:29:27.0894 0x08f0  Mode: Manual;
13:29:27.0894 0x08f0  ============================================================
13:29:27.0894 0x08f0  KSN ping started
13:29:30.0755 0x08f0  KSN ping finished: true
13:29:31.0624 0x08f0  ================ Scan system memory ========================
13:29:31.0624 0x08f0  System memory - ok
13:29:31.0624 0x08f0  ================ Scan services =============================
13:29:31.0755 0x08f0  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:29:31.0759 0x08f0  1394ohci - ok
13:29:31.0797 0x08f0  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:29:31.0801 0x08f0  ACPI - ok
13:29:31.0827 0x08f0  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:29:31.0828 0x08f0  AcpiPmi - ok
13:29:31.0863 0x08f0  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
13:29:31.0870 0x08f0  adp94xx - ok
13:29:31.0890 0x08f0  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
13:29:31.0896 0x08f0  adpahci - ok
13:29:31.0912 0x08f0  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
13:29:31.0915 0x08f0  adpu320 - ok
13:29:31.0943 0x08f0  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:29:31.0945 0x08f0  AeLookupSvc - ok
13:29:31.0994 0x08f0  [ D31DC7A16DEA4A9BAF179F3D6FBDB38C, 532678D86E3E667F2E789C4873565E0B92C549A93F10802BB6D5B505CA3238CE ] AFD             C:\Windows\system32\drivers\afd.sys
13:29:32.0001 0x08f0  AFD - ok
13:29:32.0036 0x08f0  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
13:29:32.0037 0x08f0  agp440 - ok
13:29:32.0048 0x08f0  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
13:29:32.0050 0x08f0  ALG - ok
13:29:32.0062 0x08f0  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:29:32.0063 0x08f0  aliide - ok
13:29:32.0065 0x08f0  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
13:29:32.0066 0x08f0  amdide - ok
13:29:32.0080 0x08f0  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
13:29:32.0081 0x08f0  AmdK8 - ok
13:29:32.0089 0x08f0  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
13:29:32.0090 0x08f0  AmdPPM - ok
13:29:32.0123 0x08f0  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:29:32.0125 0x08f0  amdsata - ok
13:29:32.0138 0x08f0  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
13:29:32.0141 0x08f0  amdsbs - ok
13:29:32.0151 0x08f0  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:29:32.0152 0x08f0  amdxata - ok
13:29:32.0183 0x08f0  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
13:29:32.0185 0x08f0  AppID - ok
13:29:32.0194 0x08f0  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:29:32.0196 0x08f0  AppIDSvc - ok
13:29:32.0225 0x08f0  [ 3977D4A871CA0D4F2ED1E7DB46829731, 2AF1C3225994769C3FD25CD7E9603964B035576F25B0B6D91545566E0722FFAA ] Appinfo         C:\Windows\System32\appinfo.dll
13:29:32.0227 0x08f0  Appinfo - ok
13:29:32.0244 0x08f0  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
13:29:32.0248 0x08f0  AppMgmt - ok
13:29:32.0257 0x08f0  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
13:29:32.0259 0x08f0  arc - ok
13:29:32.0275 0x08f0  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
13:29:32.0277 0x08f0  arcsas - ok
13:29:32.0371 0x08f0  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:29:32.0403 0x08f0  aspnet_state - ok
13:29:32.0452 0x08f0  [ 9BE9F2B83DE80E2752B1405CC427E2EC, 6015CA66553B3B882083B33F24FB338249A110D9769831C3D3D3C681AAFA9411 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
13:29:32.0452 0x08f0  aswHwid - ok
13:29:32.0477 0x08f0  [ 2DA1C1AEDF454F8E32A863A1AEACDD8C, F02E4D197AE00B9A9507CF6007A7B7BEA54AF0F255B752FBA7174FA2596D1CA9 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
13:29:32.0478 0x08f0  aswMonFlt - ok
13:29:32.0483 0x08f0  [ 4750016EF9CC1DEC6DA3FE5AF9A7F095, C4CF46246D8A3FF9BD8D2FE899685654ADD45EB9B032F33804D0B8131882BC74 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
13:29:32.0485 0x08f0  aswRdr - ok
13:29:32.0492 0x08f0  [ 1323269A92645705DEFA053F3596829D, 83EC58E0577A1E45D1FCBC0C0AF182099FB70B9005B9F8161166EBB4E9F58F35 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
13:29:32.0493 0x08f0  aswRvrt - ok
13:29:32.0532 0x08f0  [ E74FD717476B30E23F45354B8F3ACB30, 951D1655E1FA4CF0ACB29F2EEDDB3B42522D392F46DD826C63DCA8941E17ABA8 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
13:29:32.0544 0x08f0  aswSnx - ok
13:29:32.0594 0x08f0  [ B1881A01E301990B671694CA1623F1B6, 5299C713EA7CF96F0550943DB37E963CDA09258F65C471CCEEAB44C4736B7A08 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
13:29:32.0599 0x08f0  aswSP - ok
13:29:32.0611 0x08f0  [ 7509F07BA6F84C1E3B2C0D78A1F6F782, A90A36E8E23F58E430DE98B3623688DC09D34B62906EF7796DFC90F581FC385F ] aswStm          C:\Windows\system32\drivers\aswStm.sys
13:29:32.0613 0x08f0  aswStm - ok
13:29:32.0629 0x08f0  [ 1A5BDDE65B648DC3AD48B6ECAA3AE9C8, 858F674C3B775F9C8C782B7AFAC0B02AE9410C9F3B7F5B3AE1C4AD3BF6448C14 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
13:29:32.0633 0x08f0  aswVmm - ok
13:29:32.0662 0x08f0  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:29:32.0663 0x08f0  AsyncMac - ok
13:29:32.0710 0x08f0  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:29:32.0710 0x08f0  atapi - ok
13:29:32.0760 0x08f0  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:29:32.0777 0x08f0  AudioEndpointBuilder - ok
13:29:32.0789 0x08f0  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:29:32.0797 0x08f0  AudioSrv - ok
13:29:32.0845 0x08f0  [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:29:32.0846 0x08f0  avast! Antivirus - ok
13:29:32.0970 0x08f0  [ 4F4EBF6163D3A02D52A66BBD145B0069, 179B2FD2671F6BB8D3F77B39001F546A0DEBE85BFF9782060AF1DC50DFA071EF ] AvastVBoxSvc    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
13:29:33.0071 0x08f0  AvastVBoxSvc - ok
13:29:33.0104 0x08f0  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:29:33.0107 0x08f0  AxInstSV - ok
13:29:33.0152 0x08f0  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
13:29:33.0159 0x08f0  b06bdrv - ok
13:29:33.0181 0x08f0  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:29:33.0186 0x08f0  b57nd60a - ok
13:29:33.0214 0x08f0  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:29:33.0216 0x08f0  BDESVC - ok
13:29:33.0230 0x08f0  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:29:33.0231 0x08f0  Beep - ok
13:29:33.0341 0x08f0  [ 34C68197B2A3214B6200036D4E9D2653, 5DE050FF33D41A32CC77246A441ED47D5E8202237E7608A1141CD97CFBF9DE56 ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
13:29:33.0365 0x08f0  BEService - ok
13:29:33.0421 0x08f0  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
13:29:33.0434 0x08f0  BFE - ok
13:29:33.0473 0x08f0  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
13:29:33.0499 0x08f0  BITS - ok
13:29:33.0523 0x08f0  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:29:33.0524 0x08f0  blbdrive - ok
13:29:33.0556 0x08f0  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:29:33.0558 0x08f0  bowser - ok
13:29:33.0580 0x08f0  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:29:33.0581 0x08f0  BrFiltLo - ok
13:29:33.0599 0x08f0  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:29:33.0600 0x08f0  BrFiltUp - ok
13:29:33.0622 0x08f0  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
13:29:33.0625 0x08f0  Browser - ok
13:29:33.0640 0x08f0  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:29:33.0645 0x08f0  Brserid - ok
13:29:33.0658 0x08f0  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:29:33.0660 0x08f0  BrSerWdm - ok
13:29:33.0669 0x08f0  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:29:33.0670 0x08f0  BrUsbMdm - ok
13:29:33.0679 0x08f0  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:29:33.0680 0x08f0  BrUsbSer - ok
13:29:33.0691 0x08f0  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
13:29:33.0693 0x08f0  BTHMODEM - ok
13:29:33.0735 0x08f0  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
13:29:33.0737 0x08f0  bthserv - ok
13:29:33.0754 0x08f0  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:29:33.0756 0x08f0  cdfs - ok
13:29:33.0785 0x08f0  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:29:33.0788 0x08f0  cdrom - ok
13:29:33.0823 0x08f0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:29:33.0826 0x08f0  CertPropSvc - ok
13:29:33.0836 0x08f0  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
13:29:33.0837 0x08f0  circlass - ok
13:29:33.0904 0x08f0  [ B794DCF38C965FA2F93C45A7C3D582C5, 0E483EAF835B85AA4B6F449F9BB68AF0A3EE4192D29CD72F4B812F1E4D9E9A7C ] cleanhlp        C:\EEK\bin\cleanhlp64.sys
13:29:33.0906 0x08f0  cleanhlp - ok
13:29:33.0936 0x08f0  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
13:29:33.0942 0x08f0  CLFS - ok
13:29:33.0997 0x08f0  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:29:33.0999 0x08f0  clr_optimization_v2.0.50727_32 - ok
13:29:34.0032 0x08f0  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:29:34.0034 0x08f0  clr_optimization_v2.0.50727_64 - ok
13:29:34.0104 0x08f0  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:29:34.0172 0x08f0  clr_optimization_v4.0.30319_32 - ok
13:29:34.0192 0x08f0  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:29:34.0215 0x08f0  clr_optimization_v4.0.30319_64 - ok
13:29:34.0247 0x08f0  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:29:34.0248 0x08f0  CmBatt - ok
13:29:34.0257 0x08f0  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:29:34.0258 0x08f0  cmdide - ok
13:29:34.0287 0x08f0  [ 9AC4F97C2D3E93367E2148EA940CD2CD, 530E089E5CF868AECDB2B5548EBE76E0CA98FC74A72897292AB2485734402E3B ] CNG             C:\Windows\system32\Drivers\cng.sys
13:29:34.0294 0x08f0  CNG - ok
13:29:34.0317 0x08f0  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:29:34.0318 0x08f0  Compbatt - ok
13:29:34.0366 0x08f0  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
13:29:34.0367 0x08f0  CompositeBus - ok
13:29:34.0374 0x08f0  COMSysApp - ok
13:29:34.0451 0x08f0  [ 854E270FD703B4F33D3F1119F51F10A9, E39E22103287C87F393964463F39FE98BC2976BE2AF665B3EF6F28938D6CBC7E ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
13:29:34.0456 0x08f0  cphs - ok
13:29:34.0470 0x08f0  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
13:29:34.0471 0x08f0  crcdisk - ok
13:29:34.0508 0x08f0  [ 15597883FBE9B056F276ADA3AD87D9AF, B347E0B11228E38313C59C8ED984253A8A1FF482ED137CF5F488C4AFD6B08857 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:29:34.0512 0x08f0  CryptSvc - ok
13:29:34.0527 0x08f0  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
13:29:34.0535 0x08f0  CSC - ok
13:29:34.0577 0x08f0  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
13:29:34.0591 0x08f0  CscService - ok
13:29:34.0629 0x08f0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:29:34.0637 0x08f0  DcomLaunch - ok
13:29:34.0663 0x08f0  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
13:29:34.0668 0x08f0  defragsvc - ok
13:29:34.0705 0x08f0  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:29:34.0707 0x08f0  DfsC - ok
13:29:34.0733 0x08f0  [ F617617E9484F1575E15C7FC6CB46523, FCDDB0BB38E6E9C8EC93AEB37DD80061993A235C428C5B4D7AEF1C7517C372F4 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
13:29:34.0735 0x08f0  dg_ssudbus - ok
13:29:34.0762 0x08f0  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:29:34.0767 0x08f0  Dhcp - ok
13:29:34.0788 0x08f0  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
13:29:34.0789 0x08f0  discache - ok
13:29:34.0813 0x08f0  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
13:29:34.0814 0x08f0  Disk - ok
13:29:34.0851 0x08f0  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:29:34.0855 0x08f0  Dnscache - ok
13:29:34.0883 0x08f0  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:29:34.0887 0x08f0  dot3svc - ok
13:29:34.0915 0x08f0  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
13:29:34.0919 0x08f0  DPS - ok
13:29:34.0965 0x08f0  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:29:34.0966 0x08f0  drmkaud - ok
13:29:35.0012 0x08f0  [ F5BEE30450E18E6B83A5012C100616FD, 44D0577D159FC2BDF4EAD1DC2C7FD14925D075225EF97608CAC52DEE405B08FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:29:35.0022 0x08f0  DXGKrnl - ok
13:29:35.0070 0x08f0  [ 73F8DE25B04A66CE3BE5D09A10DE56E6, ABA5AA50D936897CC71D710BBCF9A1B1CCCAC290FCD10A710E4471C1CDDE1093 ] e1dexpress      C:\Windows\system32\DRIVERS\e1d62x64.sys
13:29:35.0075 0x08f0  e1dexpress - ok
13:29:35.0103 0x08f0  [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD, 967829CE37158020F6026C588260FCFC6F9852DDDACD622FAF7AB75121DF5B3D ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
13:29:35.0106 0x08f0  E1G60 - ok
13:29:35.0144 0x08f0  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
13:29:35.0147 0x08f0  EapHost - ok
13:29:35.0184 0x08f0  EasyAntiCheat - ok
13:29:35.0257 0x08f0  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
13:29:35.0341 0x08f0  ebdrv - ok
13:29:35.0459 0x08f0  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] EFS             C:\Windows\System32\lsass.exe
13:29:35.0461 0x08f0  EFS - ok
13:29:35.0658 0x08f0  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:29:35.0667 0x08f0  ehRecvr - ok
13:29:35.0695 0x08f0  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
13:29:35.0698 0x08f0  ehSched - ok
13:29:35.0728 0x08f0  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
13:29:35.0736 0x08f0  elxstor - ok
13:29:35.0769 0x08f0  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:29:35.0770 0x08f0  ErrDev - ok
13:29:35.0796 0x08f0  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
13:29:35.0803 0x08f0  EventSystem - ok
13:29:35.0828 0x08f0  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:29:35.0832 0x08f0  exfat - ok
13:29:35.0846 0x08f0  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:29:35.0849 0x08f0  fastfat - ok
13:29:35.0895 0x08f0  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
13:29:35.0909 0x08f0  Fax - ok
13:29:35.0937 0x08f0  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:29:35.0938 0x08f0  fdc - ok
13:29:35.0948 0x08f0  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
13:29:35.0949 0x08f0  fdPHost - ok
13:29:35.0961 0x08f0  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:29:35.0963 0x08f0  FDResPub - ok
13:29:35.0971 0x08f0  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:29:35.0972 0x08f0  FileInfo - ok
13:29:35.0987 0x08f0  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:29:35.0988 0x08f0  Filetrace - ok
13:29:36.0010 0x08f0  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:29:36.0011 0x08f0  flpydisk - ok
13:29:36.0044 0x08f0  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:29:36.0048 0x08f0  FltMgr - ok
13:29:36.0091 0x08f0  [ 5C4CB4086FB83115B153E47ADD961A0C, 0C3AB7D04BEB3A8FDE00B0C86E6FE064B1CEBB3E4DE1A29CD27830806FA300B3 ] FontCache       C:\Windows\system32\FntCache.dll
13:29:36.0117 0x08f0  FontCache - ok
13:29:36.0168 0x08f0  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:29:36.0169 0x08f0  FontCache3.0.0.0 - ok
13:29:36.0178 0x08f0  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:29:36.0180 0x08f0  FsDepends - ok
13:29:36.0201 0x08f0  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:29:36.0202 0x08f0  Fs_Rec - ok
13:29:36.0317 0x08f0  [ 38F3CF15321DC2B47C7907EB222B637A, C2CE4F62BD7C93566C36B7290DA3E804FB79A18A18E2544E2B6404B473483D4E ] fussvc          C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe
13:29:36.0320 0x08f0  fussvc - ok
13:29:36.0341 0x08f0  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:29:36.0344 0x08f0  fvevol - ok
13:29:36.0364 0x08f0  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
13:29:36.0366 0x08f0  gagp30kx - ok
13:29:36.0401 0x08f0  [ D556CB79967E92B5CC69686D16C1D846, F4FF679066269392F6B7C3BA6257FC60DD609E4F9C491B00E1A16E4C405B0B9B ] gdrv            C:\Windows\gdrv.sys
13:29:36.0402 0x08f0  gdrv - ok
13:29:36.0454 0x08f0  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:29:36.0478 0x08f0  gpsvc - ok
13:29:36.0488 0x08f0  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:29:36.0490 0x08f0  hcw85cir - ok
13:29:36.0542 0x08f0  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:29:36.0547 0x08f0  HdAudAddService - ok
13:29:36.0583 0x08f0  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:29:36.0585 0x08f0  HDAudBus - ok
13:29:36.0594 0x08f0  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
13:29:36.0594 0x08f0  HidBatt - ok
13:29:36.0608 0x08f0  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
13:29:36.0609 0x08f0  HidBth - ok
13:29:36.0632 0x08f0  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
13:29:36.0633 0x08f0  HidIr - ok
13:29:36.0654 0x08f0  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
13:29:36.0656 0x08f0  hidserv - ok
13:29:36.0700 0x08f0  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:29:36.0701 0x08f0  HidUsb - ok
13:29:36.0727 0x08f0  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:29:36.0730 0x08f0  hkmsvc - ok
13:29:36.0767 0x08f0  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:29:36.0772 0x08f0  HomeGroupListener - ok
13:29:36.0808 0x08f0  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:29:36.0813 0x08f0  HomeGroupProvider - ok
13:29:36.0847 0x08f0  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:29:36.0849 0x08f0  HpSAMD - ok
13:29:36.0867 0x08f0  [ F47CEC45FB85791D4AB237563AD0FA8F, 1035066D48BD179855BCA7F62EFA1B951E6E839D2E29E15A31844E18A126DD41 ] HTCAND64        C:\Windows\system32\Drivers\ANDROIDUSB.sys
13:29:36.0868 0x08f0  HTCAND64 - ok
13:29:36.0902 0x08f0  [ B8B1B284362E1D8135112573395D5DA5, 97BC6A7B2DCD7CC854B912A85BB2FCF199592E8E16A7C405EAF89B02D5DE4AEE ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
13:29:36.0903 0x08f0  htcnprot - ok
13:29:36.0946 0x08f0  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:29:36.0963 0x08f0  HTTP - ok
13:29:37.0006 0x08f0  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:29:37.0007 0x08f0  hwpolicy - ok
13:29:37.0043 0x08f0  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
13:29:37.0046 0x08f0  i8042prt - ok
13:29:37.0087 0x08f0  [ 57CD95DEB3529181BCC931DD2DFB2341, 03ACF906E4C3CF954F503900F42C7A60FCD5624772B90A956F032484146E42B7 ] iaStorA         C:\Windows\system32\DRIVERS\iaStorA.sys
13:29:37.0094 0x08f0  iaStorA - ok
13:29:37.0167 0x08f0  [ 20E83F4632E15A5E9E716FF2E8AC7FAE, 7CA1A4924F432AD30ED7FA6247C6513DA173EE31132AE115E85C0ED7E5971029 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
13:29:37.0168 0x08f0  IAStorDataMgrSvc - ok
13:29:37.0178 0x08f0  [ CE5CD8CBE940965867D507AB8EA2795A, 1CC2C23A1436E4C911DD3B942D8F6DABB7249AB04426F9AB6B6045034226DD25 ] iaStorF         C:\Windows\system32\DRIVERS\iaStorF.sys
13:29:37.0179 0x08f0  iaStorF - ok
13:29:37.0224 0x08f0  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:29:37.0230 0x08f0  iaStorV - ok
13:29:37.0307 0x08f0  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:29:37.0332 0x08f0  idsvc - ok
13:29:37.0426 0x08f0  [ 16D939A13CFB82DEE0B9DB12E45C7B4E, D09C57DE3EF7F6BEDD354FEEDB46260FDCF9F9A0F2D096FFD518509AD041AAC5 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
13:29:37.0471 0x08f0  igfx - ok
13:29:37.0494 0x08f0  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
13:29:37.0495 0x08f0  iirsp - ok
13:29:37.0544 0x08f0  [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT          C:\Windows\System32\ikeext.dll
13:29:37.0569 0x08f0  IKEEXT - ok
13:29:37.0666 0x08f0  [ 517869DB2BC6058D250A2963AE32B2D4, 155452DCBA19ABDF8ED72286E9AC43947A06F08C1BD044F88A870F3465981B79 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:29:37.0706 0x08f0  IntcAzAudAddService - ok
13:29:37.0739 0x08f0  [ D6A22510D795928E8840619900D672B4, 296F232B0A6D42840A745E4706D2815F6D2E4279DBD90112CBFBFF8833B724AF ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
13:29:37.0745 0x08f0  IntcDAud - ok
13:29:37.0785 0x08f0  [ DAE6C3099D291EED8922A65C29ABCF52, AD0A932345382824122F84AF97A8609BAE1B916A3B9FD608779A1411E37D3643 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
13:29:37.0798 0x08f0  Intel® Capability Licensing Service Interface - ok
13:29:37.0833 0x08f0  [ D45226E3E7A25F1E7CE8DF8FD0A2A098, 7BD74E9E3CB0A83D26BA3FD8177C6B9BA46A8695B6569CF7887FDC87947DA2D6 ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
13:29:37.0849 0x08f0  Intel® Capability Licensing Service TCP IP Interface - ok
13:29:37.0872 0x08f0  [ CBF7341E55A8348C7AB01A9870C7D948, A5084DF3C6321788C88A9E6B5F43FE5BCFDBB579BDE3A4D5F55558C6D13035A5 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
13:29:37.0875 0x08f0  Intel® PROSet Monitoring Service - ok
13:29:37.0917 0x08f0  [ C63CE58E9FAC897A53DC3EE9580DE307, C112C2E351A1A6191AC074C8CF14C311E1619ADB661B3BCCFE97826ECBB8AAEE ] IntelHaxm       C:\Windows\system32\DRIVERS\IntelHaxm.sys
13:29:37.0918 0x08f0  IntelHaxm - ok
13:29:37.0956 0x08f0  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:29:37.0957 0x08f0  intelide - ok
13:29:37.0975 0x08f0  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:29:37.0976 0x08f0  intelppm - ok
13:29:38.0006 0x08f0  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:29:38.0009 0x08f0  IPBusEnum - ok
13:29:38.0036 0x08f0  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:29:38.0037 0x08f0  IpFilterDriver - ok
13:29:38.0095 0x08f0  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:29:38.0104 0x08f0  iphlpsvc - ok
13:29:38.0132 0x08f0  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:29:38.0134 0x08f0  IPMIDRV - ok
13:29:38.0150 0x08f0  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:29:38.0152 0x08f0  IPNAT - ok
13:29:38.0260 0x08f0  [ 944A6D2E1D971806EFFE4BBABF0DBDC7, 394FC1137D2F5CAE0076229EBFEA940584A15AE4D382006507292A94441AF442 ] IpOverUsbSvc    C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
13:29:38.0261 0x08f0  IpOverUsbSvc - ok
13:29:38.0282 0x08f0  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:29:38.0282 0x08f0  IRENUM - ok
13:29:38.0326 0x08f0  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:29:38.0327 0x08f0  isapnp - ok
13:29:38.0353 0x08f0  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:29:38.0358 0x08f0  iScsiPrt - ok
13:29:38.0384 0x08f0  [ 78D369F8A81A341109FBA1DB64B4C512, E584F693255CCBF7006E7D35984149CF599BB0849A8F02EFDD6223DF0D606049 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
13:29:38.0385 0x08f0  iusb3hcs - ok
13:29:38.0419 0x08f0  [ 5B632ABA038CE2E2D5D2D1115C6B26D1, 605A8FFA704E4369CF9D17DF8630DC9E196B8920D47F1CC5151759E60B234C1F ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
13:29:38.0423 0x08f0  iusb3hub - ok
13:29:38.0465 0x08f0  [ EA841584EF59528D11F20355770E427E, 515737761BB2A0A233F4AD141E28D93E3B9789320A15B7D5FB3DB5AC3CD8E249 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
13:29:38.0474 0x08f0  iusb3xhc - ok
13:29:38.0562 0x08f0  [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
13:29:38.0564 0x08f0  jhi_service - ok
13:29:38.0591 0x08f0  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:29:38.0592 0x08f0  kbdclass - ok
13:29:38.0624 0x08f0  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:29:38.0626 0x08f0  kbdhid - ok
13:29:38.0643 0x08f0  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] KeyIso          C:\Windows\system32\lsass.exe
13:29:38.0644 0x08f0  KeyIso - ok
13:29:38.0668 0x08f0  [ 97A7070AEA4C058B6418519E869A63B4, 15345C2D6CA159BD498002974A0BD21CAB611124D85E3320248B47652AEF23C8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:29:38.0670 0x08f0  KSecDD - ok
13:29:38.0678 0x08f0  [ 26C43A7C2862447EC59DEDA188D1DA07, 5363BF87E650FE2010ACA9417D6920FF4ED752256FF47732882E9B2BA1ED154B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:29:38.0681 0x08f0  KSecPkg - ok
13:29:38.0707 0x08f0  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:29:38.0708 0x08f0  ksthunk - ok
13:29:38.0734 0x08f0  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:29:38.0741 0x08f0  KtmRm - ok
13:29:38.0779 0x08f0  [ 305BB2AC00D46542E0A653AB63F4ABB1, E3BE57A0EBB1194656D20C11688863A7864B06223419F688D82881F9F49604B6 ] LADF_CaptureOnly C:\Windows\system32\DRIVERS\ladfGSCamd64.sys
13:29:38.0786 0x08f0  LADF_CaptureOnly - ok
13:29:38.0803 0x08f0  [ 28CDDC7D478A6313F55077416DCBD0DE, EE4174FC9444856DF0693D1A5F16EB88352A3B012AA82D49C462980703981A7A ] LADF_RenderOnly C:\Windows\system32\DRIVERS\ladfGSRamd64.sys
13:29:38.0805 0x08f0  LADF_RenderOnly - ok
13:29:38.0833 0x08f0  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:29:38.0839 0x08f0  LanmanServer - ok
13:29:38.0881 0x08f0  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:29:38.0885 0x08f0  LanmanWorkstation - ok
13:29:38.0961 0x08f0  [ 1D5C6790425CB6DBB1B3C2722C34E199, D8BCC31A443B77711A7CA468E754A73137C1CC47D6F3DA5BEE3735B654327B0C ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
13:29:38.0966 0x08f0  LBTServ - ok
13:29:39.0008 0x08f0  [ 5EA1731968F2FD0E950DDCE6D36C5134, 16C47AA60CB62F206DBF3B4FAF99FCA667E7193178D1B7ECB162FA87C008BAA3 ] LEqdUsb         C:\Windows\system32\DRIVERS\LEqdUsb.Sys
13:29:39.0009 0x08f0  LEqdUsb - ok
13:29:39.0036 0x08f0  [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
13:29:39.0037 0x08f0  LGBusEnum - ok
13:29:39.0064 0x08f0  [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
13:29:39.0065 0x08f0  LGVirHid - ok
13:29:39.0095 0x08f0  [ 50AC0930F05DFB996F085B49E112E5C9, C5147E92656506981705AFCAA97B7BDAD0929FF39C1666E774BE1BD32FB08387 ] LHidEqd         C:\Windows\system32\DRIVERS\LHidEqd.Sys
13:29:39.0095 0x08f0  LHidEqd - ok
13:29:39.0104 0x08f0  [ 96EB043E2843B5A87A486D0BC6921094, 0B339A18B2F536F12B2C1B4FEDEB3A815DC7F8E7B082144EE084B3E6ED067FBC ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:29:39.0105 0x08f0  LHidFilt - ok
13:29:39.0125 0x08f0  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:29:39.0127 0x08f0  lltdio - ok
13:29:39.0151 0x08f0  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:29:39.0157 0x08f0  lltdsvc - ok
13:29:39.0173 0x08f0  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:29:39.0175 0x08f0  lmhosts - ok
13:29:39.0193 0x08f0  [ A5C1DA229B3B660BBF3BDC30ADBFBB61, B657092424C6BF418A6FA56353370C195D9CA67999B355E8EDD6AFCFD9FEF8E5 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
13:29:39.0194 0x08f0  LMouFilt - ok
13:29:39.0237 0x08f0  [ 3DE66F47365AA8CEB18B1EE272F4FEBA, 8DDD6AB4AEDE3B2FEA0D3B63DD24E3F3422D6ADE067756A3919FCED53C349167 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:29:39.0242 0x08f0  LMS - ok
13:29:39.0275 0x08f0  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
13:29:39.0277 0x08f0  LSI_FC - ok
13:29:39.0289 0x08f0  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
13:29:39.0291 0x08f0  LSI_SAS - ok
13:29:39.0303 0x08f0  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:29:39.0305 0x08f0  LSI_SAS2 - ok
13:29:39.0319 0x08f0  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:29:39.0321 0x08f0  LSI_SCSI - ok
13:29:39.0339 0x08f0  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
13:29:39.0341 0x08f0  luafv - ok
13:29:39.0380 0x08f0  [ CF12E148C6FC151335B7D7FE03F1C7A2, 7087DF6D884AF0A57AC22D7AE9C2903913AAB4CE52D19666B6513C3D5706E43C ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
13:29:39.0381 0x08f0  MBAMProtector - ok
13:29:39.0449 0x08f0  [ E27891A49DF92004041FEC5C3A2D4230, A4679A1F10F84935875E35A83FC7075499B8F4CBB543209A38C0D946347CD264 ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
13:29:39.0460 0x08f0  MBAMService - ok
13:29:39.0497 0x08f0  [ 0CE2F3E26C770CBAEB50787A2C1FD09E, 2DDB1827027D2CC8E78FE737B5DA21783EFCD13430DBB140C34DAACACD6EF492 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
13:29:39.0499 0x08f0  MBAMWebAccessControl - ok
13:29:39.0523 0x08f0  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:29:39.0527 0x08f0  Mcx2Svc - ok
13:29:39.0540 0x08f0  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
13:29:39.0541 0x08f0  megasas - ok
13:29:39.0575 0x08f0  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
13:29:39.0580 0x08f0  MegaSR - ok
13:29:39.0603 0x08f0  [ E0EF6C1399A9B1AAA0B28590411BED04, 10C193D1ED434A6DC2AD8C450012B9AF1C848A0A0B3B775F13495648FB77E009 ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
13:29:39.0605 0x08f0  MEIx64 - ok
13:29:39.0627 0x08f0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
13:29:39.0630 0x08f0  MMCSS - ok
13:29:39.0641 0x08f0  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
13:29:39.0642 0x08f0  Modem - ok
13:29:39.0655 0x08f0  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:29:39.0655 0x08f0  monitor - ok
13:29:39.0696 0x08f0  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:29:39.0697 0x08f0  mouclass - ok
13:29:39.0723 0x08f0  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:29:39.0724 0x08f0  mouhid - ok
13:29:39.0758 0x08f0  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:29:39.0760 0x08f0  mountmgr - ok
13:29:39.0796 0x08f0  [ 0A68B3E37961CEC327EED518F6D62530, EDEB16545ECDDEA2ADFF73E4DF3E9FD87E4B7126C8CFB037ABAF883D157103DE ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:29:39.0799 0x08f0  MozillaMaintenance - ok
13:29:39.0823 0x08f0  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:29:39.0826 0x08f0  mpio - ok
13:29:39.0859 0x08f0  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:29:39.0861 0x08f0  mpsdrv - ok
13:29:39.0911 0x08f0  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:29:39.0936 0x08f0  MpsSvc - ok
13:29:39.0966 0x08f0  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:29:39.0969 0x08f0  MRxDAV - ok
13:29:39.0984 0x08f0  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:29:39.0986 0x08f0  mrxsmb - ok
13:29:40.0000 0x08f0  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:29:40.0004 0x08f0  mrxsmb10 - ok
13:29:40.0025 0x08f0  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:29:40.0028 0x08f0  mrxsmb20 - ok
13:29:40.0056 0x08f0  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:29:40.0056 0x08f0  msahci - ok
13:29:40.0087 0x08f0  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:29:40.0089 0x08f0  msdsm - ok
13:29:40.0101 0x08f0  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
13:29:40.0105 0x08f0  MSDTC - ok
13:29:40.0135 0x08f0  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:29:40.0136 0x08f0  Msfs - ok
13:29:40.0158 0x08f0  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:29:40.0159 0x08f0  mshidkmdf - ok
13:29:40.0161 0x08f0  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:29:40.0161 0x08f0  msisadrv - ok
13:29:40.0187 0x08f0  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:29:40.0191 0x08f0  MSiSCSI - ok
13:29:40.0193 0x08f0  msiserver - ok
13:29:40.0217 0x08f0  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:29:40.0218 0x08f0  MSKSSRV - ok
13:29:40.0245 0x08f0  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:29:40.0246 0x08f0  MSPCLOCK - ok
13:29:40.0258 0x08f0  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:29:40.0258 0x08f0  MSPQM - ok
13:29:40.0295 0x08f0  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:29:40.0302 0x08f0  MsRPC - ok
13:29:40.0346 0x08f0  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
13:29:40.0346 0x08f0  mssmbios - ok
13:29:40.0358 0x08f0  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:29:40.0359 0x08f0  MSTEE - ok
13:29:40.0373 0x08f0  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
13:29:40.0374 0x08f0  MTConfig - ok
13:29:40.0396 0x08f0  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
13:29:40.0397 0x08f0  Mup - ok
13:29:40.0423 0x08f0  [ E99B9E4DEFCEE9BCED670BAA302C09A0, E77340F720FEE2F5F891AAB7E2C5959F137ACF460490EAAD75EC72EA847E3AEC ] mvs91xx         C:\Windows\system32\DRIVERS\mvs91xx.sys
13:29:40.0428 0x08f0  mvs91xx - ok
13:29:40.0468 0x08f0  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
13:29:40.0476 0x08f0  napagent - ok
13:29:40.0499 0x08f0  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:29:40.0504 0x08f0  NativeWifiP - ok
13:29:40.0559 0x08f0  [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:29:40.0584 0x08f0  NDIS - ok
13:29:40.0609 0x08f0  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:29:40.0610 0x08f0  NdisCap - ok
13:29:40.0629 0x08f0  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:29:40.0630 0x08f0  NdisTapi - ok
13:29:40.0649 0x08f0  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:29:40.0659 0x08f0  Ndisuio - ok
13:29:40.0688 0x08f0  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:29:40.0705 0x08f0  NdisWan - ok
13:29:40.0758 0x08f0  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:29:40.0787 0x08f0  NDProxy - ok
13:29:40.0794 0x08f0  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:29:40.0796 0x08f0  NetBIOS - ok
13:29:40.0833 0x08f0  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:29:40.0838 0x08f0  NetBT - ok
13:29:40.0842 0x08f0  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] Netlogon        C:\Windows\system32\lsass.exe
13:29:40.0844 0x08f0  Netlogon - ok
13:29:40.0879 0x08f0  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
13:29:40.0886 0x08f0  Netman - ok
13:29:40.0967 0x08f0  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:29:40.0978 0x08f0  NetMsmqActivator - ok
13:29:40.0981 0x08f0  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:29:40.0984 0x08f0  NetPipeActivator - ok
13:29:41.0001 0x08f0  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
13:29:41.0009 0x08f0  netprofm - ok
13:29:41.0012 0x08f0  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:29:41.0014 0x08f0  NetTcpActivator - ok
13:29:41.0017 0x08f0  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:29:41.0019 0x08f0  NetTcpPortSharing - ok
13:29:41.0042 0x08f0  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
13:29:41.0044 0x08f0  nfrd960 - ok
13:29:41.0077 0x08f0  [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:29:41.0083 0x08f0  NlaSvc - ok
13:29:41.0095 0x08f0  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:29:41.0096 0x08f0  Npfs - ok
13:29:41.0107 0x08f0  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
13:29:41.0109 0x08f0  nsi - ok
13:29:41.0113 0x08f0  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:29:41.0114 0x08f0  nsiproxy - ok
13:29:41.0161 0x08f0  [ A2F74975097F52A00745F9637451FDD8, C681DDBD3382C477C2A030E828B5CFB529CB57C7847BD9AFF25E2A5E58B2DAF3 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:29:41.0195 0x08f0  Ntfs - ok
13:29:41.0206 0x08f0  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
13:29:41.0207 0x08f0  Null - ok
13:29:41.0233 0x08f0  [ 7E4355930B28C2798D9F09AB9F81151F, 941C730F3B75BDF99639E76350031EDD15F18D8D860F3B1282C28B62096E7717 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
13:29:41.0235 0x08f0  NVHDA - ok
13:29:41.0458 0x08f0  [ 7F58A8A5F208557F1FF8D7F45D5811DB, D9999DAD9BBBC907C8633AD08D90E40D861E9941A74CCF3C6183C9E220FEA0E9 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:29:41.0572 0x08f0  nvlddmkm - ok
13:29:41.0596 0x08f0  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:29:41.0599 0x08f0  nvraid - ok
13:29:41.0632 0x08f0  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:29:41.0635 0x08f0  nvstor - ok
13:29:41.0701 0x08f0  [ 806069C408AE736E2182D2FF6C2FA8EE, 9C2D2309C4F4135772C53C10C7442BCA362657B062177B20C2F00DC2137E8362 ] nvsvc           C:\Windows\system32\nvvsvc.exe
13:29:41.0725 0x08f0  nvsvc - ok
13:29:41.0763 0x08f0  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:29:41.0765 0x08f0  nv_agp - ok
13:29:41.0795 0x08f0  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:29:41.0796 0x08f0  ohci1394 - ok
13:29:41.0819 0x08f0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:29:41.0825 0x08f0  p2pimsvc - ok
13:29:41.0850 0x08f0  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
13:29:41.0858 0x08f0  p2psvc - ok
13:29:41.0883 0x08f0  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
13:29:41.0885 0x08f0  Parport - ok
13:29:41.0907 0x08f0  [ 871EADAC56B0A4C6512BBE32753CCF79, F9FD9DBA55274BB72B897550988DCDFD0F2D9367BE641DFDE07D240052DDC180 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:29:41.0909 0x08f0  partmgr - ok
13:29:41.0951 0x08f0  [ 3CAE2BBC86FCF7F94C9696994AF30386, 4DA063A60523567272CFB35DF5D7CA142B100EF9123B1F23A6F11AB89DB83486 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
13:29:41.0953 0x08f0  PassThru Service - ok
13:29:41.0968 0x08f0  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:29:41.0973 0x08f0  PcaSvc - ok
13:29:41.0985 0x08f0  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
13:29:41.0988 0x08f0  pci - ok
13:29:42.0027 0x08f0  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:29:42.0028 0x08f0  pciide - ok
13:29:42.0042 0x08f0  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
13:29:42.0045 0x08f0  pcmcia - ok
13:29:42.0058 0x08f0  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:29:42.0059 0x08f0  pcw - ok
13:29:42.0081 0x08f0  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:29:42.0093 0x08f0  PEAUTH - ok
13:29:42.0127 0x08f0  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
13:29:42.0160 0x08f0  PeerDistSvc - ok
13:29:42.0221 0x08f0  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:29:42.0223 0x08f0  PerfHost - ok
13:29:42.0273 0x08f0  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
13:29:42.0307 0x08f0  pla - ok
13:29:42.0353 0x08f0  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:29:42.0360 0x08f0  PlugPlay - ok
13:29:42.0377 0x08f0  PnkBstrA - ok
13:29:42.0401 0x08f0  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:29:42.0404 0x08f0  PNRPAutoReg - ok
13:29:42.0419 0x08f0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:29:42.0424 0x08f0  PNRPsvc - ok
13:29:42.0470 0x08f0  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:29:42.0478 0x08f0  PolicyAgent - ok
13:29:42.0496 0x08f0  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
13:29:42.0500 0x08f0  Power - ok
13:29:42.0541 0x08f0  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:29:42.0543 0x08f0  PptpMiniport - ok
13:29:42.0561 0x08f0  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
13:29:42.0562 0x08f0  Processor - ok
13:29:42.0589 0x08f0  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:29:42.0594 0x08f0  ProfSvc - ok
13:29:42.0601 0x08f0  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] ProtectedStorage C:\Windows\system32\lsass.exe
13:29:42.0602 0x08f0  ProtectedStorage - ok
13:29:42.0638 0x08f0  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:29:42.0639 0x08f0  Psched - ok
13:29:42.0701 0x08f0  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
13:29:42.0735 0x08f0  ql2300 - ok
13:29:42.0748 0x08f0  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
13:29:42.0750 0x08f0  ql40xx - ok
13:29:42.0772 0x08f0  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
13:29:42.0777 0x08f0  QWAVE - ok
13:29:42.0790 0x08f0  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:29:42.0791 0x08f0  QWAVEdrv - ok
13:29:42.0802 0x08f0  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:29:42.0803 0x08f0  RasAcd - ok
13:29:42.0829 0x08f0  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:29:42.0831 0x08f0  RasAgileVpn - ok
13:29:42.0841 0x08f0  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
13:29:42.0844 0x08f0  RasAuto - ok
13:29:42.0875 0x08f0  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:29:42.0877 0x08f0  Rasl2tp - ok
13:29:42.0918 0x08f0  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
13:29:42.0925 0x08f0  RasMan - ok
13:29:42.0957 0x08f0  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:29:42.0958 0x08f0  RasPppoe - ok
13:29:42.0979 0x08f0  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:29:42.0980 0x08f0  RasSstp - ok
13:29:42.0993 0x08f0  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:29:42.0997 0x08f0  rdbss - ok
13:29:43.0003 0x08f0  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:29:43.0004 0x08f0  rdpbus - ok
13:29:43.0023 0x08f0  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:29:43.0025 0x08f0  RDPCDD - ok
13:29:43.0051 0x08f0  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
13:29:43.0054 0x08f0  RDPDR - ok
13:29:43.0065 0x08f0  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:29:43.0066 0x08f0  RDPENCDD - ok
13:29:43.0088 0x08f0  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:29:43.0089 0x08f0  RDPREFMP - ok
13:29:43.0120 0x08f0  [ 70CBA1A0C98600A2AA1863479B35CB90, 91A133297921B4955817176251AFC5283DA3C7D2099700C4C92ECC94DBE9A99E ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:29:43.0121 0x08f0  RdpVideoMiniport - ok
13:29:43.0139 0x08f0  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:29:43.0143 0x08f0  RDPWD - ok
13:29:43.0174 0x08f0  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:29:43.0177 0x08f0  rdyboost - ok
13:29:43.0194 0x08f0  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:29:43.0197 0x08f0  RemoteAccess - ok
13:29:43.0223 0x08f0  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:29:43.0227 0x08f0  RemoteRegistry - ok
13:29:43.0238 0x08f0  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:29:43.0241 0x08f0  RpcEptMapper - ok
13:29:43.0257 0x08f0  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
13:29:43.0259 0x08f0  RpcLocator - ok
13:29:43.0295 0x08f0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
13:29:43.0303 0x08f0  RpcSs - ok
13:29:43.0316 0x08f0  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:29:43.0318 0x08f0  rspndr - ok
13:29:43.0343 0x08f0  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
13:29:43.0344 0x08f0  s3cap - ok
13:29:43.0359 0x08f0  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] SamSs           C:\Windows\system32\lsass.exe
13:29:43.0361 0x08f0  SamSs - ok
13:29:43.0389 0x08f0  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:29:43.0391 0x08f0  sbp2port - ok
13:29:43.0424 0x08f0  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:29:43.0429 0x08f0  SCardSvr - ok
13:29:43.0459 0x08f0  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:29:43.0460 0x08f0  scfilter - ok
13:29:43.0507 0x08f0  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
13:29:43.0533 0x08f0  Schedule - ok
13:29:43.0556 0x08f0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:29:43.0558 0x08f0  SCPolicySvc - ok
13:29:43.0571 0x08f0  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:29:43.0575 0x08f0  SDRSVC - ok
13:29:43.0592 0x08f0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:29:43.0593 0x08f0  secdrv - ok
13:29:43.0601 0x08f0  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
13:29:43.0603 0x08f0  seclogon - ok
13:29:43.0618 0x08f0  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
13:29:43.0621 0x08f0  SENS - ok
13:29:43.0635 0x08f0  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:29:43.0638 0x08f0  SensrSvc - ok
13:29:43.0651 0x08f0  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:29:43.0652 0x08f0  Serenum - ok
13:29:43.0672 0x08f0  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:29:43.0674 0x08f0  Serial - ok
13:29:43.0705 0x08f0  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
13:29:43.0706 0x08f0  sermouse - ok
13:29:43.0738 0x08f0  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
13:29:43.0741 0x08f0  SessionEnv - ok
13:29:43.0767 0x08f0  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:29:43.0768 0x08f0  sffdisk - ok
13:29:43.0776 0x08f0  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:29:43.0777 0x08f0  sffp_mmc - ok
13:29:43.0779 0x08f0  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:29:43.0780 0x08f0  sffp_sd - ok
13:29:43.0790 0x08f0  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
13:29:43.0791 0x08f0  sfloppy - ok
13:29:43.0823 0x08f0  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:29:43.0830 0x08f0  SharedAccess - ok
13:29:43.0866 0x08f0  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:29:43.0874 0x08f0  ShellHWDetection - ok
13:29:43.0894 0x08f0  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:29:43.0895 0x08f0  SiSRaid2 - ok
13:29:43.0914 0x08f0  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
13:29:43.0916 0x08f0  SiSRaid4 - ok
13:29:43.0942 0x08f0  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:29:43.0944 0x08f0  Smb - ok
13:29:43.0963 0x08f0  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:29:43.0965 0x08f0  SNMPTRAP - ok
13:29:43.0972 0x08f0  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:29:43.0973 0x08f0  spldr - ok
13:29:44.0015 0x08f0  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
13:29:44.0024 0x08f0  Spooler - ok
13:29:44.0118 0x08f0  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
13:29:44.0194 0x08f0  sppsvc - ok
13:29:44.0206 0x08f0  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:29:44.0209 0x08f0  sppuinotify - ok
13:29:44.0288 0x08f0  [ 055B0DE7BCDB14FB18279F09DCA07954, 94944F996F2F73233A96F8E766606EA5CCC7142EA2AF4BCEFD2603578F2B4A4A ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:29:44.0289 0x08f0  SQLWriter - ok
13:29:44.0321 0x08f0  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:29:44.0327 0x08f0  srv - ok
13:29:44.0338 0x08f0  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:29:44.0344 0x08f0  srv2 - ok
13:29:44.0352 0x08f0  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:29:44.0355 0x08f0  srvnet - ok
13:29:44.0383 0x08f0  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:29:44.0388 0x08f0  SSDPSRV - ok
13:29:44.0400 0x08f0  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:29:44.0404 0x08f0  SstpSvc - ok
13:29:44.0434 0x08f0  [ 475031E4C054C11828A9AE3288C3B327, B75ECAD6D4003E83E73E7F211130900B5B82D48563368F01D091E8FD035DDD69 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
13:29:44.0437 0x08f0  ssudmdm - ok
13:29:44.0493 0x08f0  [ 25C16F7D749F1BA7D573756338658727, 4A4056F34C0D34D793E0A24D37842F8122A5C072F9A2ED9192763FB0CC8FDADC ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
13:29:44.0520 0x08f0  Steam Client Service - ok
13:29:44.0551 0x08f0  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
13:29:44.0552 0x08f0  stexstor - ok
13:29:44.0588 0x08f0  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
13:29:44.0602 0x08f0  stisvc - ok
13:29:44.0633 0x08f0  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
13:29:44.0634 0x08f0  storflt - ok
13:29:44.0665 0x08f0  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
13:29:44.0666 0x08f0  storvsc - ok
13:29:44.0694 0x08f0  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
13:29:44.0695 0x08f0  swenum - ok
13:29:44.0784 0x08f0  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:29:44.0790 0x08f0  SwitchBoard - ok
13:29:44.0816 0x08f0  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
13:29:44.0825 0x08f0  swprv - ok
13:29:44.0906 0x08f0  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
13:29:44.0948 0x08f0  SysMain - ok
13:29:44.0984 0x08f0  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:29:44.0988 0x08f0  TabletInputService - ok
13:29:45.0018 0x08f0  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:29:45.0024 0x08f0  TapiSrv - ok
13:29:45.0040 0x08f0  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
13:29:45.0043 0x08f0  TBS - ok
13:29:45.0103 0x08f0  [ B62A953F2BF3922C8764A29C34A22899, 4A117FF9D1BD58C6A1787DDA7402BAE30E4BA7A70FE3A144F41DD647AA7A3901 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:29:45.0145 0x08f0  Tcpip - ok
13:29:45.0196 0x08f0  [ B62A953F2BF3922C8764A29C34A22899, 4A117FF9D1BD58C6A1787DDA7402BAE30E4BA7A70FE3A144F41DD647AA7A3901 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:29:45.0218 0x08f0  TCPIP6 - ok
13:29:45.0245 0x08f0  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:29:45.0247 0x08f0  tcpipreg - ok
13:29:45.0265 0x08f0  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:29:45.0266 0x08f0  TDPIPE - ok
13:29:45.0288 0x08f0  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:29:45.0289 0x08f0  TDTCP - ok
13:29:45.0327 0x08f0  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:29:45.0329 0x08f0  tdx - ok
13:29:45.0416 0x08f0  [ 950AD1AE7498A492126FB9F9B2E27DB5, C4C9A972015F567FC87A4094C86835B2DD3476426AB8B40CD4872A725CA89CFC ] Te.Service      C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe
13:29:45.0418 0x08f0  Te.Service - ok
13:29:45.0457 0x08f0  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
13:29:45.0459 0x08f0  TermDD - ok
13:29:45.0504 0x08f0  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
13:29:45.0519 0x08f0  TermService - ok
13:29:45.0552 0x08f0  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
13:29:45.0555 0x08f0  Themes - ok
13:29:45.0568 0x08f0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
13:29:45.0570 0x08f0  THREADORDER - ok
13:29:45.0580 0x08f0  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
13:29:45.0584 0x08f0  TrkWks - ok
13:29:45.0640 0x08f0  [ FD44FA80DA03EA144153A76DEBBB61B4, 0C46717F489A415A583470DAE8CF58E47BC307B9CB0F9DB6C4EDF33B7525475C ] TrueSight       C:\Windows\System32\drivers\TrueSight.sys
13:29:45.0642 0x08f0  TrueSight - ok
13:29:45.0684 0x08f0  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:29:45.0686 0x08f0  TrustedInstaller - ok
13:29:45.0712 0x08f0  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:29:45.0713 0x08f0  tssecsrv - ok
13:29:45.0739 0x08f0  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:29:45.0741 0x08f0  TsUsbFlt - ok
13:29:45.0765 0x08f0  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:29:45.0767 0x08f0  tunnel - ok
13:29:45.0794 0x08f0  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
13:29:45.0825 0x08f0  uagp35 - ok
13:29:45.0856 0x08f0  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:29:45.0861 0x08f0  udfs - ok
13:29:45.0885 0x08f0  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:29:45.0888 0x08f0  UI0Detect - ok
13:29:45.0924 0x08f0  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:29:45.0926 0x08f0  uliagpkx - ok
13:29:45.0955 0x08f0  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
13:29:45.0956 0x08f0  umbus - ok
13:29:45.0970 0x08f0  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
13:29:45.0971 0x08f0  UmPass - ok
13:29:46.0000 0x08f0  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
13:29:46.0005 0x08f0  UmRdpService - ok
13:29:46.0024 0x08f0  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
13:29:46.0031 0x08f0  upnphost - ok
13:29:46.0070 0x08f0  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A, DE1CDDEEF2285CC8387E88ACB13C000576DC8819DF6DC648C988068B5C83BB15 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
13:29:46.0072 0x08f0  usbaudio - ok
13:29:46.0106 0x08f0  [ 6F1A3157A1C89435352CEB543CDB359C, 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:29:46.0108 0x08f0  usbccgp - ok
13:29:46.0138 0x08f0  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:29:46.0140 0x08f0  usbcir - ok
13:29:46.0162 0x08f0  [ C025055FE7B87701EB042095DF1A2D7B, D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
13:29:46.0163 0x08f0  usbehci - ok
13:29:46.0181 0x08f0  [ 287C6C9410B111B68B52CA298F7B8C24, 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:29:46.0186 0x08f0  usbhub - ok
13:29:46.0207 0x08f0  [ 9840FC418B4CBD632D3D0A667A725C31, 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:29:46.0208 0x08f0  usbohci - ok
13:29:46.0216 0x08f0  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:29:46.0217 0x08f0  usbprint - ok
13:29:46.0227 0x08f0  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:29:46.0229 0x08f0  USBSTOR - ok
13:29:46.0241 0x08f0  [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
13:29:46.0242 0x08f0  usbuhci - ok
13:29:46.0288 0x08f0  [ 454800C2BC7F3927CE030141EE4F4C50, 10901E62DAA70657C499AD590DECCCA6E46FDDF4A193B2F19279E1B8ED7B1E44 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
13:29:46.0291 0x08f0  usbvideo - ok
13:29:46.0313 0x08f0  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
13:29:46.0316 0x08f0  UxSms - ok
13:29:46.0325 0x08f0  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] VaultSvc        C:\Windows\system32\lsass.exe
13:29:46.0327 0x08f0  VaultSvc - ok
13:29:46.0386 0x08f0  [ 1352B215BDC5807A5641E7C143796DD7, B54F95307253BB81E4CEE4F2033782210652364DE6A1E833B27ECE7E04A2BD51 ] VBoxAswDrv      C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
13:29:46.0389 0x08f0  VBoxAswDrv - ok
13:29:46.0415 0x08f0  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:29:46.0416 0x08f0  vdrvroot - ok
13:29:46.0454 0x08f0  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
13:29:46.0464 0x08f0  vds - ok
13:29:46.0496 0x08f0  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:29:46.0497 0x08f0  vga - ok
13:29:46.0508 0x08f0  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:29:46.0509 0x08f0  VgaSave - ok
13:29:46.0542 0x08f0  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:29:46.0546 0x08f0  vhdmp - ok
13:29:46.0580 0x08f0  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:29:46.0581 0x08f0  viaide - ok
13:29:46.0614 0x08f0  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
13:29:46.0618 0x08f0  vmbus - ok
13:29:46.0634 0x08f0  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
13:29:46.0635 0x08f0  VMBusHID - ok
13:29:46.0653 0x08f0  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:29:46.0654 0x08f0  volmgr - ok
13:29:46.0673 0x08f0  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:29:46.0679 0x08f0  volmgrx - ok
13:29:46.0717 0x08f0  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:29:46.0722 0x08f0  volsnap - ok
13:29:46.0774 0x08f0  [ ED1F4BDF68C649C6F79A02502BB6C9BC, 3D2830822D4A2C7B3676100B27DEC7B1C2EF640DA36C6543365A9CF2A61BF68E ] VsEtwService120 C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe
13:29:46.0776 0x08f0  VsEtwService120 - ok
13:29:46.0807 0x08f0  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
13:29:46.0810 0x08f0  vsmraid - ok
13:29:46.0871 0x08f0  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
13:29:46.0920 0x08f0  VSS - ok
13:29:46.0944 0x08f0  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
13:29:46.0945 0x08f0  vwifibus - ok
13:29:46.0982 0x08f0  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
13:29:46.0990 0x08f0  W32Time - ok
13:29:47.0008 0x08f0  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
13:29:47.0009 0x08f0  WacomPen - ok
13:29:47.0045 0x08f0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:29:47.0047 0x08f0  WANARP - ok
13:29:47.0054 0x08f0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:29:47.0056 0x08f0  Wanarpv6 - ok
13:29:47.0116 0x08f0  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
13:29:47.0150 0x08f0  wbengine - ok
13:29:47.0168 0x08f0  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:29:47.0173 0x08f0  WbioSrvc - ok
13:29:47.0202 0x08f0  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:29:47.0210 0x08f0  wcncsvc - ok
13:29:47.0221 0x08f0  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:29:47.0224 0x08f0  WcsPlugInService - ok
13:29:47.0234 0x08f0  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
13:29:47.0235 0x08f0  Wd - ok
13:29:47.0268 0x08f0  [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:29:47.0282 0x08f0  Wdf01000 - ok
13:29:47.0310 0x08f0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:29:47.0314 0x08f0  WdiServiceHost - ok
13:29:47.0316 0x08f0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:29:47.0320 0x08f0  WdiSystemHost - ok
13:29:47.0337 0x08f0  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\Windows\System32\webclnt.dll
13:29:47.0343 0x08f0  WebClient - ok
13:29:47.0360 0x08f0  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:29:47.0366 0x08f0  Wecsvc - ok
13:29:47.0383 0x08f0  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:29:47.0387 0x08f0  wercplsupport - ok
13:29:47.0407 0x08f0  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:29:47.0410 0x08f0  WerSvc - ok
13:29:47.0432 0x08f0  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:29:47.0433 0x08f0  WfpLwf - ok
13:29:47.0444 0x08f0  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:29:47.0446 0x08f0  WIMMount - ok
13:29:47.0456 0x08f0  WinDefend - ok
13:29:47.0459 0x08f0  WinHttpAutoProxySvc - ok
13:29:47.0490 0x08f0  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:29:47.0494 0x08f0  Winmgmt - ok
13:29:47.0554 0x08f0  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:29:47.0597 0x08f0  WinRM - ok
13:29:47.0639 0x08f0  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
13:29:47.0641 0x08f0  WinUsb - ok
13:29:47.0680 0x08f0  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:29:47.0705 0x08f0  Wlansvc - ok
13:29:47.0738 0x08f0  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:29:47.0738 0x08f0  WmiAcpi - ok
13:29:47.0744 0x08f0  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:29:47.0748 0x08f0  wmiApSrv - ok
13:29:47.0766 0x08f0  WMPNetworkSvc - ok
13:29:47.0785 0x08f0  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:29:47.0787 0x08f0  WPCSvc - ok
13:29:47.0816 0x08f0  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:29:47.0820 0x08f0  WPDBusEnum - ok
13:29:47.0849 0x08f0  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:29:47.0850 0x08f0  ws2ifsl - ok
13:29:47.0863 0x08f0  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
13:29:47.0867 0x08f0  wscsvc - ok
13:29:47.0869 0x08f0  WSearch - ok
13:29:47.0947 0x08f0  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:29:47.0997 0x08f0  wuauserv - ok
13:29:48.0021 0x08f0  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:29:48.0023 0x08f0  WudfPf - ok
13:29:48.0049 0x08f0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:29:48.0053 0x08f0  WUDFRd - ok
13:29:48.0076 0x08f0  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:29:48.0080 0x08f0  wudfsvc - ok
13:29:48.0100 0x08f0  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:29:48.0106 0x08f0  WwanSvc - ok
13:29:48.0159 0x08f0  [ 4A5CE13408945E525503B5F73D29B9C5, D58BB31AF17752508EA67931BF170CE46877DC204FC5DA7EED5A078AEB0CA0FD ] xnacc           C:\Windows\system32\DRIVERS\xnacc.sys
13:29:48.0176 0x08f0  xnacc - ok
13:29:48.0210 0x08f0  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B, 2C324592F3F2D50BABA7123B6F9FC922667CC132777E019FF615F2D6F273A45E ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
13:29:48.0212 0x08f0  xusb21 - ok
13:29:48.0213 0x08f0  ================ Scan global ===============================
13:29:48.0232 0x08f0  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
13:29:48.0257 0x08f0  [ 9E479C2B605C25DA4971ABA36250FAEF, 1D1D5CE908A6B17CDFA257A46121D7C938B56277B0F5256FBA29DF93352EAA3D ] C:\Windows\system32\winsrv.dll
13:29:48.0267 0x08f0  [ 9E479C2B605C25DA4971ABA36250FAEF, 1D1D5CE908A6B17CDFA257A46121D7C938B56277B0F5256FBA29DF93352EAA3D ] C:\Windows\system32\winsrv.dll
13:29:48.0294 0x08f0  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
13:29:48.0319 0x08f0  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
13:29:48.0325 0x08f0  [ Global ] - ok
13:29:48.0325 0x08f0  ================ Scan MBR ==================================
13:29:48.0326 0x08f0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:29:48.0559 0x08f0  \Device\Harddisk0\DR0 - ok
13:29:48.0567 0x08f0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
13:29:48.0655 0x08f0  \Device\Harddisk1\DR1 - ok
13:29:48.0655 0x08f0  ================ Scan VBR ==================================
13:29:48.0656 0x08f0  [ 89E23DA696B6DDE8CE114C410F032398 ] \Device\Harddisk0\DR0\Partition1
13:29:48.0657 0x08f0  \Device\Harddisk0\DR0\Partition1 - ok
13:29:48.0658 0x08f0  [ 7DF9E32E4FFEF5B4539DCAA127D6D128 ] \Device\Harddisk1\DR1\Partition1
13:29:48.0659 0x08f0  \Device\Harddisk1\DR1\Partition1 - ok
13:29:48.0660 0x08f0  [ 6C91FF8F5EA15BF2398B9014E72DCBA3 ] \Device\Harddisk1\DR1\Partition2
13:29:48.0661 0x08f0  \Device\Harddisk1\DR1\Partition2 - ok
13:29:48.0661 0x08f0  ================ Scan generic autorun ======================
13:29:48.0686 0x08f0  [ C9586E1E2FD49F63011ACE8F19904572, BD7408CD48F974F305F67098C2DAB227020DFDE2B07A1BB97495958428A2868F ] C:\Windows\system32\igfxtray.exe
13:29:48.0692 0x08f0  IgfxTray - ok
13:29:48.0714 0x08f0  [ DDE112FEDD2F80097B3365B8BD3029A4, 596E99362F3CD045C6EEC57428F6234E05A54AE00A5C581B7D0EA616C1AE972F ] C:\Windows\system32\hkcmd.exe
13:29:48.0723 0x08f0  HotKeysCmds - ok
13:29:48.0749 0x08f0  [ ADCFECAED04AEEC8641E52C9EDCD7E41, DA2B6B3A016EF2475B0F66FD651EEFC452DB6903987FC0A8463CB6535D62BDF2 ] C:\Windows\system32\igfxpers.exe
13:29:48.0758 0x08f0  Persistence - ok
13:29:49.0034 0x08f0  [ 16438B000BF56F2CD7FDB5E6C3B38C7E, 32D6E69E6367D3ADB2189DA89103CB9910CE791EFB0879515DDD380A96D85BAE ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
13:29:49.0173 0x08f0  RTHDVCPL - ok
13:29:49.0228 0x08f0  [ 4A0477ADCD07EC9D21257A2E456B16C5, CEF9C81730C12283A7600C3D921D89A62B14D1C46544B493F3AF7520DD2D1F79 ] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
13:29:49.0229 0x08f0  IAStorIcon - ok
13:29:49.0295 0x08f0  [ 5447AF432CDA61159ADDE218C468FFD9, 63BD74521F679F195C24C1818267ECCBD8A7F5C2B4CEF3E60EC46B5AE0AC72A8 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
13:29:49.0300 0x08f0  AdobeAAMUpdater-1.0 - ok
13:29:49.0398 0x08f0  [ 2433692BFC2631DC28B0705C1B760FF2, BBDE902F984E0968A3062F3EEA624E804B03095C67C280CDA4E85D02F46B7CDC ] C:\Program Files\Logitech\SetPointP\SetPoint.exe
13:29:49.0431 0x08f0  EvtMgr6 - ok
13:29:49.0500 0x08f0  [ 094E4E76FB9AB960A73F841BC6733F42, 01C1BFF17BEC6588E192EC4D7ACB74FC9B95ECA7CB8BB9585B04FC8EA73C3B43 ] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
13:29:49.0503 0x08f0  USB3MON - ok
13:29:49.0635 0x08f0  [ 44ADDA5FB88EE14F57A246285775AC2F, 2776225BA9F22C553453541DA0285E093B4F2019DB6FE640D033BA45045299C8 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
13:29:49.0741 0x08f0  AvastUI.exe - ok
13:29:49.0760 0x08f0  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:29:49.0766 0x08f0  SwitchBoard - ok
13:29:49.0827 0x08f0  [ D5B783DACE1BBDD382A63C894BAB8E1E, 20BA7479B3BE8AC7771AA91DB9C4F3B46DADDFF9C48627A5C7C460546DD20AF3 ] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
13:29:49.0831 0x08f0  AdobeCS5ServiceManager - ok
13:29:49.0893 0x08f0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
13:29:49.0918 0x08f0  Sidebar - ok
13:29:49.0949 0x08f0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:29:49.0952 0x08f0  mctadmin - ok
13:29:49.0970 0x08f0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
13:29:49.0983 0x08f0  Sidebar - ok
13:29:49.0986 0x08f0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:29:49.0988 0x08f0  mctadmin - ok
13:29:49.0989 0x08f0  Waiting for KSN requests completion. In queue: 67
13:29:50.0989 0x08f0  Waiting for KSN requests completion. In queue: 67
13:29:51.0989 0x08f0  Waiting for KSN requests completion. In queue: 67
13:29:53.0016 0x08f0  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x41000 ( enabled : updated )
13:29:53.0028 0x08f0  Win FW state via NFP2: enabled
13:29:58.0857 0x08f0  ============================================================
13:29:58.0857 0x08f0  Scan finished
13:29:58.0857 0x08f0  ============================================================
13:29:58.0862 0x0b60  Detected object count: 0
13:29:58.0862 0x0b60  Actual detected object count: 0

 

-aswMBR.txt-

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-03-29 13:31:46
-----------------------------
13:31:46.679    OS Version: Windows x64 6.1.7601 Service Pack 1
13:31:46.679    Number of processors: 4 586 0x3C03
13:31:46.680    ComputerName: MIKE-PC  UserName: Mike
13:31:47.704    Initialize success
13:31:47.706    VM: initialized successfully
13:31:47.707    VM: Intel CPU supported
13:31:58.801    VM: disk I/O iaStorA.sys
13:32:01.567    AVAST engine defs: 15032901
13:32:10.566    Disk 0  \Device\Harddisk0\DR0 -> \Device\0000006c
13:32:10.568    Disk 0 Vendor: WDC_____ 01.0 Size: 476940MB BusType: 11
13:32:10.570    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000006d
13:32:10.572    Disk 1 Vendor: WDC_____ 19.0 Size: 476940MB BusType: 11
13:32:10.667    Disk 1 MBR read successfully
13:32:10.670    Disk 1 MBR scan
13:32:10.672    Disk 1 Windows 7 default MBR code
13:32:10.675    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
13:32:10.678    Disk 1 default boot code
13:32:10.681    Disk 1 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848
13:32:11.021    Disk 1 scanning C:\Windows\system32\drivers
13:32:18.330    Service scanning
13:32:32.564    Modules scanning
13:32:32.568    Disk 1 trace - called modules:
13:32:32.583    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
13:32:32.587    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa801279c060]
13:32:32.590    3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa801253cc50]
13:32:32.594    5 iaStorF.sys[fffff88001a2ba84] -> nt!IofCallDriver -> \Device\0000006d[0xfffffa80114506d0]
13:32:33.277    AVAST engine scan C:\Windows
13:32:34.694    AVAST engine scan C:\Windows\system32
13:35:02.545    AVAST engine scan C:\Windows\system32\drivers
13:35:12.077    AVAST engine scan C:\Users\Mike
13:59:00.010    AVAST engine scan C:\ProgramData
14:01:04.841    Disk 1 statistics 6324732/0/0 @ 2.06 MB/s
14:01:04.857    Scan finished successfully
14:03:32.339    Disk 1 MBR has been saved successfully to "C:\Users\Mike\Desktop\MBR.dat"
14:03:32.339    The log file has been saved successfully to "C:\Users\Mike\Desktop\aswMBR.txt"



 

 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 PM

Posted 30 March 2015 - 07:28 AM

Download and run this Malwarebytes Anti-Rootkit from this site:

https://www.malwarebytes.org/antirootkit/

Post a fresh FRST log after having restarted the computer.

#9 IAmAUser

IAmAUser
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 30 March 2015 - 09:36 PM

mbar didn't find anything.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Mike (administrator) on MIKE-PC on 30-03-2015 21:18:14
Running from C:\Users\Mike\Desktop
Loaded Profiles: Mike (Available profiles: Mike)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Users\Mike\Documents\MyClock.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-30] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2267689825-1851815236-125278167-1000\...\MountPoints2: {53d69379-5c83-11e4-ad7c-74d43581fc70} - F:\StartClickFreeBackup.exe
HKU\S-1-5-21-2267689825-1851815236-125278167-1000\...\MountPoints2: {774546c2-063a-11e4-a136-74d43581fc70} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2267689825-1851815236-125278167-1000\...\MountPoints2: {78ef1c5a-92f0-11e4-a4f4-74d43581fc70} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2267689825-1851815236-125278167-1000\...\MountPoints2: {8c1cc26f-ab82-11e3-8f0c-806e6f6e6963} - E:\Run.exe
HKU\S-1-5-21-2267689825-1851815236-125278167-1000\...\MountPoints2: {ac8d7300-b2ea-11e4-ac86-74d43581fc70} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2267689825-1851815236-125278167-1000\...\MountPoints2: {ac8d7324-b2ea-11e4-ac86-74d43581fc70} - F:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyClock.exe.lnk
ShortcutTarget: MyClock.exe.lnk -> C:\Users\Mike\Documents\MyClock.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2267689825-1851815236-125278167-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-17] (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-17] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-17] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-17] (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\r7w2ht4z.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-18] ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-17] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\r7w2ht4z.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-03-14]
FF Extension: Adblock Plus - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\r7w2ht4z.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-14]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-12-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-22] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-22] (Avast Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [814464 2015-02-07] ()
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2015-01-31] (EasyAntiCheat Ltd)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-30] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-22] ()
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-03-22] (Emsisoft GmbH)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-29] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [89072 2013-03-21] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-24] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-22] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 21:01 - 2015-03-30 21:11 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-30 21:00 - 2015-03-30 21:11 - 00000000 ____D () C:\Users\Mike\Desktop\mbar
2015-03-30 21:00 - 2015-03-30 21:00 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Mike\Desktop\mbar-1.09.1.1004.exe
2015-03-30 20:27 - 2015-03-30 20:28 - 00000197 _____ () C:\Windows\system32\2015-03-31-01-27-52.091-AvastVBoxSVC.exe-1620.log
2015-03-29 14:03 - 2015-03-29 14:03 - 00002264 _____ () C:\Users\Mike\Desktop\aswMBR.txt
2015-03-29 14:03 - 2015-03-29 14:03 - 00000512 _____ () C:\Users\Mike\Desktop\MBR.dat
2015-03-29 13:31 - 2015-03-29 13:31 - 05198336 _____ (AVAST Software) C:\Users\Mike\Desktop\aswMBR.exe
2015-03-29 13:28 - 2015-03-29 13:29 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Mike\Desktop\tdsskiller.exe
2015-03-29 13:20 - 2015-03-29 13:21 - 00000197 _____ () C:\Windows\system32\2015-03-29-18-20-45.077-AvastVBoxSVC.exe-2624.log
2015-03-28 21:46 - 2015-03-28 21:46 - 00000197 _____ () C:\Windows\system32\2015-03-29-02-46-16.035-AvastVBoxSVC.exe-3008.log
2015-03-27 23:23 - 2015-03-27 23:23 - 00000197 _____ () C:\Windows\system32\2015-03-28-04-23-08.056-AvastVBoxSVC.exe-2764.log
2015-03-27 23:00 - 2015-03-27 23:00 - 00000197 _____ () C:\Windows\system32\2015-03-28-04-00-13.054-AvastVBoxSVC.exe-2960.log
2015-03-27 22:47 - 2015-03-27 22:47 - 00000197 _____ () C:\Windows\system32\2015-03-28-03-47-32.081-AvastVBoxSVC.exe-2716.log
2015-03-27 22:09 - 2015-03-27 22:09 - 00000197 _____ () C:\Windows\system32\2015-03-28-03-09-26.092-AvastVBoxSVC.exe-3656.log
2015-03-27 22:00 - 2015-03-27 22:01 - 00000197 _____ () C:\Windows\system32\2015-03-28-03-00-40.047-AvastVBoxSVC.exe-2624.log
2015-03-26 20:11 - 2015-03-26 20:11 - 00000197 _____ () C:\Windows\system32\2015-03-27-01-11-30.008-AvastVBoxSVC.exe-2416.log
2015-03-25 19:43 - 2015-03-25 19:43 - 00031703 _____ () C:\Users\Mike\Desktop\Addition.txt
2015-03-25 19:37 - 2015-03-25 19:37 - 00001430 _____ () C:\Users\Mike\Desktop\New Text Document.txt
2015-03-25 19:33 - 2015-03-25 19:33 - 00032607 _____ () C:\Users\Mike\Desktop\aAddition.txt
2015-03-25 19:31 - 2015-03-30 21:18 - 00013721 _____ () C:\Users\Mike\Desktop\FRST.txt
2015-03-25 19:31 - 2015-03-25 19:33 - 00031296 _____ () C:\Users\Mike\Desktop\aFRST.txt
2015-03-25 19:30 - 2015-03-30 21:18 - 00000000 ____D () C:\FRST
2015-03-25 19:30 - 2015-03-25 19:30 - 02095616 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2015-03-25 19:29 - 2015-03-25 19:30 - 00000197 _____ () C:\Windows\system32\2015-03-26-00-29-41.020-AvastVBoxSVC.exe-3392.log
2015-03-24 20:02 - 2015-03-24 20:02 - 00000197 _____ () C:\Windows\system32\2015-03-25-01-02-12.093-AvastVBoxSVC.exe-2756.log
2015-03-24 03:07 - 2015-03-24 03:07 - 00000000 ____D () C:\Users\Mike\AppData\Local\CrashDumps
2015-03-23 20:07 - 2015-03-23 20:08 - 00000197 _____ () C:\Windows\system32\2015-03-24-01-07-39.042-AvastVBoxSVC.exe-2552.log
2015-03-23 00:37 - 2015-03-23 00:37 - 00000247 _____ () C:\Windows\system32\2015-03-23-05-37-41.067-aswFe.exe-3332.log
2015-03-23 00:35 - 2015-03-23 00:37 - 00000247 _____ () C:\Windows\system32\2015-03-23-05-35-12.016-aswFe.exe-3972.log
2015-03-23 00:35 - 2015-03-23 00:35 - 00000197 _____ () C:\Windows\system32\2015-03-23-05-35-06.034-AvastVBoxSVC.exe-4480.log
2015-03-23 00:32 - 2015-03-23 00:32 - 00000222 _____ () C:\Users\Mike\Desktop\FTL Faster Than Light.url
2015-03-22 11:37 - 2015-03-22 11:37 - 00000197 _____ () C:\Windows\system32\2015-03-22-16-37-16.095-AvastVBoxSVC.exe-2816.log
2015-03-22 02:18 - 2015-03-22 02:18 - 00000830 _____ () C:\Users\Mike\Desktop\JRT.txt
2015-03-22 01:27 - 2015-03-22 12:18 - 00000000 ____D () C:\EEK
2015-03-22 01:27 - 2015-03-22 01:27 - 00000743 _____ () C:\Users\Mike\Desktop\Start Emsisoft Emergency Kit.lnk
2015-03-22 01:17 - 2015-03-22 01:27 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-22 01:17 - 2015-03-22 01:17 - 00000000 ____D () C:\Program Files\HitmanPro
2015-03-22 01:14 - 2015-03-22 01:14 - 01388672 _____ (Thisisu) C:\Users\Mike\Desktop\JRT.exe
2015-03-22 01:13 - 2015-03-22 01:17 - 10995632 _____ (SurfRight B.V.) C:\Users\Mike\Desktop\HitmanPro_x64.exe
2015-03-22 01:13 - 2015-03-22 01:14 - 164449000 _____ () C:\Users\Mike\Desktop\EmsisoftEmergencyKit.exe
2015-03-22 01:11 - 2015-03-24 03:07 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-22 01:11 - 2015-03-22 01:16 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-22 01:10 - 2015-03-22 01:11 - 16660056 _____ () C:\Users\Mike\Desktop\RogueKiller.exe
2015-03-22 00:59 - 2015-03-22 01:01 - 00003624 _____ () C:\Users\Mike\Desktop\Rkill.txt
2015-03-22 00:54 - 2015-03-22 00:54 - 00000197 _____ () C:\Windows\system32\2015-03-22-05-54-47.068-AvastVBoxSVC.exe-2592.log
2015-03-22 00:43 - 2015-03-30 21:01 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-22 00:43 - 2015-03-30 21:00 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-22 00:43 - 2015-03-22 00:43 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-22 00:43 - 2015-03-22 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-22 00:43 - 2015-03-22 00:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-22 00:43 - 2015-03-22 00:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-22 00:43 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-22 00:43 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-22 00:38 - 2015-03-22 00:38 - 00000197 _____ () C:\Windows\system32\2015-03-22-05-38-36.091-AvastVBoxSVC.exe-2520.log
2015-03-22 00:33 - 2015-03-22 00:35 - 00000000 ____D () C:\AdwCleaner
2015-03-22 00:32 - 2015-03-22 00:33 - 02171392 _____ () C:\Users\Mike\Desktop\adwcleaner_4.112.exe
2015-03-22 00:05 - 2015-03-22 00:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-21 11:41 - 2015-03-21 11:42 - 00000197 _____ () C:\Windows\system32\2015-03-21-16-41-51.078-AvastVBoxSVC.exe-2440.log
2015-03-20 19:29 - 2015-03-20 19:30 - 00000197 _____ () C:\Windows\system32\2015-03-21-00-29-58.054-AvastVBoxSVC.exe-2512.log
2015-03-19 19:40 - 2015-03-19 19:41 - 00000197 _____ () C:\Windows\system32\2015-03-20-00-40-37.088-AvastVBoxSVC.exe-2464.log
2015-03-18 19:47 - 2015-03-18 19:47 - 00000197 _____ () C:\Windows\system32\2015-03-19-00-47-18.037-AvastVBoxSVC.exe-2576.log
2015-03-17 20:19 - 2015-03-17 20:19 - 00000197 _____ () C:\Windows\system32\2015-03-18-01-19-39.003-AvastVBoxSVC.exe-1660.log
2015-03-16 19:53 - 2015-03-16 19:54 - 00000197 _____ () C:\Windows\system32\2015-03-17-00-53-25.030-AvastVBoxSVC.exe-2536.log
2015-03-15 19:00 - 2015-03-15 19:00 - 00000197 _____ () C:\Windows\system32\2015-03-16-00-00-09.080-AvastVBoxSVC.exe-2412.log
2015-03-15 00:09 - 2015-03-15 00:09 - 00000197 _____ () C:\Windows\system32\2015-03-15-05-09-42.002-AvastVBoxSVC.exe-3000.log
2015-03-14 15:52 - 2015-03-14 15:53 - 00000197 _____ () C:\Windows\system32\2015-03-14-20-52-29.025-AvastVBoxSVC.exe-2540.log
2015-03-14 02:09 - 2015-03-14 02:10 - 00000247 _____ () C:\Windows\system32\2015-03-14-07-09-54.071-aswFe.exe-6312.log
2015-03-14 01:31 - 2015-03-14 02:09 - 00000247 _____ () C:\Windows\system32\2015-03-14-06-31-15.048-aswFe.exe-1552.log
2015-03-14 01:31 - 2015-03-14 01:31 - 00000197 _____ () C:\Windows\system32\2015-03-14-06-31-03.080-AvastVBoxSVC.exe-4700.log
2015-03-13 22:09 - 2015-03-13 22:09 - 38885078 _____ () C:\Users\Mike\Downloads\StarCitizenInstaller.exe
2015-03-13 20:54 - 2015-03-13 20:54 - 00000197 _____ () C:\Windows\system32\2015-03-14-01-54-17.040-AvastVBoxSVC.exe-2684.log
2015-03-12 21:28 - 2015-03-12 21:29 - 00000197 _____ () C:\Windows\system32\2015-03-13-02-28-50.089-AvastVBoxSVC.exe-3944.log
2015-03-11 18:32 - 2015-03-11 18:32 - 00000197 _____ () C:\Windows\system32\2015-03-11-23-32-14.021-AvastVBoxSVC.exe-2672.log
2015-03-10 20:03 - 2015-03-10 20:04 - 00000197 _____ () C:\Windows\system32\2015-03-11-01-03-29.073-AvastVBoxSVC.exe-3612.log
2015-03-09 19:51 - 2015-03-09 19:52 - 00000197 _____ () C:\Windows\system32\2015-03-10-00-51-56.045-AvastVBoxSVC.exe-2468.log
2015-03-08 13:57 - 2015-03-08 13:57 - 00000197 _____ () C:\Windows\system32\2015-03-08-18-57-02.088-AvastVBoxSVC.exe-2436.log
2015-03-07 12:22 - 2015-03-07 12:22 - 00000197 _____ () C:\Windows\system32\2015-03-07-17-22-21.062-AvastVBoxSVC.exe-2704.log
2015-03-06 21:11 - 2015-03-06 21:11 - 00000197 _____ () C:\Windows\system32\2015-03-07-02-11-19.012-AvastVBoxSVC.exe-2636.log
2015-03-05 21:10 - 2015-03-05 21:11 - 00000197 _____ () C:\Windows\system32\2015-03-06-02-10-58.061-AvastVBoxSVC.exe-2384.log
2015-03-04 20:50 - 2015-03-04 20:51 - 00000197 _____ () C:\Windows\system32\2015-03-05-01-50-37.095-AvastVBoxSVC.exe-2608.log
2015-03-03 22:12 - 2015-03-03 22:12 - 00000197 _____ () C:\Windows\system32\2015-03-04-03-12-00.047-AvastVBoxSVC.exe-2492.log
2015-03-02 20:18 - 2015-03-02 20:18 - 00000197 _____ () C:\Windows\system32\2015-03-03-01-18-00.020-AvastVBoxSVC.exe-2608.log
2015-03-01 18:00 - 2015-03-01 18:00 - 00000197 _____ () C:\Windows\system32\2015-03-01-23-00-09.094-AvastVBoxSVC.exe-1792.log
2015-03-01 04:35 - 2015-03-01 04:36 - 00000000 ____D () C:\Users\Mike\Documents\Heroes of the Storm
2015-02-28 13:51 - 2015-02-28 13:51 - 00000197 _____ () C:\Windows\system32\2015-02-28-18-51-33.092-AvastVBoxSVC.exe-2584.log
2015-02-28 01:09 - 2015-02-28 01:09 - 00001189 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2015-02-28 01:09 - 2015-02-28 01:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-02-28 01:05 - 2015-03-02 01:06 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 21:17 - 2014-03-16 22:49 - 00000124 _____ () C:\HaxLogs.log
2015-03-30 21:17 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-30 21:17 - 2009-07-13 23:51 - 00091310 _____ () C:\Windows\setupact.log
2015-03-30 21:16 - 2014-03-16 03:54 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-30 21:16 - 2014-03-14 07:26 - 01141017 _____ () C:\Windows\WindowsUpdate.log
2015-03-30 20:35 - 2009-07-13 23:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-30 20:35 - 2009-07-13 23:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-30 01:05 - 2014-08-14 20:51 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\TS3Client
2015-03-30 01:04 - 2014-03-14 12:16 - 00000000 ____D () C:\Users\Mike\AppData\Local\Battle.net
2015-03-29 13:20 - 2014-03-18 01:35 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-27 22:57 - 2014-03-18 04:01 - 00180422 _____ () C:\Windows\PFRO.log
2015-03-27 22:56 - 2014-03-27 01:25 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Dropbox
2015-03-27 03:25 - 2015-02-01 03:24 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Kodi
2015-03-26 22:23 - 2014-03-14 12:19 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-03-26 22:18 - 2014-03-14 12:20 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-03-26 22:17 - 2014-03-14 12:16 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-03-23 00:34 - 2014-03-21 23:33 - 00000000 ____D () C:\Users\Mike\Documents\My Games
2015-03-22 11:35 - 2014-03-14 11:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-22 11:35 - 2009-07-14 00:08 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-22 00:52 - 2014-03-14 15:01 - 00000000 ____D () C:\Windows\Minidump
2015-03-22 00:35 - 2014-07-11 20:12 - 00000857 _____ () C:\Users\Mike\Desktop\Sweet Home 3D.lnk
2015-03-22 00:35 - 2014-07-11 20:12 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D
2015-03-18 20:12 - 2014-03-14 11:40 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-18 20:12 - 2014-03-14 11:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-18 20:11 - 2014-09-26 23:50 - 00000000 ____D () C:\Users\Mike\AppData\Local\Adobe
2015-03-17 20:22 - 2009-07-14 00:13 - 00784286 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-15 00:38 - 2014-06-14 22:47 - 00000222 _____ () C:\Users\Mike\Desktop\Chivalry Medieval Warfare.url
2015-03-15 00:22 - 2014-06-15 22:30 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-13 22:10 - 2014-05-16 23:04 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-03-01 04:36 - 2014-03-14 12:16 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment

==================== Files in the root of some directories =======

2014-09-27 02:33 - 2015-02-05 21:18 - 0000132 _____ () C:\Users\Mike\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-03-14 10:41 - 2014-03-14 10:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Mike\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf_jtdw.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 20:27

==================== End Of Log ============================



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 PM

Posted 31 March 2015 - 08:30 AM

As far as I can see your log is clean.

The only process which I do not know much about is your MyClock.exe
If you are sure that this is malware free the you should be clean.

#11 IAmAUser

IAmAUser
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 31 March 2015 - 01:48 PM

MyClock is just a desktop clock I wrote in c#.

 

well I appreciate the help, I'm just curious if it's possible that the Cox browser alert could have been a false positive. I looked for as much info as I could on it and as far as I can tell they use some sort of traffic analysis to identify communication with those zbot servers?


Edited by IAmAUser, 31 March 2015 - 02:35 PM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 PM

Posted 01 April 2015 - 07:01 AM

I think you are clean.

I will leave this topic open for 5 days it you need to return please do.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 PM

Posted 06 April 2015 - 07:43 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users