Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Here's my Combofix log


  • This topic is locked This topic is locked
13 replies to this topic

#1 sarpstacus

sarpstacus

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 07 September 2015 - 11:17 AM

Hello everyone! I'm ignorant when it comes to harmful codes (viruses,malwares,trojans etc.) Here's my log. I would really appretiate the help. I was pretty scared after my computer having thermal shutdowns and an unreasonable CPU overload that locks it to %100. I ran a quick scan with Avast and it returned to be clean but in order to be sure I was suggested that ComboFix is the best software around to use, so I did. I looked at the logs myself but couldn't make sense (apart from avast part I guess. I was uninstalling it as I was about to start CF. It gave me a warning about how avast should be unavaible first)

 

I'll be looking forward to hear from you guys! Thanks for your time.

 

ComboFix 15-09-07.01 - stq 09/07/2015  18:43:34.1.4 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1254.90.1033.18.2468.1395 [GMT 3:00]
Running from: c:\users\stq\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2015-08-07 to 2015-09-07  )))))))))))))))))))))))))))))))
.
.
2015-09-07 15:54 . 2015-09-07 15:54 -------- d-----w- c:\users\remzi\AppData\Local\temp
2015-09-07 15:54 . 2015-09-07 15:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-09-07 15:50 . 2015-09-07 15:50 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06520B3A-86CD-428E-ABB3-F9DA8A176798}\offreg.2680.dll
2015-09-07 15:38 . 2015-09-06 23:42 433264 ----a-w- c:\windows\system32\drivers\asw88E8.tmp
2015-09-07 15:38 . 2015-09-06 23:42 208664 ----a-w- c:\windows\system32\drivers\asw8946.tmp
2015-09-07 15:38 . 2015-09-06 23:42 113592 ----a-w- c:\windows\system32\drivers\asw8BB7.tmp
2015-09-07 15:38 . 2015-09-06 23:42 76000 ----a-w- c:\windows\system32\drivers\asw87FC.tmp
2015-09-07 15:38 . 2015-09-06 23:42 49776 ----a-w- c:\windows\system32\drivers\asw8879.tmp
2015-09-07 15:38 . 2015-09-06 23:42 24016 ----a-w- c:\windows\system32\drivers\asw878D.tmp
2015-09-07 15:38 . 2015-09-06 23:42 81728 ----a-w- c:\windows\system32\drivers\asw8404.tmp
2015-09-07 15:38 . 2015-09-06 23:42 788784 ----a-w- c:\windows\system32\drivers\asw821F.tmp
2015-09-07 15:38 . 2015-09-06 23:42 95112 ----a-w- c:\windows\system32\drivers\ngv7F31.tmp
2015-09-07 14:04 . 2015-09-07 14:04 -------- d-----w- c:\users\remzi\AppData\Roaming\AVAST Software
2015-09-06 23:44 . 2015-09-06 23:44 -------- d-----w- c:\users\stq\AppData\Roaming\AVAST Software
2015-09-06 23:43 . 2015-09-06 23:44 -------- d-----w- c:\windows\system32\vbox
2015-09-06 23:42 . 2015-09-06 23:42 43112 ----a-w- c:\windows\avastSS.scr
2015-09-06 23:39 . 2015-09-06 23:39 -------- d-----w- c:\program files\AVAST Software
2015-09-06 23:36 . 2015-09-06 23:36 -------- d-----w- c:\programdata\AVAST Software
2015-09-05 15:27 . 2015-09-05 15:27 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06520B3A-86CD-428E-ABB3-F9DA8A176798}\offreg.2532.dll
2015-09-04 23:45 . 2015-09-04 23:45 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06520B3A-86CD-428E-ABB3-F9DA8A176798}\offreg.4428.dll
2015-09-04 23:44 . 2015-08-20 01:18 9234960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06520B3A-86CD-428E-ABB3-F9DA8A176798}\mpengine.dll
2015-09-04 20:40 . 2015-09-04 20:40 -------- d-----w- c:\users\remzi\AppData\Local\CEF
2015-09-04 20:32 . 2015-09-04 20:32 -------- d-----w- c:\program files\Common Files\Adobe
2015-09-04 20:30 . 2015-09-04 20:35 -------- d-----w- c:\users\remzi\AppData\Local\Adobe
2015-09-03 00:17 . 2015-09-03 00:17 -------- d-----w- c:\users\stq\AppData\Local\webkit
2015-09-02 14:21 . 2015-09-03 20:59 -------- d-----w- c:\users\stq\AppData\Local\gtk-2.0
2015-09-02 14:21 . 2015-09-02 16:02 -------- d-----w- c:\users\stq\.thumbnails
2015-09-02 14:19 . 2015-09-02 14:19 -------- d-----w- c:\users\stq\AppData\Local\fontconfig
2015-09-02 14:19 . 2015-09-03 21:01 -------- d-----w- c:\users\stq\.gimp-2.8
2015-09-02 14:19 . 2015-09-02 14:19 -------- d-----w- c:\users\stq\AppData\Local\gegl-0.2
2015-09-02 14:16 . 2015-09-02 14:18 -------- d-----w- c:\program files\GIMP 2
2015-08-31 09:59 . 2015-08-31 09:59 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2015-08-31 09:59 . 2015-08-31 09:59 15744 ----a-w- c:\windows\system32\drivers\lgandnetbus.sys
2015-08-31 09:59 . 2015-08-31 09:59 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2015-08-31 09:57 . 2015-08-31 09:57 -------- d-----w- c:\users\stq\.android
2015-08-31 09:57 . 2015-08-31 09:57 -------- d-----w- c:\users\stq\AppData\Roaming\HMYGSetting
2015-08-31 09:30 . 2015-08-31 09:30 -------- d-----w- c:\users\stq\AppData\Local\Wondershare
2015-08-31 09:30 . 2015-08-31 09:30 -------- d-----w- c:\program files\Common Files\Wondershare
2015-08-31 09:29 . 2015-08-31 10:43 -------- d--h--w- c:\program files\DrFoneAndroid_Temp
2015-08-31 09:29 . 2015-08-31 10:43 -------- d-----w- c:\program files\Wondershare
2015-08-31 09:29 . 2015-08-31 10:25 -------- d-----w- c:\programdata\Wondershare
2015-08-31 09:29 . 2015-08-31 09:30 -------- d-----w- c:\users\stq\AppData\Roaming\Wondershare
2015-08-30 10:58 . 2015-08-30 14:17 -------- d-----w- c:\users\stq\AppData\Roaming\Notepad++
2015-08-30 10:58 . 2015-08-30 10:58 -------- d-----w- c:\program files\Notepad++
2015-08-28 22:22 . 2015-08-28 22:22 -------- d-----w- c:\program files\Common Files\Skype
2015-08-27 09:15 . 2015-09-06 21:38 -------- d-----w- c:\users\stq\AppData\Local\Spotify
2015-08-27 09:15 . 2015-08-27 09:15 -------- d-----w- c:\users\stq\AppData\Local\CEF
2015-08-27 09:14 . 2015-09-06 21:38 -------- d-----w- c:\users\stq\AppData\Roaming\Spotify
2015-08-19 10:30 . 2015-08-11 00:33 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-14 16:28 . 2015-07-30 13:13 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 10:51 . 2015-07-01 20:30 206848 ----a-w- c:\windows\system32\WebClnt.dll
2015-08-12 10:50 . 2015-05-09 18:09 715200 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2015-08-12 10:50 . 2015-07-15 02:55 44032 ----a-w- c:\windows\system32\basesrv.dll
2015-08-12 10:50 . 2015-07-15 02:55 1390592 ----a-w- c:\windows\system32\msxml6.dll
2015-08-12 10:50 . 2015-07-15 02:55 1241088 ----a-w- c:\windows\system32\msxml3.dll
2015-08-12 10:50 . 2015-07-15 02:51 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-12 10:50 . 2015-07-15 02:51 2048 ----a-w- c:\windows\system32\msxml3r.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-15 18:38 . 2015-08-12 10:51 2560 ----a-w- c:\windows\system32\drivers\tr-TR\mountmgr.sys.mui
2015-07-15 17:43 . 2015-08-12 10:51 2560 ----a-w- c:\windows\system32\drivers\en-US\mountmgr.sys.mui
2015-07-04 17:48 . 2015-07-15 11:31 1414656 ----a-w- c:\windows\system32\ole32.dll
2015-06-23 10:27 . 2015-06-08 10:11 246952 ------w- c:\windows\system32\MpSigStub.exe
2015-06-17 17:39 . 2015-07-15 11:31 305664 ----a-w- c:\windows\system32\gdi32.dll
2015-06-15 21:47 . 2015-07-15 11:31 101824 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:43 . 2015-07-15 11:31 2364416 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:43 . 2015-07-15 11:31 337408 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:43 . 2015-07-15 11:31 1805824 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:43 . 2015-07-15 11:31 47104 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:42 . 2015-07-15 11:31 73216 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:37 . 2015-07-15 11:31 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-11 21:12 . 2015-06-11 21:12 86016 ----a-w- c:\windows\system32\iesysprep.dll
2015-06-11 21:12 . 2015-06-11 21:12 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2015-06-11 21:12 . 2015-06-11 21:12 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2015-06-11 21:12 . 2015-06-11 21:12 645120 ----a-w- c:\windows\system32\jsIntl.dll
2015-06-11 21:12 . 2015-06-11 21:12 62464 ----a-w- c:\windows\system32\tdc.ocx
2015-06-11 21:12 . 2015-06-11 21:12 48640 ----a-w- c:\windows\system32\mshtmler.dll
2015-06-11 21:12 . 2015-06-11 21:12 36352 ----a-w- c:\windows\system32\imgutil.dll
2015-06-11 21:12 . 2015-06-11 21:12 24576 ----a-w- c:\windows\system32\licmgr10.dll
2015-06-11 21:12 . 2015-06-11 21:12 194048 ----a-w- c:\windows\system32\elshyph.dll
2015-06-11 21:12 . 2015-06-11 21:12 182272 ----a-w- c:\windows\system32\msls31.dll
2015-06-11 21:12 . 2015-06-11 21:12 151552 ----a-w- c:\windows\system32\iexpress.exe
2015-06-11 21:12 . 2015-06-11 21:12 139264 ----a-w- c:\windows\system32\wextract.exe
2015-06-11 21:12 . 2015-06-11 21:12 13312 ----a-w- c:\windows\system32\mshta.exe
2015-06-11 21:12 . 2015-06-11 21:12 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2015-06-11 21:11 . 2015-06-11 21:11 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-06-11 21:11 . 2015-06-11 21:11 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2015-06-11 21:11 . 2015-06-11 21:11 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-06-11 21:11 . 2015-06-11 21:11 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-06-11 21:11 . 2015-06-11 21:11 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-06-11 21:11 . 2015-06-11 21:11 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2015-06-11 21:11 . 2015-06-11 21:11 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-06-11 21:11 . 2015-06-11 21:11 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-06-11 21:11 . 2015-06-11 21:11 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-06-11 21:11 . 2015-06-11 21:11 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-06-11 21:11 . 2015-06-11 21:11 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-06-11 21:11 . 2015-06-11 21:11 220160 ----a-w- c:\windows\system32\d3d10core.dll
2015-06-11 21:11 . 2015-06-11 21:11 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2015-06-11 21:11 . 2015-06-11 21:11 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2015-06-11 21:11 . 2015-06-11 21:11 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2015-06-11 21:11 . 2015-06-11 21:11 1080832 ----a-w- c:\windows\system32\d3d10.dll
2015-06-11 21:11 . 2015-06-11 21:11 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-06-11 21:11 . 2015-06-11 21:11 293376 ----a-w- c:\windows\system32\dxgi.dll
2015-06-11 21:11 . 2015-06-11 21:11 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2015-06-11 17:57 . 2015-07-15 11:31 919552 ----a-w- c:\windows\system32\rdpcorets.dll
2015-06-11 17:15 . 2015-07-15 11:31 134656 ----a-w- c:\windows\system32\rdpudd.dll
2015-06-11 17:15 . 2015-07-15 11:31 15872 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2015-06-10 00:12 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Spotify Web Helper"="c:\users\stq\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-09-03 2018360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe" [2014-11-20 748232]
"Raptr"="c:\progra~1\Raptr\raptrstub.exe" [2015-05-15 55568]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2015-06-08 366904]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1425208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2015-06-10 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1998-9-28 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R3 AndnetBus;LGE Mobile USB Composite Device;c:\windows\system32\DRIVERS\lgandnetbus.sys [2015-08-31 15744]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys [2014-10-27 40136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2014-11-21 212992]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWRVRT
*Deregistered* - VBoxAswDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ   DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-03 21:31 997704 ----a-w- c:\program files\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-06-08 10:06]
.
2015-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-06-08 10:06]
.
2015-09-07 c:\windows\Tasks\WpsNotifyTask_remzi.job
- c:\users\remzi\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\wtoolex\wpsnotify.exe [2015-06-08 16:11]
.
2015-09-07 c:\windows\Tasks\WpsNotifyTask_stq.job
- c:\users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\wtoolex\wpsnotify.exe [2015-06-24 17:21]
.
2015-09-07 c:\windows\Tasks\WpsUpdateTask_remzi.job
- c:\users\remzi\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\wtoolex\wpsupdate.exe [2015-06-08 16:12]
.
2015-09-07 c:\windows\Tasks\WpsUpdateTask_stq.job
- c:\users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\wtoolex\wpsupdate.exe [2015-06-24 17:21]
.
.
------- Supplementary Scan -------
.
LSP: %windir%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C22DE38D-1318-4CC6-94F6-4808D29586C2}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C22DE38D-1318-4CC6-94F6-4808D29586C2}\7433F523031363: NameServer = 8.8.8.8,8.8.4.4
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(7800)
c:\progra~1\Raptr\ltc_help32-96675.dll
.
Completion time: 2015-09-07  19:02:27
ComboFix-quarantined-files.txt  2015-09-07 16:02
.
Pre-Run: 202,230,829,056 bytes free
Post-Run: 203,552,067,584 bayt boş
.
- - End Of File - - 90EC205CF2FC2A7A05854B3474698252
A36C5E4F47E84449FF07ED3517B43A31
 


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:57 PM

Posted 07 September 2015 - 11:19 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 sarpstacus

sarpstacus
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 07 September 2015 - 11:23 AM

Hello Jürgen! Thanks for your answer! I'll be doing as you tell right away but before I wonder if it is possible to tell from the logs I posted in my first post that if I was infected or not?



#4 sarpstacus

sarpstacus
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 07 September 2015 - 11:36 AM

Here is FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-09-2015 01
Ran by stq (administrator) on STQ-PC (07-09-2015 19:24:36)
Running from C:\Users\stq\Downloads
Loaded Profiles: stq (Available Profiles: stq & remzi)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: İngilizce (Amerikan)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(VMware, Inc.) C:\Windows\System32\vmnat.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Raptr, Inc) C:\Program Files\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files\Raptr\raptr_im.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\slui.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [StartCCC] => C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748232 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Raptr] => C:\Program Files\Raptr\raptrstub.exe [55568 2015-05-15] (Raptr, Inc)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [366904 2015-06-08] (Power Software Ltd)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKU\S-1-5-21-3251776104-3319771587-1848663394-1000\...\Run: [Spotify Web Helper] => C:\Users\stq\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-09-04] (Spotify Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-06-10] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-07-31]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C22DE38D-1318-4CC6-94F6-4808D29586C2}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{C22DE38D-1318-4CC6-94F6-4808D29586C2}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3251776104-3319771587-1848663394-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3251776104-3319771587-1848663394-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M66B647DC-137E-4C5B-90D6-234107D1F6ED&SearchSource=55&CUI=&UM=6&UP=SPC9A1135C-B99B-4B3F-AFE7-D64D8CA9A1BE&SSPV=
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\stq\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\stq\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-08]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [63968 2015-05-21] (CyberGhost S.R.L)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [281488 2014-10-01] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [281488 2014-10-01] (Intel Corporation)
R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [87256 2015-04-28] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [359128 2015-04-28] (VMware, Inc.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [722624 2014-08-21] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [437976 2015-04-28] (VMware, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 WsDrvInst; C:\Program Files\Wondershare\Dr.Fone for Android\DriverInstall.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [40136 2014-10-28] (Advanced Micro Devices, Inc.)
S3 AndnetBus; C:\Windows\System32\DRIVERS\lgandnetbus.sys [15744 2015-08-31] (LG Electronics Inc.)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [43968 2014-08-21] (VMware, Inc.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-17] (Intel Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114304 2015-06-08] (Power Software Ltd)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [26456 2015-04-28] (VMware, Inc.)
R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [17104 2015-04-28] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [37456 2015-04-28] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26968 2015-04-28] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [66136 2015-04-28] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [63824 2013-10-08] (VMware, Inc.)
U3 catchme; \??\C:\Users\stq\AppData\Local\Temp\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-07 19:24 - 2015-09-07 19:24 - 00009265 _____ C:\Users\stq\Downloads\FRST.txt
2015-09-07 19:24 - 2015-09-07 19:24 - 00000000 ____D C:\FRST
2015-09-07 19:23 - 2015-09-07 19:23 - 01692160 _____ (Farbar) C:\Users\stq\Downloads\FRST.exe
2015-09-07 19:02 - 2015-09-07 19:02 - 00014692 _____ C:\ComboFix.txt
2015-09-07 18:40 - 2011-06-26 09:45 - 00256000 _____ C:\Windows\PEV.exe
2015-09-07 18:40 - 2010-11-07 20:20 - 00208896 _____ C:\Windows\MBR.exe
2015-09-07 18:40 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-09-07 18:40 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-09-07 18:40 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-09-07 18:40 - 2000-08-31 03:00 - 00098816 _____ C:\Windows\sed.exe
2015-09-07 18:40 - 2000-08-31 03:00 - 00080412 _____ C:\Windows\grep.exe
2015-09-07 18:40 - 2000-08-31 03:00 - 00068096 _____ C:\Windows\zip.exe
2015-09-07 18:38 - 2015-09-07 02:42 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\asw821F.tmp
2015-09-07 18:38 - 2015-09-07 02:42 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\asw88E8.tmp
2015-09-07 18:38 - 2015-09-07 02:42 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8946.tmp
2015-09-07 18:38 - 2015-09-07 02:42 - 00113592 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8BB7.tmp
2015-09-07 18:38 - 2015-09-07 02:42 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngv7F31.tmp
2015-09-07 18:38 - 2015-09-07 02:42 - 00081728 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8404.tmp
2015-09-07 18:38 - 2015-09-07 02:42 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\asw87FC.tmp
2015-09-07 18:38 - 2015-09-07 02:42 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8879.tmp
2015-09-07 18:38 - 2015-09-07 02:42 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\asw878D.tmp
2015-09-07 18:30 - 2015-09-07 19:02 - 00000000 ____D C:\Qoobox
2015-09-07 18:29 - 2015-09-07 19:00 - 00000000 ____D C:\Windows\erdnt
2015-09-07 17:50 - 2015-09-07 17:51 - 05635119 ____R (Swearware) C:\Users\stq\Downloads\ComboFix.exe
2015-09-07 17:04 - 2015-09-07 17:04 - 00000000 ____D C:\Users\remzi\AppData\Roaming\AVAST Software
2015-09-07 02:44 - 2015-09-07 02:44 - 00000000 ____D C:\Users\stq\AppData\Roaming\AVAST Software
2015-09-07 02:43 - 2015-09-07 02:44 - 00000000 ____D C:\Windows\system32\vbox
2015-09-07 02:43 - 2015-09-07 02:43 - 00002079 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-09-07 02:43 - 2015-09-07 02:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-09-07 02:42 - 2015-09-07 02:42 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-09-07 02:39 - 2015-09-07 02:39 - 00000000 ____D C:\Program Files\AVAST Software
2015-09-07 02:36 - 2015-09-07 02:36 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-07 02:34 - 2015-09-07 02:35 - 05685704 _____ (AVAST Software) C:\Users\stq\Downloads\avast_free_antivirus_setup_online.exe
2015-09-06 02:34 - 2015-09-06 02:34 - 00001087 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2015-09-06 02:31 - 2015-09-06 02:31 - 01199856 _____ ( ) C:\Users\stq\Downloads\hwmonitor_1.28.exe
2015-09-04 23:40 - 2015-09-04 23:40 - 00000000 ____D C:\Users\remzi\AppData\Local\CEF
2015-09-04 23:33 - 2015-09-04 23:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-09-04 23:33 - 2015-09-04 23:33 - 00002017 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-09-04 23:32 - 2015-09-04 23:35 - 00000000 ____D C:\ProgramData\Adobe
2015-09-04 23:32 - 2015-09-04 23:32 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-09-04 23:32 - 2015-09-04 23:32 - 00000000 ____D C:\Program Files\Adobe
2015-09-04 23:30 - 2015-09-04 23:35 - 00000000 ____D C:\Users\remzi\AppData\Local\Adobe
2015-09-04 23:28 - 2015-09-04 23:28 - 00664127 _____ C:\Users\remzi\Downloads\UĞURLU VERGİİLER.rar
2015-09-04 23:28 - 2015-09-04 23:28 - 00000000 ____D C:\Users\remzi\AppData\Roaming\WinRAR
2015-09-04 04:34 - 2015-09-04 22:08 - 00000000 ____D C:\Users\stq\Downloads\Mad.Max Fury.Road.2015.BDRip.265-WAR
2015-09-04 04:33 - 2015-09-04 04:33 - 00015375 _____ C:\Users\stq\Downloads\Mad.Max Fury.Road.2015.BDRip.265-WAR.torrent
2015-09-03 23:59 - 2015-09-03 23:59 - 00000859 _____ C:\Users\stq\AppData\Local\recently-used.xbel
2015-09-03 03:47 - 2015-09-03 03:47 - 00000265 _____ C:\Users\stq\Documents\bjk.al8
2015-09-03 03:17 - 2015-09-03 03:17 - 00000000 ____D C:\Users\stq\AppData\Local\webkit
2015-09-03 00:17 - 2015-09-03 00:17 - 00101259 _____ C:\Users\stq\Downloads\tomer-tercih-tablosu.xlsx
2015-09-02 19:33 - 2015-09-02 19:33 - 00000203 _____ C:\Users\stq\Documents\FDS.al8
2015-09-02 19:28 - 2015-09-02 19:28 - 00000339 _____ C:\Users\stq\Documents\BulletBestPP.al8
2015-09-02 17:56 - 2015-09-02 17:56 - 00000431 _____ C:\Users\stq\Desktop\BEST.al8
2015-09-02 17:35 - 2015-09-02 17:35 - 00052849 _____ C:\Users\stq\Downloads\pacifico.zip
2015-09-02 17:35 - 2015-09-02 17:35 - 00007834 _____ C:\Users\stq\Downloads\nevis.zip
2015-09-02 17:21 - 2015-09-03 23:59 - 00000000 ____D C:\Users\stq\AppData\Local\gtk-2.0
2015-09-02 17:21 - 2015-09-02 19:02 - 00000000 ____D C:\Users\stq\.thumbnails
2015-09-02 17:19 - 2015-09-04 00:01 - 00000000 ____D C:\Users\stq\.gimp-2.8
2015-09-02 17:19 - 2015-09-02 17:19 - 00000000 ____D C:\Users\stq\AppData\Local\gegl-0.2
2015-09-02 17:19 - 2015-09-02 17:19 - 00000000 ____D C:\Users\stq\AppData\Local\fontconfig
2015-09-02 17:18 - 2015-09-02 17:18 - 00001051 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-09-02 17:18 - 2015-09-02 17:18 - 00001039 _____ C:\Users\Public\Desktop\GIMP 2.lnk
2015-09-02 17:16 - 2015-09-02 17:18 - 00000000 ____D C:\Program Files\GIMP 2
2015-09-02 17:12 - 2015-09-02 17:15 - 91931728 _____ (The GIMP Team ) C:\Users\stq\Downloads\gimp-2.8.14-setup-1.exe
2015-09-02 17:04 - 2013-07-30 18:31 - 01922707 _____ C:\Users\stq\Desktop\Hamburger.psd
2015-09-02 17:04 - 2013-07-30 18:31 - 01810825 _____ C:\Users\stq\Desktop\McQueen.psd
2015-09-02 17:04 - 2013-07-30 18:30 - 01830590 _____ C:\Users\stq\Desktop\Pacific-Coast.psd
2015-09-02 17:04 - 2013-07-30 18:29 - 02008710 _____ C:\Users\stq\Desktop\Forged.psd
2015-09-02 17:04 - 2013-07-30 17:56 - 01899937 _____ C:\Users\stq\Desktop\Vintage-Apparel.psd
2015-09-02 17:04 - 2013-07-30 17:55 - 01104319 _____ C:\Users\stq\Desktop\Pompadour.psd
2015-08-31 21:14 - 2015-08-31 22:26 - 00002509 _____ C:\Users\stq\Documents\BLLTADPP.al8
2015-08-31 20:59 - 2015-08-31 20:59 - 00000819 _____ C:\Users\stq\Documents\BLLTAD.al8
2015-08-31 17:56 - 2015-06-30 12:07 - 47861600 _____ C:\Users\stq\Desktop\Minuum Keyboard v3.4.4 apkarchive.com.apk
2015-08-31 17:55 - 2015-08-31 17:56 - 46079130 _____ C:\Users\stq\Downloads\Minuum Keyboard v3.4.4 apkarchive.com.zip
2015-08-31 13:13 - 2015-08-31 13:13 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-08-31 12:59 - 2015-08-31 12:59 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2015-08-31 12:59 - 2015-08-31 12:59 - 00851176 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2015-08-31 12:59 - 2015-08-31 12:59 - 00015744 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetbus.sys
2015-08-31 12:57 - 2015-08-31 12:57 - 00000000 ____D C:\Users\stq\AppData\Roaming\HMYGSetting
2015-08-31 12:57 - 2015-08-31 12:57 - 00000000 ____D C:\Users\stq\.android
2015-08-31 12:30 - 2015-08-31 12:30 - 00000000 ____D C:\Users\stq\AppData\Local\Wondershare
2015-08-31 12:30 - 2015-08-31 12:30 - 00000000 ____D C:\Program Files\Common Files\Wondershare
2015-08-31 12:29 - 2015-08-31 13:43 - 00000000 ___HD C:\Program Files\DrFoneAndroid_Temp
2015-08-31 12:29 - 2015-08-31 13:43 - 00000000 ____D C:\Program Files\Wondershare
2015-08-31 12:29 - 2015-08-31 13:25 - 00000000 ____D C:\ProgramData\Wondershare
2015-08-31 12:29 - 2015-08-31 12:30 - 00000000 ____D C:\Users\stq\AppData\Roaming\Wondershare
2015-08-31 12:28 - 2015-08-31 12:29 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2015-08-31 12:28 - 2015-08-31 12:28 - 00933960 _____ C:\Users\stq\Downloads\drfone-for-android_setup_full1531.exe
2015-08-30 16:48 - 2015-08-31 21:04 - 00001797 _____ C:\Users\stq\Documents\bullet.al8
2015-08-30 13:58 - 2015-08-30 17:17 - 00000000 ____D C:\Users\stq\AppData\Roaming\Notepad++
2015-08-30 13:58 - 2015-08-30 13:58 - 00001023 _____ C:\Users\stq\Desktop\Notepad++.lnk
2015-08-30 13:58 - 2015-08-30 13:58 - 00001023 _____ C:\Users\remzi\Desktop\Notepad++.lnk
2015-08-30 13:58 - 2015-08-30 13:58 - 00000000 ____D C:\Users\stq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-08-30 13:58 - 2015-08-30 13:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-08-30 13:58 - 2015-08-30 13:58 - 00000000 ____D C:\Program Files\Notepad++
2015-08-30 13:57 - 2015-08-30 13:57 - 05264801 _____ C:\Users\stq\Downloads\npp.6.8.2.Installer.exe
2015-08-30 13:41 - 2015-08-30 13:51 - 00000000 ____D C:\Users\stq\Downloads\True.Detective.Season.1.Complete.HDTV.x264-SCENE
2015-08-30 11:59 - 2015-08-30 12:01 - 00000000 ____D C:\Users\stq\Downloads\Dexter.S01.DVDRip.XviD-SAiNTS
2015-08-30 11:59 - 2015-08-30 11:59 - 00022353 _____ C:\Users\stq\Downloads\Dexter.S01.DVDRip.XviD-SAiNTS.torrent
2015-08-29 01:22 - 2015-08-29 01:22 - 00002693 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-29 01:22 - 2015-08-29 01:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-29 01:22 - 2015-08-29 01:22 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-08-28 01:08 - 2015-08-28 01:08 - 00001133 _____ C:\Users\stq\Documents\asd.al8
2015-08-27 18:15 - 2015-08-27 18:15 - 00000679 _____ C:\Users\stq\Documents\SPORTS.al8
2015-08-27 18:11 - 2015-08-27 18:12 - 00000677 _____ C:\Users\stq\Documents\culture.al8
2015-08-27 16:39 - 2015-08-27 16:39 - 00000000 ____D C:\Users\stq\Downloads\AAA Logo 2010 Business Edition v3.1 Portable
2015-08-27 16:38 - 2015-08-27 16:38 - 00003277 _____ C:\Users\stq\Downloads\AAA Logo 2010 Business Edition v3.1 Portable.torrent
2015-08-27 12:42 - 2015-08-27 12:42 - 04040507 _____ C:\Users\stq\Downloads\black_mart.apk
2015-08-27 12:15 - 2015-09-07 00:38 - 00000000 ____D C:\Users\stq\AppData\Local\Spotify
2015-08-27 12:15 - 2015-08-27 12:15 - 00001793 _____ C:\Users\stq\Desktop\Spotify.lnk
2015-08-27 12:15 - 2015-08-27 12:15 - 00001779 _____ C:\Users\stq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-08-27 12:15 - 2015-08-27 12:15 - 00000000 ____D C:\Users\stq\AppData\Local\CEF
2015-08-27 12:14 - 2015-09-07 00:38 - 00000000 ____D C:\Users\stq\AppData\Roaming\Spotify
2015-08-19 13:30 - 2015-08-11 03:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 13:30 - 2015-08-11 03:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-14 19:28 - 2015-07-30 16:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 13:52 - 2015-07-20 20:56 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 13:52 - 2015-07-20 20:56 - 02061312 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 13:52 - 2015-07-20 20:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 13:52 - 2015-07-20 20:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 13:52 - 2015-07-20 20:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 13:52 - 2015-07-20 20:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 13:52 - 2015-07-20 20:56 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 13:52 - 2015-07-20 20:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 13:52 - 2015-07-20 20:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 13:52 - 2015-07-20 20:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 13:52 - 2015-07-20 20:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 13:52 - 2015-07-10 20:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 13:52 - 2015-07-10 20:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 13:52 - 2015-07-10 20:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-12 13:51 - 2015-07-30 20:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 13:51 - 2015-07-30 20:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 13:51 - 2015-07-30 20:57 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 13:51 - 2015-07-30 20:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-12 13:51 - 2015-07-30 20:57 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 13:51 - 2015-07-30 20:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-12 13:51 - 2015-07-30 20:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-12 13:51 - 2015-07-30 19:52 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 13:51 - 2015-07-30 19:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 13:51 - 2015-07-21 03:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-12 13:51 - 2015-07-16 23:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-12 13:51 - 2015-07-16 22:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 13:51 - 2015-07-16 22:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-12 13:51 - 2015-07-16 22:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 13:51 - 2015-07-16 22:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-12 13:51 - 2015-07-16 22:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-12 13:51 - 2015-07-16 22:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 13:51 - 2015-07-16 22:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 13:51 - 2015-07-16 22:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-12 13:51 - 2015-07-16 22:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 13:51 - 2015-07-16 22:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 13:51 - 2015-07-16 22:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 13:51 - 2015-07-16 22:39 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-12 13:51 - 2015-07-16 22:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-12 13:51 - 2015-07-16 22:32 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-12 13:51 - 2015-07-16 22:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 13:51 - 2015-07-16 22:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 13:51 - 2015-07-16 22:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-12 13:51 - 2015-07-16 22:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 13:51 - 2015-07-16 22:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 13:51 - 2015-07-16 22:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 13:51 - 2015-07-16 22:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 13:51 - 2015-07-16 22:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 13:51 - 2015-07-16 22:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 13:51 - 2015-07-16 22:06 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-12 13:51 - 2015-07-16 22:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-12 13:51 - 2015-07-16 21:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 13:51 - 2015-07-16 21:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 13:51 - 2015-07-16 21:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-12 13:51 - 2015-07-15 20:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-12 13:51 - 2015-07-15 20:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 13:51 - 2015-07-15 20:59 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 13:51 - 2015-07-15 20:59 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 13:51 - 2015-07-15 20:59 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 13:51 - 2015-07-15 20:56 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 13:51 - 2015-07-15 20:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 13:51 - 2015-07-15 20:55 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 13:51 - 2015-07-15 20:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 13:51 - 2015-07-15 20:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 13:51 - 2015-07-15 20:55 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 13:51 - 2015-07-15 20:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 13:51 - 2015-07-15 20:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 13:51 - 2015-07-15 20:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 13:51 - 2015-07-15 20:55 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 13:51 - 2015-07-15 20:54 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 13:51 - 2015-07-15 20:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 13:51 - 2015-07-15 20:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 13:51 - 2015-07-15 20:54 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 13:51 - 2015-07-15 20:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 13:51 - 2015-07-15 20:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 13:51 - 2015-07-15 20:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 13:51 - 2015-07-15 20:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 13:51 - 2015-07-15 20:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 13:51 - 2015-07-15 20:54 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 13:51 - 2015-07-15 20:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 13:51 - 2015-07-15 20:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 13:51 - 2015-07-15 20:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 13:51 - 2015-07-15 20:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 13:51 - 2015-07-15 20:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 13:51 - 2015-07-15 20:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 13:51 - 2015-07-15 20:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 13:51 - 2015-07-15 19:36 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 13:51 - 2015-07-15 19:36 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 13:51 - 2015-07-15 19:36 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 13:51 - 2015-07-09 20:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 13:51 - 2015-07-09 20:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 13:51 - 2015-07-01 23:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 13:51 - 2015-07-01 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 13:50 - 2015-07-15 05:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 13:50 - 2015-07-15 05:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 13:50 - 2015-07-15 05:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 13:50 - 2015-07-15 05:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 13:50 - 2015-07-15 05:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 13:50 - 2015-07-10 20:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 13:50 - 2015-05-09 21:09 - 00715200 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-07 19:03 - 2009-07-14 07:34 - 00013904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-07 19:03 - 2009-07-14 07:34 - 00013904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-07 19:02 - 2009-07-14 05:37 - 00000000 __RHD C:\Users\Default
2015-09-07 19:02 - 2009-07-14 05:37 - 00000000 ___RD C:\Users\Public
2015-09-07 19:01 - 2015-06-08 19:12 - 00000388 _____ C:\Windows\Tasks\WpsNotifyTask_remzi.job
2015-09-07 18:55 - 2009-07-14 05:04 - 00000215 _____ C:\Windows\system.ini
2015-09-07 18:50 - 2015-06-08 12:03 - 01786076 _____ C:\Windows\WindowsUpdate.log
2015-09-07 18:48 - 2015-06-24 20:22 - 00000380 _____ C:\Windows\Tasks\WpsNotifyTask_stq.job
2015-09-07 18:45 - 2015-06-24 20:22 - 00000380 _____ C:\Windows\Tasks\WpsUpdateTask_stq.job
2015-09-07 18:36 - 2015-07-02 08:08 - 00000000 ____D C:\Users\stq\AppData\Roaming\Skype
2015-09-07 18:30 - 2015-06-08 13:06 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-07 18:29 - 2015-06-08 19:12 - 00000388 _____ C:\Windows\Tasks\WpsUpdateTask_remzi.job
2015-09-07 17:34 - 2015-06-08 13:06 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-07 17:04 - 2015-06-08 19:05 - 00000000 ____D C:\Users\remzi\AppData\Roaming\Raptr
2015-09-07 14:46 - 2015-06-08 16:17 - 00659376 _____ C:\Windows\system32\perfh01F.dat
2015-09-07 14:46 - 2015-06-08 16:17 - 00141248 _____ C:\Windows\system32\perfc01F.dat
2015-09-07 14:46 - 2015-06-08 12:47 - 01577908 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-07 14:44 - 2015-06-08 15:39 - 00000000 ____D C:\Users\stq\AppData\Roaming\Raptr
2015-09-07 14:40 - 2015-06-12 04:34 - 00000000 ____D C:\ProgramData\VMware
2015-09-07 14:40 - 2015-06-08 14:58 - 00009818 _____ C:\Windows\PFRO.log
2015-09-07 14:40 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-07 14:40 - 2009-07-14 07:39 - 00039091 _____ C:\Windows\setupact.log
2015-09-06 17:47 - 2015-07-05 20:55 - 00119808 _____ C:\Users\remzi\Documents\BİROL.xls
2015-09-06 02:34 - 2015-06-08 14:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-09-06 02:34 - 2015-06-08 14:34 - 00000000 ____D C:\Program Files\CPUID
2015-09-05 03:54 - 2015-06-12 03:05 - 00000000 ____D C:\Users\stq\AppData\Roaming\BitTorrent
2015-09-04 23:39 - 2015-06-12 16:26 - 00000000 ____D C:\Users\remzi\AppData\Roaming\Adobe
2015-09-04 23:27 - 2015-06-08 12:48 - 00000000 ____D C:\Veri
2015-09-03 15:56 - 2015-06-08 19:05 - 00064368 _____ C:\Users\remzi\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-03 13:31 - 2009-07-14 07:33 - 00281512 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-02 17:47 - 2015-06-08 13:06 - 00064368 _____ C:\Users\stq\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-02 17:21 - 2015-06-08 12:06 - 00000000 ____D C:\Users\stq
2015-08-31 13:42 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\NDF
2015-08-31 12:30 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-29 16:18 - 2015-06-08 20:14 - 00000000 ____D C:\Users\stq\AppData\Roaming\CodeBlocks
2015-08-29 16:16 - 2015-06-08 20:15 - 00000000 ____D C:\Users\stq\Desktop\projeler
2015-08-29 01:22 - 2015-07-02 08:08 - 00000000 ___RD C:\Program Files\Skype
2015-08-29 01:22 - 2015-07-02 08:08 - 00000000 ____D C:\ProgramData\Skype
2015-08-28 14:50 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\rescache
2015-08-14 21:03 - 2015-06-08 16:15 - 00000000 ____D C:\Windows\system32\Drivers\tr-TR
2015-08-14 21:03 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\tr-TR
2015-08-14 19:43 - 2015-06-08 15:58 - 00000000 ____D C:\Windows\system32\MRT
2015-08-14 19:31 - 2015-06-08 15:58 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2015-09-03 23:59 - 2015-09-03 23:59 - 0000859 _____ () C:\Users\stq\AppData\Local\recently-used.xbel
2015-07-31 14:56 - 2015-07-31 15:02 - 0000622 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-01 23:46
 
==================== End of FRST.txt ============================


#5 sarpstacus

sarpstacus
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 07 September 2015 - 11:40 AM

And here is addition:  (NOTE: Because of my OS language being Turkish some stuff on the .txt files were also Turkish. Would it create a problem? Is there a way I can turn it into English if it is necessary?)

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:06-09-2015 01
Ran by stq (2015-09-07 19:25:21)
Running from C:\Users\stq\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2015-06-08 19:01:24)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3251776104-3319771587-1848663394-500 - Administrator - Disabled)
Guest (S-1-5-21-3251776104-3319771587-1848663394-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3251776104-3319771587-1848663394-1004 - Limited - Enabled)
remzi (S-1-5-21-3251776104-3319771587-1848663394-1001 - Administrator - Enabled) => C:\Users\remzi
stq (S-1-5-21-3251776104-3319771587-1848663394-1000 - Administrator - Enabled) => C:\Users\stq
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC - Turkish (HKLM\...\{AC76BA86-7AD7-1055-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{DE7D695C-2EC7-AFDF-F786-6E938DE83175}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
BitTorrent (HKU\S-1-5-21-3251776104-3319771587-1848663394-1000\...\BitTorrent) (Version: 7.9.4.40912 - BitTorrent Inc.)
BS.Player FREE (HKLM\...\BSPlayerf) (Version: 2.69.1079 - AB Team, d.o.o.)
CodeBlocks (HKU\S-1-5-21-3251776104-3319771587-1848663394-1000\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CPUID HWMonitor Pro 1.23 (HKLM\...\CPUID HWMonitorPro_is1) (Version:  - )
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
ESU for Microsoft Windows 7 (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Fallout (HKLM\...\GOGPACKFALLOUT_is1) (Version: 2.0.0.14 - GOG.com)
FileZilla Client 3.11.0.2 (HKU\S-1-5-21-3251776104-3319771587-1848663394-1000\...\FileZilla Client) (Version: 3.11.0.2 - Tim Kosse)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
JetBrains PyCharm Community Edition 4.5.2 (HKLM\...\PyCharm Community Edition 4.5.2) (Version: 141.1580 - JetBrains s.r.o.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM\...\{0001041F-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.8.2 - Notepad++ Team)
PowerISO (HKLM\...\PowerISO) (Version: 6.3 - Power Software Ltd)
Ralink RT3290 802.11bgn 1x1 Wi-Fi Adapter (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.12.0 - Ralink)
Raptr (HKLM\...\Raptr) (Version:  - )
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.8 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3251776104-3319771587-1848663394-1000\...\Spotify) (Version: 1.0.13.108.gcd94e7db - Spotify AB)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
VMware Player (HKLM\...\VMware_Player) (Version: 6.0.6 - VMware, Inc)
VMware Player (Version: 6.0.6 - VMware, Inc.) Hidden
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WPS Office (9.1.0.5050) (HKU\S-1-5-21-3251776104-3319771587-1848663394-1000\...\Kingsoft Office) (Version: 9.1.0.5050 - Kingsoft Corp.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{00020812-0000-0000-C000-000000000046}\localserver32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{00020820-0000-0000-C000-000000000046}\localserver32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{00020821-0000-0000-C000-000000000046}\localserver32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{00020830-0000-0000-C000-000000000046}\localserver32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{00020832-0000-0000-C000-000000000046}\localserver32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{00020900-0000-0000-C000-000000000046}\localserver32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{00020906-0000-0000-C000-000000000046}\localserver32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{00020906-0000-4b30-A977-D214852036FF}\localserver32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{00020907-0000-0000-C000-000000000046}\localserver32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{000209F0-0000-4b30-A977-D214852036FF}\InprocServer32 ->  No File
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{000209FE-0000-0000-C000-000000000046}\localserver32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{000209FF-0000-0000-C000-000000000046}\localserver32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{000209FF-0000-4b30-A977-D214852036FF}\localserver32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{00024500-0000-0000-C000-000000000046}\localserver32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{00024512-0000-0000-C000-000000000046}\InprocServer32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\refedit.dll ()
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{0002CE21-0000-0000-C000-000000000046}\localserver32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\mui\default\resource\ksee\EqnEdit.exe (Design Science, Inc.)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\localserver32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{18A06B6B-2F3F-4E2B-A611-52BE631B2D22}\localserver32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{3C18EAE4-BC25-4134-B7DF-1ECA1337DDDC}\localserver32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{44720441-94BF-4940-926D-4F38FECF2A48}\localserver32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{44720444-94BF-4940-926D-4F38FECF2A48}\localserver32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{45540001-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{45540003-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{45540086-5750-5300-4B49-4E47534F4655}\InprocServer32 ->  No File
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{45540086-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{4D4E0078-1386-4536-BD05-3E1013F17116}\InprocServer32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\oledefaulthandler.dll (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{64818D10-4F9B-11CF-86EA-00AA00B929E8}\localserver32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{64818D11-4F9B-11CF-86EA-00AA00B929E8}\localserver32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F}\InprocServer32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\qingshellext.dll (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{75D01070-1234-44E9-82F6-DB5B39A47C13}\localserver32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{8A624388-AA27-43E0-89F8-2A12BFF7BCCD}\localserver32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{912ABC52-36E2-4714-8E62-A8B73CA5E390}\localserver32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{91493441-5A91-11CF-8700-00AA0060263B}\localserver32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{91493443-94BF-4940-926D-4F38FECF2A48}\InprocServer32 ->  No File
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{B722BCCD-4E68-101B-A2BC-00AA00404770}\InprocServer32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\ksoapi.dll (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{CF4F55F4-8F87-4D47-80BB-5808164BB3F8}\localserver32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{DC020317-E6E2-4A62-B9FA-B3EFE16626F4}\localserver32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3251776104-3319771587-1848663394-1000_Classes\CLSID\{F4754C9B-64F5-4B40-8AF4-679732AC0607}\localserver32 -> C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
 
==================== Restore Points =========================
 
07-09-2015 18:36:57 avast! antivirus system restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 05:04 - 2009-06-11 00:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {166F12E6-4EA9-4E6A-AA13-41E27CCA57EE} - System32\Tasks\WpsNotifyTask_stq => C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\wtoolex\wpsnotify.exe [2015-06-24] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {17759DBD-C3F1-4804-9B8E-C4DC7441128F} - System32\Tasks\WpsNotifyTask_remzi => C:\Users\remzi\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\wtoolex\wpsnotify.exe [2015-06-08] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {1CD6BEA5-9EB3-49C7-8736-F7606EA6B746} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-08] (Google Inc.)
Task: {212B7A30-B87B-4545-BD9F-E5279C66FF72} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-08] (Google Inc.)
Task: {41A55BAB-7F71-47F9-92BD-E9DE48F2BBAE} - System32\Tasks\{13B3EC0E-E425-4CE2-B6C6-49C390C5554C} => pcalua.exe -a D:\setup.exe -d D:\
Task: {41AE09A1-AB22-4D87-A388-405B64F5F8BC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {58CA1268-AEC8-46C4-BCDC-C78651367B3A} - System32\Tasks\WpsUpdateTask_stq => C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\wtoolex\wpsupdate.exe [2015-06-24] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {88B9945C-283B-4A2E-8171-DD10CF0DC148} - System32\Tasks\WpsUpdateTask_remzi => C:\Users\remzi\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\wtoolex\wpsupdate.exe [2015-06-08] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {E12E0242-2C4F-4396-83D2-B6FA420285FA} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3251776104-3319771587-1848663394-1001
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WpsNotifyTask_remzi.job => C:\Users\remzi\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\wtoolex\wpsnotify.exe
Task: C:\Windows\Tasks\WpsNotifyTask_stq.job => C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\wtoolex\wpsnotify.exe
Task: C:\Windows\Tasks\WpsUpdateTask_remzi.job => C:\Users\remzi\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\wtoolex\wpsupdate.exe
Task: C:\Windows\Tasks\WpsUpdateTask_stq.job => C:\Users\stq\AppData\Local\Kingsoft\WPS Office\9.1.0.5050\wtoolex\wpsupdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-04-28 13:35 - 2015-04-28 13:35 - 01301720 _____ () C:\Program Files\VMware\VMware Player\libxml2.dll
2010-11-23 01:56 - 2010-11-23 01:56 - 00087040 _____ () C:\Program Files\Raptr\_ctypes.pyd
2010-11-23 01:56 - 2010-11-23 01:56 - 00043008 _____ () C:\Program Files\Raptr\_socket.pyd
2010-11-23 01:56 - 2010-11-23 01:56 - 00805376 _____ () C:\Program Files\Raptr\_ssl.pyd
2014-05-14 02:26 - 2014-05-14 02:26 - 05812736 _____ () C:\Program Files\Raptr\PyQt4.QtGui.pyd
2014-05-14 02:26 - 2014-05-14 02:26 - 00067584 _____ () C:\Program Files\Raptr\sip.pyd
2014-05-14 02:26 - 2014-05-14 02:26 - 01662464 _____ () C:\Program Files\Raptr\PyQt4.QtCore.pyd
2014-05-14 02:26 - 2014-05-14 02:26 - 00494592 _____ () C:\Program Files\Raptr\PyQt4.QtNetwork.pyd
2010-11-23 01:57 - 2010-11-23 01:57 - 00096256 _____ () C:\Program Files\Raptr\win32api.pyd
2010-11-23 01:56 - 2010-11-23 01:56 - 00110592 _____ () C:\Program Files\Raptr\pywintypes26.dll
2010-11-23 01:56 - 2010-11-23 01:56 - 00010240 _____ () C:\Program Files\Raptr\select.pyd
2010-11-23 01:56 - 2010-11-23 01:56 - 00356864 _____ () C:\Program Files\Raptr\_hashlib.pyd
2010-11-23 01:57 - 2010-11-23 01:57 - 00036352 _____ () C:\Program Files\Raptr\win32process.pyd
2010-11-23 01:57 - 2010-11-23 01:57 - 00111104 _____ () C:\Program Files\Raptr\win32file.pyd
2010-11-23 01:56 - 2010-11-23 01:56 - 00044544 _____ () C:\Program Files\Raptr\_sqlite3.pyd
2011-02-15 21:17 - 2011-02-15 21:17 - 00417501 _____ () C:\Program Files\Raptr\sqlite3.dll
2010-11-23 01:57 - 2010-11-23 01:57 - 00167936 _____ () C:\Program Files\Raptr\win32gui.pyd
2014-05-14 02:26 - 2014-05-14 02:26 - 00313856 _____ () C:\Program Files\Raptr\PyQt4.QtWebKit.pyd
2010-11-23 01:56 - 2010-11-23 01:56 - 00127488 _____ () C:\Program Files\Raptr\pyexpat.pyd
2010-11-23 01:56 - 2010-11-23 01:56 - 00009216 _____ () C:\Program Files\Raptr\winsound.pyd
2014-08-14 03:37 - 2014-08-14 03:37 - 00113171 _____ () C:\Program Files\Raptr\libvlc.dll
2014-08-14 03:37 - 2014-08-14 03:37 - 02396691 _____ () C:\Program Files\Raptr\libvlccore.dll
2010-11-23 01:56 - 2010-11-23 01:56 - 00583680 _____ () C:\Program Files\Raptr\unicodedata.pyd
2010-11-23 01:56 - 2010-11-23 01:56 - 00354304 _____ () C:\Program Files\Raptr\pythoncom26.dll
2010-11-23 01:57 - 2010-11-23 01:57 - 00263168 _____ () C:\Program Files\Raptr\win32com.shell.shell.pyd
2010-11-23 01:56 - 2010-11-23 01:56 - 00324608 _____ () C:\Program Files\Raptr\PIL._imaging.pyd
2013-11-21 03:05 - 2013-11-21 03:05 - 00256000 _____ () C:\Program Files\Raptr\amd_ags.dll
2010-11-23 01:57 - 2010-11-23 01:57 - 00141312 _____ () C:\Program Files\Raptr\gobject._gobject.pyd
2014-06-18 03:56 - 2014-06-18 03:56 - 02717595 _____ () C:\Program Files\Raptr\heliotrope._purple.pyd
2011-02-15 21:17 - 2011-02-15 21:17 - 01213633 _____ () C:\Program Files\Raptr\libxml2-2.dll
2010-11-23 02:06 - 2010-11-23 02:06 - 00055808 _____ () C:\Program Files\Raptr\zlib1.dll
2013-05-10 02:52 - 2013-05-10 02:52 - 00495680 _____ () C:\Program Files\Raptr\plugins\libaim.dll
2013-05-10 02:52 - 2013-05-10 02:52 - 01183699 _____ () C:\Program Files\Raptr\liboscar.dll
2013-05-10 02:52 - 2013-05-10 02:52 - 00483306 _____ () C:\Program Files\Raptr\plugins\libicq.dll
2013-05-03 21:57 - 2013-05-03 21:57 - 00655356 _____ () C:\Program Files\Raptr\plugins\libirc.dll
2013-05-03 21:56 - 2013-05-03 21:56 - 01306387 _____ () C:\Program Files\Raptr\plugins\libmsn.dll
2013-05-03 21:56 - 2013-05-03 21:56 - 00565461 _____ () C:\Program Files\Raptr\plugins\libxmpp.dll
2013-05-03 21:57 - 2013-05-03 21:57 - 01640221 _____ () C:\Program Files\Raptr\libjabber.dll
2013-05-03 21:56 - 2013-05-03 21:56 - 00506276 _____ () C:\Program Files\Raptr\plugins\libyahoo.dll
2013-05-03 21:57 - 2013-05-03 21:57 - 01053730 _____ () C:\Program Files\Raptr\libymsg.dll
2013-05-03 21:57 - 2013-05-03 21:57 - 00497782 _____ () C:\Program Files\Raptr\plugins\libyahoojp.dll
2013-05-03 21:57 - 2013-05-03 21:57 - 00603326 _____ () C:\Program Files\Raptr\plugins\ssl-nss.dll
2013-05-03 21:57 - 2013-05-03 21:57 - 00474199 _____ () C:\Program Files\Raptr\plugins\ssl.dll
2015-09-07 02:42 - 2015-09-07 02:42 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-09-07 02:42 - 2015-09-07 02:42 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-02 18:20 - 2015-06-02 18:20 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2015-09-04 00:34 - 2015-08-28 03:17 - 01501512 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.85\libglesv2.dll
2015-09-04 00:34 - 2015-08-28 03:17 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.85\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3251776104-3319771587-1848663394-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{2B56E901-DAE1-44AF-9055-CC4883102940}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{08A46581-DE42-4DF5-95D7-42FBF291F1A5}] => (Allow) C:\Program Files\Raptr\raptr.exe
FirewallRules: [{1BF9BDD5-CE39-4757-9B0E-B53107B4B627}] => (Allow) C:\Program Files\Raptr\raptr.exe
FirewallRules: [{15451D0B-0851-4528-A0D2-8B8081CCF35D}] => (Allow) C:\Program Files\Raptr\raptr_im.exe
FirewallRules: [{BDA7AC3F-FE16-4033-ACFF-9674942F75ED}] => (Allow) C:\Program Files\Raptr\raptr_im.exe
FirewallRules: [{C85882C5-7623-4C38-BB37-1D3C7C18F6D8}] => (Allow) C:\Users\stq\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{DF4ED59B-3231-4AD8-82C1-6D6221E4248B}] => (Allow) C:\Users\stq\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{06CAAC37-A1E6-4232-AF59-A35EFE445F0E}] => (Allow) C:\Program Files\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{17993BC9-4601-48DA-BCE3-1F8CBFB11434}] => (Allow) C:\Program Files\VMware\VMware Player\vmware-authd.exe
FirewallRules: [TCP Query User{DD7D5FE5-9EB9-4DB1-A217-6D24F5A361AE}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{CF84197E-19C6-4FBB-B0DB-0B576668598D}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [{21B8278D-8B07-464E-9747-70F41C9AAE60}] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [{A49C5B3A-8FA6-45B7-B27C-35D29CAFE55B}] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [TCP Query User{2F236FB4-1B76-471A-BACF-80AB84DF2219}C:\program files\jetbrains\pycharm community edition 4.5.2\bin\pycharm.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 4.5.2\bin\pycharm.exe
FirewallRules: [UDP Query User{84CFC0BB-CA14-4C6E-8E65-CC35F9FBDB7E}C:\program files\jetbrains\pycharm community edition 4.5.2\bin\pycharm.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 4.5.2\bin\pycharm.exe
FirewallRules: [{861E56A2-7DEC-478D-A56D-B6CFDAC91BCD}] => (Block) C:\program files\jetbrains\pycharm community edition 4.5.2\bin\pycharm.exe
FirewallRules: [{B453C552-21E9-4144-A4AB-DFE0501FB8EF}] => (Block) C:\program files\jetbrains\pycharm community edition 4.5.2\bin\pycharm.exe
FirewallRules: [{9FFED001-A130-4400-8117-21D577AF2919}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{A0953B13-4C36-4118-93ED-846623D813A2}C:\users\stq\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\stq\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{801484AC-00A7-4B6A-9172-C76643650230}C:\users\stq\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\stq\appdata\roaming\spotify\spotify.exe
FirewallRules: [{32A3717F-939C-44F0-987D-8ACB74B6AA57}] => (Block) C:\users\stq\appdata\roaming\spotify\spotify.exe
FirewallRules: [{91B0CB93-5246-4F17-8CAA-F85D83CBBE9D}] => (Block) C:\users\stq\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C41858FE-8774-4332-9ACD-A4388C86FA3C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Aygıtı
Description: PCI Aygıtı
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Ethernet Denetleyicisi
Description: Ethernet Denetleyicisi
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Denetleyici
Description: Bluetooth Denetleyici
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: SM Bus Denetleyicisi
Description: SM Bus Denetleyicisi
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Universal Serial Bus (USB) Denetleyicisi
Description: Universal Serial Bus (USB) Denetleyicisi
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/07/2015 06:38:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Hatalı uygulama adı: AvastSvc.exe, sürüm: 10.3.2225.1172, zaman damgası: 0x55b667ac
Hatalı modül adı: RPCRT4.dll, sürüm: 6.1.7601.18933, zaman damgası: 0x55a69dc8
Özel durum kodu: 0xc0020043
Hata uzaklığı 0x00062460
Hatalı işlem kimliği: 0x698
Uygulama başlangıç zamanı: 0xAvastSvc.exe0
Hatalı uygulama yolu: AvastSvc.exe1
Hatalı modül yolu: AvastSvc.exe2
Rapor kimliği: AvastSvc.exe3
 
Error: (09/07/2015 06:36:56 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Birim Gölge Kopya Hizmeti hatası: IVssWriterCallback arabirimi sorgulanırken hata oluştu.  hr = 0x80070005, Access is denied.
.
Bu duruma genellikle yazan veya istekte bulunan işlemdeki yanlış güvenlik ayarları neden olur.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {8bac9ab5-15cf-43e9-94e9-33a21ad773a9}
 
Error: (09/07/2015 05:03:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Hatalı uygulama adı: CCC.exe, sürüm: 4.5.0.0, zaman damgası: 0x53ad0dcc
Hatalı modül adı: unknown, sürüm: 0.0.0.0, zaman damgası: 0x00000000
Özel durum kodu: 0xc0000005
Hata uzaklığı 0x072dda67
Hatalı işlem kimliği: 0xee4
Uygulama başlangıç zamanı: 0xCCC.exe0
Hatalı uygulama yolu: CCC.exe1
Hatalı modül yolu: CCC.exe2
Rapor kimliği: CCC.exe3
 
Error: (09/07/2015 05:03:49 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: CCC.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at ATI.ACE.CLI.Component.Runtime.Runtime.Invoke(Boolean, System.String, Int32, System.String, ATI.ACE.CLI.Foundation.RuntimeInvokeRoutine, System.Object[])
   at ATI.ACE.CLI.Component.Runtime.Runtime.Invoke(System.String, Int32, System.String, ATI.ACE.CLI.Foundation.RuntimeInvokeRoutine, System.Object[])
   at ATI.ACE.CLI.Aspect.PowerXpress.Graphics.Runtime.RT_PowerXpress.InstallScanWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (09/07/2015 02:39:05 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Birim Gölge Kopya Hizmeti hatası: IVssWriterCallback arabirimi sorgulanırken hata oluştu.  hr = 0x80070005, Access is denied.
.
Bu duruma genellikle yazan veya istekte bulunan işlemdeki yanlış güvenlik ayarları neden olur.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c010c760-4d6b-46a5-aba8-4a53eb5e13f8}
 
Error: (09/07/2015 12:21:30 AM) (Source: MsiInstaller) (EventID: 11706) (User: stq-PC)
Description: Ürün: Microsoft Office 2000 Professional -- Hata 1706. Microsoft Office 2000 Professional ürünü için geçerli bir kaynak bulunamadı.  Windows installer devam edemiyor.
 
Error: (09/04/2015 11:40:16 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 
 
Error: (09/04/2015 11:39:51 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 
 
Error: (09/04/2015 11:39:41 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 
 
Error: (09/04/2015 11:39:38 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 
 
 
System errors:
=============
Error: (09/07/2015 06:54:54 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart hizmeti, etkileşimli bir hizmet olarak işaretli.  Ancak sistem, etkileşimli hizmetlere izin vermeyecek şekilde yapılandırıldı.  Bu hizmet düzgün çalışmayabilir.
 
Error: (09/07/2015 06:48:08 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart hizmeti, etkileşimli bir hizmet olarak işaretli.  Ancak sistem, etkileşimli hizmetlere izin vermeyecek şekilde yapılandırıldı.  Bu hizmet düzgün çalışmayabilir.
 
Error: (09/07/2015 06:42:53 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart hizmeti, etkileşimli bir hizmet olarak işaretli.  Ancak sistem, etkileşimli hizmetlere izin vermeyecek şekilde yapılandırıldı.  Bu hizmet düzgün çalışmayabilir.
 
Error: (09/07/2015 05:29:02 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (09/07/2015 02:41:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: CyberGhost 5 Client Service hizmeti şu hata nedeniyle başlatılamadı: 
%%1053
 
Error: (09/07/2015 02:41:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: CyberGhost 5 Client Service hizmetinin bağlanması beklenirken zaman aşımı (30000 milisaniye) oluştu.
 
Error: (09/07/2015 02:40:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: 2:57:10 AM, ‎9/‎7/‎2015 tarihinde gerçekleşen önceki sistem kapanışı beklenmiyordu.
 
Error: (09/07/2015 02:57:27 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: )
Description: Sistem, önemli bir sıcaklık olayı nedeniyle hazırda bekletmeye alındı.
Hazırda Bekleme Zamanı = 2015-09-06T23:57:27.386435700Z
            
ACPI Isı Dilimi = ACPI\ThermalZone\TZ01
            
_HOT = 383K
 
Error: (09/07/2015 02:57:22 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: NT AUTHORITY)
Description: Sistem, önemli bir sıcaklık olayı nedeniyle hazırda bekletmeye alındı.
Hazırda Bekleme Zamanı = 2015-09-06T23:57:22.378826900Z
            
ACPI Isı Dilimi = ACPI\ThermalZone\TZ01
            
_HOT = 383K
 
Error: (09/07/2015 02:57:17 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: NT AUTHORITY)
Description: Sistem, önemli bir sıcaklık olayı nedeniyle hazırda bekletmeye alındı.
Hazırda Bekleme Zamanı = 2015-09-06T23:57:17.371218100Z
            
ACPI Isı Dilimi = ACPI\ThermalZone\TZ01
            
_HOT = 383K
 
 
Microsoft Office:
=========================
Error: (09/07/2015 06:38:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AvastSvc.exe10.3.2225.117255b667acRPCRT4.dll6.1.7601.1893355a69dc8c00200430006246069801d0e9620887fabbC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Windows\system32\RPCRT4.dll6f281d84-5576-11e5-b43a-005056c00008
 
Error: (09/07/2015 06:36:56 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {8bac9ab5-15cf-43e9-94e9-33a21ad773a9}
 
Error: (09/07/2015 05:03:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccunknown0.0.0.000000000c0000005072dda67ee401d0e9622ddf815eC:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exeunknown44f9ea8f-5569-11e5-b43a-005056c00008
 
Error: (09/07/2015 05:03:49 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: CCC.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at ATI.ACE.CLI.Component.Runtime.Runtime.Invoke(Boolean, System.String, Int32, System.String, ATI.ACE.CLI.Foundation.RuntimeInvokeRoutine, System.Object[])
   at ATI.ACE.CLI.Component.Runtime.Runtime.Invoke(System.String, Int32, System.String, ATI.ACE.CLI.Foundation.RuntimeInvokeRoutine, System.Object[])
   at ATI.ACE.CLI.Aspect.PowerXpress.Graphics.Runtime.RT_PowerXpress.InstallScanWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (09/07/2015 02:39:05 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c010c760-4d6b-46a5-aba8-4a53eb5e13f8}
 
Error: (09/07/2015 12:21:30 AM) (Source: MsiInstaller) (EventID: 11706) (User: stq-PC)
Description: Ürün: Microsoft Office 2000 Professional -- Hata 1706. Microsoft Office 2000 Professional ürünü için geçerli bir kaynak bulunamadı.  Windows installer devam edemiyor.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (09/04/2015 11:40:16 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 
 
Error: (09/04/2015 11:39:51 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 
 
Error: (09/04/2015 11:39:41 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 
 
Error: (09/04/2015 11:39:38 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 59%
Total physical RAM: 2468.36 MB
Available physical RAM: 992.06 MB
Total Virtual: 4935.02 MB
Available Virtual: 3194.96 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:295.98 GB) (Free:189.58 GB) NTFS
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.99 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 51691499)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=296 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=2 GB) - (Type=0C)
 
==================== End of Addition.txt ============================


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:57 PM

Posted 07 September 2015 - 11:47 AM

Please do the following:

Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

tdss.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 sarpstacus

sarpstacus
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 07 September 2015 - 11:57 AM

Done as you told Jürgen. Here it is:
19:54:11.0283 0x1054  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
19:54:14.0265 0x1054  ============================================================
19:54:14.0265 0x1054  Current date / time: 2015/09/07 19:54:14.0265
19:54:14.0265 0x1054  SystemInfo:
19:54:14.0265 0x1054  
19:54:14.0265 0x1054  OS Version: 6.1.7601 ServicePack: 1.0
19:54:14.0265 0x1054  Product type: Workstation
19:54:14.0265 0x1054  ComputerName: STQ-PC
19:54:14.0265 0x1054  UserName: stq
19:54:14.0265 0x1054  Windows directory: C:\Windows
19:54:14.0265 0x1054  System windows directory: C:\Windows
19:54:14.0265 0x1054  Processor architecture: Intel x86
19:54:14.0265 0x1054  Number of processors: 4
19:54:14.0265 0x1054  Page size: 0x1000
19:54:14.0265 0x1054  Boot type: Normal boot
19:54:14.0265 0x1054  ============================================================
19:54:16.0314 0x1054  KLMD registered as C:\Windows\system32\drivers\79977401.sys
19:54:16.0548 0x1054  System UUID: {09B6C597-0B2D-9FB0-4AEA-083D454C161D}
19:54:17.0421 0x1054  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:54:17.0421 0x1054  ============================================================
19:54:17.0421 0x1054  \Device\Harddisk0\DR0:
19:54:17.0421 0x1054  MBR partitions:
19:54:17.0421 0x1054  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:54:17.0421 0x1054  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x24FF7800
19:54:17.0421 0x1054  \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x2502A000, BlocksNum 0x400000
19:54:17.0421 0x1054  ============================================================
19:54:17.0452 0x1054  C: <-> \Device\Harddisk0\DR0\Partition2
19:54:17.0499 0x1054  E: <-> \Device\Harddisk0\DR0\Partition3
19:54:17.0499 0x1054  ============================================================
19:54:17.0499 0x1054  Initialize success
19:54:17.0499 0x1054  ============================================================
19:54:50.0619 0x1de4  ============================================================
19:54:50.0619 0x1de4  Scan started
19:54:50.0619 0x1de4  Mode: Manual; SigCheck; TDLFS; 
19:54:50.0619 0x1de4  ============================================================
19:54:50.0619 0x1de4  KSN ping started
19:54:53.0733 0x1de4  KSN ping finished: true
19:54:54.0373 0x1de4  ================ Scan system memory ========================
19:54:54.0373 0x1de4  System memory - ok
19:54:54.0373 0x1de4  ================ Scan services =============================
19:54:54.0560 0x1de4  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:54:54.0685 0x1de4  1394ohci - ok
19:54:54.0731 0x1de4  [ CC1F1D3D70DC13C2C281488D347D4415, 3AB1495F8982C727D02E9975E2E04203B918AFAA7B05B5E7FEB5142EB30D1998 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
19:54:54.0747 0x1de4  Accelerometer - ok
19:54:54.0794 0x1de4  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:54:54.0825 0x1de4  ACPI - ok
19:54:54.0872 0x1de4  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:54:54.0919 0x1de4  AcpiPmi - ok
19:54:55.0028 0x1de4  [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:54:55.0043 0x1de4  AdobeARMservice - ok
19:54:55.0090 0x1de4  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:54:55.0137 0x1de4  adp94xx - ok
19:54:55.0158 0x1de4  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:54:55.0189 0x1de4  adpahci - ok
19:54:55.0236 0x1de4  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:54:55.0251 0x1de4  adpu320 - ok
19:54:55.0282 0x1de4  [ 12E6A172D72AFC626727B8635DD17E39, 33B3D109C39DF6EA86AFC3C89A93657906E981D3D22FF854401BC7326990CC08 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:54:55.0298 0x1de4  AeLookupSvc - ok
19:54:55.0356 0x1de4  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
19:54:55.0407 0x1de4  AFD - ok
19:54:55.0454 0x1de4  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
19:54:55.0469 0x1de4  agp440 - ok
19:54:55.0516 0x1de4  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
19:54:55.0532 0x1de4  aic78xx - ok
19:54:55.0563 0x1de4  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
19:54:55.0579 0x1de4  ALG - ok
19:54:55.0610 0x1de4  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:54:55.0625 0x1de4  aliide - ok
19:54:55.0672 0x1de4  [ 64710E6C92C0D3893EDBDA84FBCD3188, 06FF1242CECA94260E66C00EAFEE6AC338DD500EB35A3F46F7473AEA546922DE ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:54:55.0735 0x1de4  AMD External Events Utility - ok
19:54:55.0750 0x1de4  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
19:54:55.0781 0x1de4  amdagp - ok
19:54:55.0813 0x1de4  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
19:54:55.0828 0x1de4  amdide - ok
19:54:55.0859 0x1de4  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:54:55.0891 0x1de4  AmdK8 - ok
19:54:56.0702 0x1de4  [ 83240DBD6E44CC207B95D1EBB085E3A7, DD29B4F21D22D5DD7DC6F965EEADB40B958934301C74178AC3B0CB2AA59D3808 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:54:57.0456 0x1de4  amdkmdag - ok
19:54:57.0565 0x1de4  [ B6DB3BDF2CF56C60ED497104653B8A5C, 8C48866134828336EE287802B1AE6D419D97D15D71CAD12911255EF5CEFFB5A7 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
19:54:57.0612 0x1de4  amdkmdap - ok
19:54:57.0643 0x1de4  [ 7FF9E050CFC9E814E8503A768A2DE92F, 385F223AD18C044777EC923F6B4D93619EC9491ECAC327A1D2DB3BEE95CF912A ] amdkmpfd        C:\Windows\system32\DRIVERS\amdkmpfd.sys
19:54:57.0658 0x1de4  amdkmpfd - ok
19:54:57.0690 0x1de4  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:54:57.0705 0x1de4  AmdPPM - ok
19:54:57.0736 0x1de4  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:54:57.0752 0x1de4  amdsata - ok
19:54:57.0830 0x1de4  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:54:57.0861 0x1de4  amdsbs - ok
19:54:57.0877 0x1de4  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:54:57.0892 0x1de4  amdxata - ok
19:54:57.0955 0x1de4  [ F05EF173B5229C40EF44D5186DACB60B, 8C3F8ADBA55F7177599E698736DE88DD20E69C32D63C09EA0143D6BF66D08678 ] AndnetBus       C:\Windows\system32\DRIVERS\lgandnetbus.sys
19:54:57.0986 0x1de4  AndnetBus - ok
19:54:58.0017 0x1de4  [ 81F97D8F8B3FB94A451CC6F7CF8B2965, 8DEBA4E47E1016D69740C0BB7CDD23852D86E0D42C1C1EA5A847ECB115C38CB1 ] AppID           C:\Windows\system32\drivers\appid.sys
19:54:58.0048 0x1de4  AppID - ok
19:54:58.0080 0x1de4  [ F5090F8FA6757C58E17BAEAA86093636, 5E14CF3032DF5801240F45C59AA93962EA41AA5648A0C6458D16D9B9D95A131F ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:54:58.0095 0x1de4  AppIDSvc - ok
19:54:58.0142 0x1de4  [ 530195DA0D84D9855020F2B80D6B267F, AB36F05991530437C7B3F25441B13BC085000F07579964A4CCA0BF029DD6DE7E ] Appinfo         C:\Windows\System32\appinfo.dll
19:54:58.0189 0x1de4  Appinfo - ok
19:54:58.0236 0x1de4  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
19:54:58.0267 0x1de4  AppMgmt - ok
19:54:58.0314 0x1de4  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:54:58.0329 0x1de4  arc - ok
19:54:58.0345 0x1de4  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:54:58.0376 0x1de4  arcsas - ok
19:54:58.0454 0x1de4  [ 2FE0D5DB69014980A970D3BF9A85D2B1, 3837F176B0CB7FEA2689D90B50B62F660FE579A5EB1E47C827DFA95596B72D1E ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:54:58.0488 0x1de4  aspnet_state - ok
19:54:58.0549 0x1de4  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:54:58.0596 0x1de4  AsyncMac - ok
19:54:58.0612 0x1de4  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:54:58.0627 0x1de4  atapi - ok
19:54:58.0705 0x1de4  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:54:58.0752 0x1de4  AudioEndpointBuilder - ok
19:54:58.0783 0x1de4  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
19:54:58.0830 0x1de4  Audiosrv - ok
19:54:58.0861 0x1de4  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:54:58.0892 0x1de4  AxInstSV - ok
19:54:58.0924 0x1de4  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
19:54:58.0970 0x1de4  b06bdrv - ok
19:54:59.0002 0x1de4  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
19:54:59.0033 0x1de4  b57nd60x - ok
19:54:59.0080 0x1de4  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
19:54:59.0111 0x1de4  BDESVC - ok
19:54:59.0147 0x1de4  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:54:59.0178 0x1de4  Beep - ok
19:54:59.0256 0x1de4  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
19:54:59.0319 0x1de4  BFE - ok
19:54:59.0365 0x1de4  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\system32\qmgr.dll
19:54:59.0459 0x1de4  BITS - ok
19:54:59.0490 0x1de4  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:54:59.0506 0x1de4  blbdrive - ok
19:54:59.0537 0x1de4  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:54:59.0553 0x1de4  bowser - ok
19:54:59.0568 0x1de4  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:54:59.0615 0x1de4  BrFiltLo - ok
19:54:59.0631 0x1de4  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:54:59.0646 0x1de4  BrFiltUp - ok
19:54:59.0709 0x1de4  [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
19:54:59.0740 0x1de4  BridgeMP - ok
19:54:59.0802 0x1de4  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
19:54:59.0833 0x1de4  Browser - ok
19:54:59.0865 0x1de4  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:54:59.0896 0x1de4  Brserid - ok
19:54:59.0896 0x1de4  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:54:59.0927 0x1de4  BrSerWdm - ok
19:54:59.0927 0x1de4  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:54:59.0958 0x1de4  BrUsbMdm - ok
19:54:59.0958 0x1de4  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:54:59.0989 0x1de4  BrUsbSer - ok
19:54:59.0989 0x1de4  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:55:00.0021 0x1de4  BTHMODEM - ok
19:55:00.0067 0x1de4  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
19:55:00.0114 0x1de4  bthserv - ok
19:55:00.0270 0x1de4  [ FECA9F830A5C6BAB9978E6781A26AE2B, CA1681A2F4FA849815B8E823805E078DB9C050CEE86E9E394B2A37B57CC474A6 ] c2cautoupdatesvc C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
19:55:00.0333 0x1de4  c2cautoupdatesvc - ok
19:55:00.0473 0x1de4  [ 5B33709F7FE59BB625F113EED86AFC5C, 8D29FE242D55526FDEB2CB4009B5DE19C93972E872BE6328AD3305E360A3D44B ] c2cpnrsvc       C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
19:55:00.0567 0x1de4  c2cpnrsvc - ok
19:55:00.0660 0x1de4  catchme - ok
19:55:00.0707 0x1de4  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:55:00.0738 0x1de4  cdfs - ok
19:55:00.0816 0x1de4  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:55:00.0847 0x1de4  cdrom - ok
19:55:00.0894 0x1de4  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:55:00.0941 0x1de4  CertPropSvc - ok
19:55:00.0972 0x1de4  [ 23E65CFFB215D4A2A3DCA8E8A0017E5B, A28772C37BCDE7710600948AA7FAD21EEF01646CC219BD8E3D09B493D2F73243 ] CGVPNCliService C:\Program Files\CyberGhost 5\Service.exe
19:55:01.0003 0x1de4  CGVPNCliService - ok
19:55:01.0019 0x1de4  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:55:01.0050 0x1de4  circlass - ok
19:55:01.0081 0x1de4  [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS            C:\Windows\system32\CLFS.sys
19:55:01.0113 0x1de4  CLFS - ok
19:55:01.0164 0x1de4  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:55:01.0196 0x1de4  clr_optimization_v2.0.50727_32 - ok
19:55:01.0242 0x1de4  [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:55:01.0258 0x1de4  clr_optimization_v4.0.30319_32 - ok
19:55:01.0289 0x1de4  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:55:01.0320 0x1de4  CmBatt - ok
19:55:01.0336 0x1de4  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:55:01.0352 0x1de4  cmdide - ok
19:55:01.0398 0x1de4  [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG             C:\Windows\system32\Drivers\cng.sys
19:55:01.0430 0x1de4  CNG - ok
19:55:01.0476 0x1de4  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:55:01.0492 0x1de4  Compbatt - ok
19:55:01.0508 0x1de4  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:55:01.0539 0x1de4  CompositeBus - ok
19:55:01.0554 0x1de4  COMSysApp - ok
19:55:01.0601 0x1de4  [ 7020F21A81D578BF4A841F877511B5BD, ECDA72E668FDFB836DAEBF64BF06AD0160D584B30AFD68E0B4FD09FF4936B457 ] cphs            C:\Windows\system32\IntelCpHeciSvc.exe
19:55:01.0649 0x1de4  cphs - ok
19:55:01.0674 0x1de4  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:55:01.0690 0x1de4  crcdisk - ok
19:55:01.0737 0x1de4  [ 49474B3E37969AF4B5C076F42B623AFF, BDA6B57E9B60EF1B67C74099263D33A367AAA035667239F76AB8B268FD3E8F23 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:55:01.0768 0x1de4  CryptSvc - ok
19:55:01.0800 0x1de4  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
19:55:01.0846 0x1de4  CSC - ok
19:55:01.0878 0x1de4  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
19:55:01.0924 0x1de4  CscService - ok
19:55:01.0956 0x1de4  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:55:02.0002 0x1de4  DcomLaunch - ok
19:55:02.0034 0x1de4  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
19:55:02.0080 0x1de4  defragsvc - ok
19:55:02.0143 0x1de4  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:55:02.0174 0x1de4  DfsC - ok
19:55:02.0236 0x1de4  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:55:02.0299 0x1de4  Dhcp - ok
19:55:02.0392 0x1de4  [ 7AB2DE012C88870C9274E966EC88AB61, CE2098B152B9C039C29C0573C813BFBF13B2D2E6BEE83985374160884A817133 ] DiagTrack       C:\Windows\system32\diagtrack.dll
19:55:02.0470 0x1de4  DiagTrack - ok
19:55:02.0486 0x1de4  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
19:55:02.0533 0x1de4  discache - ok
19:55:02.0548 0x1de4  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:55:02.0580 0x1de4  Disk - ok
19:55:02.0611 0x1de4  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:55:02.0642 0x1de4  Dnscache - ok
19:55:02.0689 0x1de4  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:55:02.0736 0x1de4  dot3svc - ok
19:55:02.0767 0x1de4  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
19:55:02.0829 0x1de4  DPS - ok
19:55:02.0876 0x1de4  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:55:02.0907 0x1de4  drmkaud - ok
19:55:02.0970 0x1de4  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:55:03.0032 0x1de4  DXGKrnl - ok
19:55:03.0063 0x1de4  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
19:55:03.0110 0x1de4  EapHost - ok
19:55:03.0288 0x1de4  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
19:55:03.0428 0x1de4  ebdrv - ok
19:55:03.0490 0x1de4  [ 3AD57B7A84035A05079226D1DE47E771, 4DABE420AB2CDAA1D7214B2569DA4AF335E49D31731CBE91DC18B450874F494B ] EFS             C:\Windows\System32\lsass.exe
19:55:03.0537 0x1de4  EFS - ok
19:55:03.0615 0x1de4  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:55:03.0662 0x1de4  ehRecvr - ok
19:55:03.0693 0x1de4  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
19:55:03.0709 0x1de4  ehSched - ok
19:55:03.0771 0x1de4  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:55:03.0802 0x1de4  elxstor - ok
19:55:03.0834 0x1de4  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:55:03.0865 0x1de4  ErrDev - ok
19:55:03.0912 0x1de4  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
19:55:03.0958 0x1de4  EventSystem - ok
19:55:03.0990 0x1de4  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
19:55:04.0036 0x1de4  exfat - ok
19:55:04.0052 0x1de4  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:55:04.0099 0x1de4  fastfat - ok
19:55:04.0146 0x1de4  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
19:55:04.0208 0x1de4  Fax - ok
19:55:04.0239 0x1de4  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:55:04.0255 0x1de4  fdc - ok
19:55:04.0286 0x1de4  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
19:55:04.0333 0x1de4  fdPHost - ok
19:55:04.0348 0x1de4  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:55:04.0395 0x1de4  FDResPub - ok
19:55:04.0395 0x1de4  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:55:04.0426 0x1de4  FileInfo - ok
19:55:04.0442 0x1de4  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:55:04.0489 0x1de4  Filetrace - ok
19:55:04.0489 0x1de4  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:55:04.0520 0x1de4  flpydisk - ok
19:55:04.0567 0x1de4  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:55:04.0598 0x1de4  FltMgr - ok
19:55:04.0660 0x1de4  [ 37DE123FE4276D8EC7F3C5B10C236238, 93CA47B9A96D904DD177FC0E04DECDF13756C8FA3C7613913DB4BF29A70ECE96 ] FontCache       C:\Windows\system32\FntCache.dll
19:55:04.0738 0x1de4  FontCache - ok
19:55:04.0818 0x1de4  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:55:04.0833 0x1de4  FontCache3.0.0.0 - ok
19:55:04.0849 0x1de4  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:55:04.0865 0x1de4  FsDepends - ok
19:55:04.0896 0x1de4  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:55:04.0916 0x1de4  Fs_Rec - ok
19:55:04.0948 0x1de4  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:55:04.0979 0x1de4  fvevol - ok
19:55:04.0994 0x1de4  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:55:05.0026 0x1de4  gagp30kx - ok
19:55:05.0072 0x1de4  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:55:05.0135 0x1de4  gpsvc - ok
19:55:05.0202 0x1de4  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
19:55:05.0218 0x1de4  gupdate - ok
19:55:05.0233 0x1de4  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
19:55:05.0249 0x1de4  gupdatem - ok
19:55:05.0296 0x1de4  [ 598E754C162488FD547F91EF33C95202, 84DC308C1C05E3B3F9F260E938CBE9321E08517B92CAC66D6DF3A0F469F23DCA ] hcmon           C:\Windows\system32\drivers\hcmon.sys
19:55:05.0311 0x1de4  hcmon - ok
19:55:05.0327 0x1de4  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:55:05.0358 0x1de4  hcw85cir - ok
19:55:05.0389 0x1de4  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:55:05.0436 0x1de4  HdAudAddService - ok
19:55:05.0483 0x1de4  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:55:05.0514 0x1de4  HDAudBus - ok
19:55:05.0530 0x1de4  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:55:05.0561 0x1de4  HidBatt - ok
19:55:05.0561 0x1de4  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:55:05.0592 0x1de4  HidBth - ok
19:55:05.0608 0x1de4  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:55:05.0639 0x1de4  HidIr - ok
19:55:05.0670 0x1de4  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\System32\hidserv.dll
19:55:05.0717 0x1de4  hidserv - ok
19:55:05.0748 0x1de4  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:55:05.0779 0x1de4  HidUsb - ok
19:55:05.0811 0x1de4  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:55:05.0857 0x1de4  hkmsvc - ok
19:55:05.0904 0x1de4  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:55:05.0935 0x1de4  HomeGroupListener - ok
19:55:05.0967 0x1de4  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:55:05.0998 0x1de4  HomeGroupProvider - ok
19:55:06.0029 0x1de4  [ 4EF10B866C62ABBEAF7511CDD05A19BE, B758DCB9CD8C7E6ED4DEFB666A94B0F749CB86964D2CA9004DF94C5E321F5151 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
19:55:06.0045 0x1de4  hpdskflt - ok
19:55:06.0076 0x1de4  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:55:06.0091 0x1de4  HpSAMD - ok
19:55:06.0091 0x1de4  [ C0BEB56ED79B59B7B33D0AA6C38A0BA6, 8A21DB7B51BF533CBA08640498C132560641244B9218C483E2053502DF88313D ] hpsrv           C:\Windows\system32\Hpservice.exe
19:55:06.0107 0x1de4  hpsrv - ok
19:55:06.0169 0x1de4  [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:55:06.0232 0x1de4  HTTP - ok
19:55:06.0263 0x1de4  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:55:06.0294 0x1de4  hwpolicy - ok
19:55:06.0325 0x1de4  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:55:06.0357 0x1de4  i8042prt - ok
19:55:06.0419 0x1de4  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:55:06.0450 0x1de4  iaStorV - ok
19:55:06.0544 0x1de4  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:55:06.0591 0x1de4  idsvc - ok
19:55:06.0622 0x1de4  IEEtwCollectorService - ok
19:55:06.0793 0x1de4  [ 44984E17657E0DE38714263E6E869682, C48B22218605A9C325DADE99470ED1ECAA34E637D400375528BC11068ED7189A ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
19:55:06.0996 0x1de4  igfx - ok
19:55:07.0074 0x1de4  [ 7D3627AC02B15C753A4CF2F05661E733, 41BCB3325F6824028BCE5056F5A2D2312458CC0FDD95D68A37DDFCB0988C5878 ] igfxCUIService1.0.0.0 C:\Windows\system32\igfxCUIService.exe
19:55:07.0105 0x1de4  igfxCUIService1.0.0.0 - ok
19:55:07.0137 0x1de4  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:55:07.0152 0x1de4  iirsp - ok
19:55:07.0220 0x1de4  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:55:07.0282 0x1de4  IKEEXT - ok
19:55:07.0329 0x1de4  [ 62AB89208E6B830F933004D1688F50B1, EF72CCB7FFF79451DB501076C976272C7963887E4A7029F1E5AFDCFCBEA4714E ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
19:55:07.0360 0x1de4  IntcDAud - ok
19:55:07.0376 0x1de4  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:55:07.0407 0x1de4  intelide - ok
19:55:07.0454 0x1de4  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:55:07.0469 0x1de4  intelppm - ok
19:55:07.0500 0x1de4  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:55:07.0547 0x1de4  IPBusEnum - ok
19:55:07.0578 0x1de4  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:55:07.0625 0x1de4  IpFilterDriver - ok
19:55:07.0688 0x1de4  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:55:07.0750 0x1de4  iphlpsvc - ok
19:55:07.0781 0x1de4  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:55:07.0812 0x1de4  IPMIDRV - ok
19:55:07.0828 0x1de4  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:55:07.0875 0x1de4  IPNAT - ok
19:55:07.0922 0x1de4  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:55:07.0948 0x1de4  IRENUM - ok
19:55:07.0977 0x1de4  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:55:07.0995 0x1de4  isapnp - ok
19:55:08.0009 0x1de4  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:55:08.0040 0x1de4  iScsiPrt - ok
19:55:08.0072 0x1de4  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:55:08.0087 0x1de4  kbdclass - ok
19:55:08.0118 0x1de4  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:55:08.0134 0x1de4  kbdhid - ok
19:55:08.0150 0x1de4  [ 3AD57B7A84035A05079226D1DE47E771, 4DABE420AB2CDAA1D7214B2569DA4AF335E49D31731CBE91DC18B450874F494B ] KeyIso          C:\Windows\system32\lsass.exe
19:55:08.0165 0x1de4  KeyIso - ok
19:55:08.0196 0x1de4  [ 48732BFA0C692BEC15DBBFE754E594C6, A39DD1181CF51534C18C2ECFE02E961363769482BAF9F206E57B014C5B246921 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:55:08.0228 0x1de4  KSecDD - ok
19:55:08.0243 0x1de4  [ 46B1F590C06AF25BCADCCAE0148C2074, 62447A906E5D7D20B3955A1EF99C971F1E0522A7D68C3D2C88EF174A5A5ECD29 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:55:08.0274 0x1de4  KSecPkg - ok
19:55:08.0306 0x1de4  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:55:08.0368 0x1de4  KtmRm - ok
19:55:08.0399 0x1de4  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\System32\srvsvc.dll
19:55:08.0446 0x1de4  LanmanServer - ok
19:55:08.0477 0x1de4  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:55:08.0524 0x1de4  LanmanWorkstation - ok
19:55:08.0571 0x1de4  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:55:08.0618 0x1de4  lltdio - ok
19:55:08.0664 0x1de4  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:55:08.0711 0x1de4  lltdsvc - ok
19:55:08.0727 0x1de4  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:55:08.0774 0x1de4  lmhosts - ok
19:55:08.0805 0x1de4  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:55:08.0820 0x1de4  LSI_FC - ok
19:55:08.0852 0x1de4  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:55:08.0867 0x1de4  LSI_SAS - ok
19:55:08.0883 0x1de4  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:55:08.0898 0x1de4  LSI_SAS2 - ok
19:55:08.0914 0x1de4  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:55:08.0945 0x1de4  LSI_SCSI - ok
19:55:08.0961 0x1de4  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
19:55:09.0008 0x1de4  luafv - ok
19:55:09.0039 0x1de4  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:55:09.0070 0x1de4  Mcx2Svc - ok
19:55:09.0086 0x1de4  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:55:09.0117 0x1de4  megasas - ok
19:55:09.0148 0x1de4  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:55:09.0164 0x1de4  MegaSR - ok
19:55:09.0231 0x1de4  [ 9E0A56C77E9244D2CAAC3811F4B47FCB, 0E70544BBA78DD8E43C5746C064C895A0990373F667A0B6AEA832FBEA2D2B764 ] MEI             C:\Windows\system32\DRIVERS\HECI.sys
19:55:09.0247 0x1de4  MEI - ok
19:55:09.0293 0x1de4  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
19:55:09.0325 0x1de4  MMCSS - ok
19:55:09.0340 0x1de4  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
19:55:09.0387 0x1de4  Modem - ok
19:55:09.0418 0x1de4  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:55:09.0449 0x1de4  monitor - ok
19:55:09.0496 0x1de4  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:55:09.0512 0x1de4  mouclass - ok
19:55:09.0527 0x1de4  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:55:09.0559 0x1de4  mouhid - ok
19:55:09.0574 0x1de4  [ BAD9C0366134BA181514E9263C8CE606, 7976B2D3DC283ACDBC21C7D197C0E2A650E6555F6569283302766B17D736BDB8 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:55:09.0605 0x1de4  mountmgr - ok
19:55:09.0621 0x1de4  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:55:09.0637 0x1de4  mpio - ok
19:55:09.0668 0x1de4  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:55:09.0715 0x1de4  mpsdrv - ok
19:55:09.0777 0x1de4  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:55:09.0839 0x1de4  MpsSvc - ok
19:55:09.0871 0x1de4  [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:55:09.0902 0x1de4  MRxDAV - ok
19:55:09.0949 0x1de4  [ FEDAAB6716B44DE8B9EFC14DD9A26215, 765890CDEADF6851C5C9014D12422733D7E7833690F560B94AE2BE9E7E08F130 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:55:09.0964 0x1de4  mrxsmb - ok
19:55:09.0995 0x1de4  [ 77DD652AB8708CDB55FDB7073B868784, AC88E2BFFE3EC62269216FD1B52DA8D85AFD0AF3E69B7B876F531258977BA372 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:55:10.0027 0x1de4  mrxsmb10 - ok
19:55:10.0042 0x1de4  [ 4ACDB6414918D8920875B00B286E1FBC, 404F5AC75DFD7C5CEF08A8D2FC24CD806941BF2B16FF7BC3BECBEABCBFA1B64A ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:55:10.0073 0x1de4  mrxsmb20 - ok
19:55:10.0089 0x1de4  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:55:10.0105 0x1de4  msahci - ok
19:55:10.0136 0x1de4  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:55:10.0167 0x1de4  msdsm - ok
19:55:10.0198 0x1de4  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
19:55:10.0229 0x1de4  MSDTC - ok
19:55:10.0261 0x1de4  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:55:10.0307 0x1de4  Msfs - ok
19:55:10.0323 0x1de4  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:55:10.0354 0x1de4  mshidkmdf - ok
19:55:10.0385 0x1de4  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:55:10.0401 0x1de4  msisadrv - ok
19:55:10.0432 0x1de4  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:55:10.0479 0x1de4  MSiSCSI - ok
19:55:10.0495 0x1de4  msiserver - ok
19:55:10.0526 0x1de4  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:55:10.0573 0x1de4  MSKSSRV - ok
19:55:10.0573 0x1de4  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:55:10.0619 0x1de4  MSPCLOCK - ok
19:55:10.0619 0x1de4  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:55:10.0666 0x1de4  MSPQM - ok
19:55:10.0682 0x1de4  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:55:10.0713 0x1de4  MsRPC - ok
19:55:10.0744 0x1de4  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:55:10.0760 0x1de4  mssmbios - ok
19:55:10.0775 0x1de4  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:55:10.0822 0x1de4  MSTEE - ok
19:55:10.0822 0x1de4  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:55:10.0853 0x1de4  MTConfig - ok
19:55:10.0869 0x1de4  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:55:10.0885 0x1de4  Mup - ok
19:55:10.0916 0x1de4  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
19:55:10.0978 0x1de4  napagent - ok
19:55:11.0041 0x1de4  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:55:11.0097 0x1de4  NativeWifiP - ok
19:55:11.0164 0x1de4  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:55:11.0211 0x1de4  NDIS - ok
19:55:11.0243 0x1de4  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:55:11.0290 0x1de4  NdisCap - ok
19:55:11.0306 0x1de4  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:55:11.0352 0x1de4  NdisTapi - ok
19:55:11.0368 0x1de4  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:55:11.0415 0x1de4  Ndisuio - ok
19:55:11.0446 0x1de4  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:55:11.0493 0x1de4  NdisWan - ok
19:55:11.0524 0x1de4  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:55:11.0571 0x1de4  NDProxy - ok
19:55:11.0602 0x1de4  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:55:11.0649 0x1de4  NetBIOS - ok
19:55:11.0696 0x1de4  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:55:11.0742 0x1de4  NetBT - ok
19:55:11.0742 0x1de4  [ 3AD57B7A84035A05079226D1DE47E771, 4DABE420AB2CDAA1D7214B2569DA4AF335E49D31731CBE91DC18B450874F494B ] Netlogon        C:\Windows\system32\lsass.exe
19:55:11.0774 0x1de4  Netlogon - ok
19:55:11.0836 0x1de4  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
19:55:11.0898 0x1de4  Netman - ok
19:55:11.0945 0x1de4  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:55:11.0976 0x1de4  NetMsmqActivator - ok
19:55:12.0008 0x1de4  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:55:12.0023 0x1de4  NetPipeActivator - ok
19:55:12.0086 0x1de4  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
19:55:12.0148 0x1de4  netprofm - ok
19:55:12.0257 0x1de4  [ F9DC9001195CB174612B97E18796335A, 0D52DC52786C4A26967801512F4DCFD40E036D32957798B516940E6F032396BA ] netr28          C:\Windows\system32\DRIVERS\netr28.sys
19:55:12.0351 0x1de4  netr28 - ok
19:55:12.0382 0x1de4  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:55:12.0398 0x1de4  NetTcpActivator - ok
19:55:12.0413 0x1de4  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:55:12.0444 0x1de4  NetTcpPortSharing - ok
19:55:12.0491 0x1de4  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:55:12.0522 0x1de4  nfrd960 - ok
19:55:12.0554 0x1de4  [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:55:12.0585 0x1de4  NlaSvc - ok
19:55:12.0616 0x1de4  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:55:12.0663 0x1de4  Npfs - ok
19:55:12.0694 0x1de4  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
19:55:12.0741 0x1de4  nsi - ok
19:55:12.0741 0x1de4  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:55:12.0788 0x1de4  nsiproxy - ok
19:55:12.0866 0x1de4  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:55:12.0944 0x1de4  Ntfs - ok
19:55:12.0975 0x1de4  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
19:55:13.0022 0x1de4  Null - ok
19:55:13.0053 0x1de4  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:55:13.0084 0x1de4  nvraid - ok
19:55:13.0100 0x1de4  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:55:13.0131 0x1de4  nvstor - ok
19:55:13.0162 0x1de4  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:55:13.0193 0x1de4  nv_agp - ok
19:55:13.0240 0x1de4  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:55:13.0261 0x1de4  ohci1394 - ok
19:55:13.0307 0x1de4  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:55:13.0354 0x1de4  p2pimsvc - ok
19:55:13.0370 0x1de4  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:55:13.0417 0x1de4  p2psvc - ok
19:55:13.0432 0x1de4  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:55:13.0463 0x1de4  Parport - ok
19:55:13.0495 0x1de4  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:55:13.0510 0x1de4  partmgr - ok
19:55:13.0541 0x1de4  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
19:55:13.0557 0x1de4  Parvdm - ok
19:55:13.0588 0x1de4  [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:55:13.0635 0x1de4  PcaSvc - ok
19:55:13.0666 0x1de4  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
19:55:13.0682 0x1de4  pci - ok
19:55:13.0713 0x1de4  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
19:55:13.0729 0x1de4  pciide - ok
19:55:13.0775 0x1de4  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:55:13.0807 0x1de4  pcmcia - ok
19:55:13.0822 0x1de4  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:55:13.0838 0x1de4  pcw - ok
19:55:13.0885 0x1de4  [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:55:13.0931 0x1de4  PEAUTH - ok
19:55:14.0009 0x1de4  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
19:55:14.0103 0x1de4  PeerDistSvc - ok
19:55:14.0237 0x1de4  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
19:55:14.0341 0x1de4  pla - ok
19:55:14.0372 0x1de4  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:55:14.0435 0x1de4  PlugPlay - ok
19:55:14.0466 0x1de4  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:55:14.0497 0x1de4  PNRPAutoReg - ok
19:55:14.0528 0x1de4  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:55:14.0560 0x1de4  PNRPsvc - ok
19:55:14.0606 0x1de4  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:55:14.0669 0x1de4  PolicyAgent - ok
19:55:14.0716 0x1de4  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
19:55:14.0762 0x1de4  Power - ok
19:55:14.0794 0x1de4  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:55:14.0840 0x1de4  PptpMiniport - ok
19:55:14.0856 0x1de4  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:55:14.0887 0x1de4  Processor - ok
19:55:14.0918 0x1de4  [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:55:14.0965 0x1de4  ProfSvc - ok
19:55:14.0981 0x1de4  [ 3AD57B7A84035A05079226D1DE47E771, 4DABE420AB2CDAA1D7214B2569DA4AF335E49D31731CBE91DC18B450874F494B ] ProtectedStorage C:\Windows\system32\lsass.exe
19:55:15.0012 0x1de4  ProtectedStorage - ok
19:55:15.0043 0x1de4  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:55:15.0090 0x1de4  Psched - ok
19:55:15.0184 0x1de4  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:55:15.0267 0x1de4  ql2300 - ok
19:55:15.0298 0x1de4  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:55:15.0313 0x1de4  ql40xx - ok
19:55:15.0345 0x1de4  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
19:55:15.0376 0x1de4  QWAVE - ok
19:55:15.0391 0x1de4  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:55:15.0423 0x1de4  QWAVEdrv - ok
19:55:15.0438 0x1de4  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:55:15.0485 0x1de4  RasAcd - ok
19:55:15.0516 0x1de4  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:55:15.0547 0x1de4  RasAgileVpn - ok
19:55:15.0579 0x1de4  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
19:55:15.0625 0x1de4  RasAuto - ok
19:55:15.0672 0x1de4  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:55:15.0703 0x1de4  Rasl2tp - ok
19:55:15.0766 0x1de4  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
19:55:15.0813 0x1de4  RasMan - ok
19:55:15.0844 0x1de4  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:55:15.0891 0x1de4  RasPppoe - ok
19:55:15.0906 0x1de4  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:55:15.0937 0x1de4  RasSstp - ok
19:55:15.0984 0x1de4  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:55:16.0047 0x1de4  rdbss - ok
19:55:16.0062 0x1de4  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:55:16.0078 0x1de4  rdpbus - ok
19:55:16.0109 0x1de4  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:55:16.0156 0x1de4  RDPCDD - ok
19:55:16.0187 0x1de4  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
19:55:16.0218 0x1de4  RDPDR - ok
19:55:16.0265 0x1de4  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:55:16.0296 0x1de4  RDPENCDD - ok
19:55:16.0312 0x1de4  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:55:16.0359 0x1de4  RDPREFMP - ok
19:55:16.0437 0x1de4  [ EAC76854C359D2534B25296AE425410D, B813FFD395AC0B969C56FD8B8D04DF6E72C39C8C2E714B03747A20D5723D58DD ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:55:16.0468 0x1de4  RdpVideoMiniport - ok
19:55:16.0515 0x1de4  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:55:16.0608 0x1de4  RDPWD - ok
19:55:16.0717 0x1de4  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:55:16.0749 0x1de4  rdyboost - ok
19:55:16.0780 0x1de4  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:55:16.0827 0x1de4  RemoteAccess - ok
19:55:16.0858 0x1de4  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:55:16.0905 0x1de4  RemoteRegistry - ok
19:55:16.0920 0x1de4  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:55:16.0967 0x1de4  RpcEptMapper - ok
19:55:16.0983 0x1de4  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
19:55:16.0998 0x1de4  RpcLocator - ok
19:55:17.0029 0x1de4  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
19:55:17.0092 0x1de4  RpcSs - ok
19:55:17.0123 0x1de4  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:55:17.0170 0x1de4  rspndr - ok
19:55:17.0201 0x1de4  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
19:55:17.0248 0x1de4  s3cap - ok
19:55:17.0267 0x1de4  [ 3AD57B7A84035A05079226D1DE47E771, 4DABE420AB2CDAA1D7214B2569DA4AF335E49D31731CBE91DC18B450874F494B ] SamSs           C:\Windows\system32\lsass.exe
19:55:17.0285 0x1de4  SamSs - ok
19:55:17.0316 0x1de4  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:55:17.0332 0x1de4  sbp2port - ok
19:55:17.0363 0x1de4  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:55:17.0425 0x1de4  SCardSvr - ok
19:55:17.0497 0x1de4  [ F65E9CF4E5C98A43BE71854FD75ED2BF, D56591C0207384CF03AD74DE82A18F3F909BF5B496EE869FEF1C2E0AB4C8FAC6 ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
19:55:17.0528 0x1de4  SCDEmu - ok
19:55:17.0544 0x1de4  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:55:17.0591 0x1de4  scfilter - ok
19:55:17.0637 0x1de4  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
19:55:17.0715 0x1de4  Schedule - ok
19:55:17.0731 0x1de4  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:55:17.0778 0x1de4  SCPolicySvc - ok
19:55:17.0825 0x1de4  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:55:17.0871 0x1de4  SDRSVC - ok
19:55:17.0903 0x1de4  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:55:17.0949 0x1de4  secdrv - ok
19:55:17.0981 0x1de4  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
19:55:18.0027 0x1de4  seclogon - ok
19:55:18.0043 0x1de4  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\system32\sens.dll
19:55:18.0090 0x1de4  SENS - ok
19:55:18.0090 0x1de4  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:55:18.0137 0x1de4  SensrSvc - ok
19:55:18.0168 0x1de4  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:55:18.0183 0x1de4  Serenum - ok
19:55:18.0215 0x1de4  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:55:18.0230 0x1de4  Serial - ok
19:55:18.0261 0x1de4  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:55:18.0277 0x1de4  sermouse - ok
19:55:18.0324 0x1de4  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:55:18.0371 0x1de4  SessionEnv - ok
19:55:18.0417 0x1de4  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:55:18.0449 0x1de4  sffdisk - ok
19:55:18.0464 0x1de4  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:55:18.0495 0x1de4  sffp_mmc - ok
19:55:18.0542 0x1de4  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:55:18.0573 0x1de4  sffp_sd - ok
19:55:18.0620 0x1de4  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:55:18.0651 0x1de4  sfloppy - ok
19:55:18.0683 0x1de4  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:55:18.0745 0x1de4  SharedAccess - ok
19:55:18.0776 0x1de4  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:55:18.0823 0x1de4  ShellHWDetection - ok
19:55:18.0870 0x1de4  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
19:55:18.0885 0x1de4  sisagp - ok
19:55:18.0932 0x1de4  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:55:18.0948 0x1de4  SiSRaid2 - ok
19:55:18.0963 0x1de4  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:55:18.0995 0x1de4  SiSRaid4 - ok
19:55:19.0073 0x1de4  [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
19:55:19.0104 0x1de4  SkypeUpdate - ok
19:55:19.0151 0x1de4  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:55:19.0197 0x1de4  Smb - ok
19:55:19.0244 0x1de4  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:55:19.0260 0x1de4  SNMPTRAP - ok
19:55:19.0280 0x1de4  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:55:19.0299 0x1de4  spldr - ok
19:55:19.0330 0x1de4  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
19:55:19.0361 0x1de4  Spooler - ok
19:55:19.0580 0x1de4  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
19:55:19.0751 0x1de4  sppsvc - ok
19:55:19.0845 0x1de4  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:55:19.0876 0x1de4  sppuinotify - ok
19:55:19.0923 0x1de4  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:55:19.0970 0x1de4  srv - ok
19:55:19.0985 0x1de4  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:55:20.0032 0x1de4  srv2 - ok
19:55:20.0063 0x1de4  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:55:20.0079 0x1de4  srvnet - ok
19:55:20.0126 0x1de4  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:55:20.0173 0x1de4  SSDPSRV - ok
19:55:20.0173 0x1de4  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:55:20.0235 0x1de4  SstpSvc - ok
19:55:20.0251 0x1de4  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:55:20.0282 0x1de4  stexstor - ok
19:55:20.0313 0x1de4  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
19:55:20.0360 0x1de4  StiSvc - ok
19:55:20.0391 0x1de4  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
19:55:20.0407 0x1de4  storflt - ok
19:55:20.0438 0x1de4  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
19:55:20.0453 0x1de4  storvsc - ok
19:55:20.0469 0x1de4  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:55:20.0485 0x1de4  swenum - ok
19:55:20.0516 0x1de4  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
19:55:20.0591 0x1de4  swprv - ok
19:55:20.0603 0x1de4  Synth3dVsc - ok
19:55:20.0661 0x1de4  [ 4EE25AC85AFC3FD67D9F57ECDF566FF2, F1BFF1FB655F31B97FA9C6A49D433EFD33D8A35F6B28B4D83E45C27A05A86228 ] SysMain         C:\Windows\system32\sysmain.dll
19:55:20.0759 0x1de4  SysMain - ok
19:55:20.0790 0x1de4  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
19:55:20.0821 0x1de4  TabletInputService - ok
19:55:20.0852 0x1de4  [ 432D9D823C4C26B6070C41BAD4404CE4, 741B41F7467D312AF4CC733EA31F647FBCD06985CBB6A14117E8A87A6F7B06F5 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
19:55:20.0868 0x1de4  tap0901 - ok
19:55:20.0899 0x1de4  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:55:20.0962 0x1de4  TapiSrv - ok
19:55:20.0993 0x1de4  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
19:55:21.0040 0x1de4  TBS - ok
19:55:21.0118 0x1de4  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:55:21.0196 0x1de4  Tcpip - ok
19:55:21.0289 0x1de4  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:55:21.0353 0x1de4  TCPIP6 - ok
19:55:21.0384 0x1de4  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:55:21.0399 0x1de4  tcpipreg - ok
19:55:21.0431 0x1de4  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:55:21.0462 0x1de4  TDPIPE - ok
19:55:21.0493 0x1de4  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:55:21.0524 0x1de4  TDTCP - ok
19:55:21.0555 0x1de4  [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:55:21.0602 0x1de4  tdx - ok
19:55:21.0633 0x1de4  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:55:21.0652 0x1de4  TermDD - ok
19:55:21.0683 0x1de4  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\Windows\System32\termsrv.dll
19:55:21.0746 0x1de4  TermService - ok
19:55:21.0777 0x1de4  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
19:55:21.0808 0x1de4  Themes - ok
19:55:21.0826 0x1de4  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
19:55:21.0872 0x1de4  THREADORDER - ok
19:55:21.0904 0x1de4  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
19:55:21.0950 0x1de4  TrkWks - ok
19:55:22.0013 0x1de4  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:55:22.0060 0x1de4  TrustedInstaller - ok
19:55:22.0091 0x1de4  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:55:22.0106 0x1de4  tssecsrv - ok
19:55:22.0138 0x1de4  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:55:22.0184 0x1de4  TsUsbFlt - ok
19:55:22.0200 0x1de4  tsusbhub - ok
19:55:22.0247 0x1de4  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:55:22.0294 0x1de4  tunnel - ok
19:55:22.0309 0x1de4  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:55:22.0325 0x1de4  uagp35 - ok
19:55:22.0356 0x1de4  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:55:22.0403 0x1de4  udfs - ok
19:55:22.0434 0x1de4  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:55:22.0465 0x1de4  UI0Detect - ok
19:55:22.0512 0x1de4  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:55:22.0528 0x1de4  uliagpkx - ok
19:55:22.0574 0x1de4  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\drivers\umbus.sys
19:55:22.0590 0x1de4  umbus - ok
19:55:22.0621 0x1de4  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:55:22.0652 0x1de4  UmPass - ok
19:55:22.0699 0x1de4  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
19:55:22.0730 0x1de4  UmRdpService - ok
19:55:22.0777 0x1de4  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
19:55:22.0824 0x1de4  upnphost - ok
19:55:22.0871 0x1de4  [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:55:22.0918 0x1de4  usbaudio - ok
19:55:22.0949 0x1de4  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:55:22.0980 0x1de4  usbccgp - ok
19:55:22.0996 0x1de4  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:55:23.0027 0x1de4  usbcir - ok
19:55:23.0058 0x1de4  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:55:23.0074 0x1de4  usbehci - ok
19:55:23.0138 0x1de4  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:55:23.0169 0x1de4  usbhub - ok
19:55:23.0185 0x1de4  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:55:23.0216 0x1de4  usbohci - ok
19:55:23.0263 0x1de4  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:55:23.0278 0x1de4  usbprint - ok
19:55:23.0299 0x1de4  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:55:23.0346 0x1de4  USBSTOR - ok
19:55:23.0408 0x1de4  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:55:23.0424 0x1de4  usbuhci - ok
19:55:23.0455 0x1de4  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
19:55:23.0502 0x1de4  usbvideo - ok
19:55:23.0517 0x1de4  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
19:55:23.0564 0x1de4  UxSms - ok
19:55:23.0580 0x1de4  [ 3AD57B7A84035A05079226D1DE47E771, 4DABE420AB2CDAA1D7214B2569DA4AF335E49D31731CBE91DC18B450874F494B ] VaultSvc        C:\Windows\system32\lsass.exe
19:55:23.0611 0x1de4  VaultSvc - ok
19:55:23.0611 0x1de4  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:55:23.0627 0x1de4  vdrvroot - ok
19:55:23.0673 0x1de4  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
19:55:23.0736 0x1de4  vds - ok
19:55:23.0798 0x1de4  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:55:23.0814 0x1de4  vga - ok
19:55:23.0845 0x1de4  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:55:23.0892 0x1de4  VgaSave - ok
19:55:23.0892 0x1de4  VGPU - ok
19:55:23.0939 0x1de4  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:55:23.0954 0x1de4  vhdmp - ok
19:55:24.0001 0x1de4  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
19:55:24.0017 0x1de4  viaagp - ok
19:55:24.0064 0x1de4  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
19:55:24.0079 0x1de4  ViaC7 - ok
19:55:24.0095 0x1de4  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:55:24.0110 0x1de4  viaide - ok
19:55:24.0173 0x1de4  [ 2D522A381D85A277B5005A108A16E4FC, 6C7758FE5A55F3E6FFF10FB8B38E609190223903E73F6E5077D96D146C3F9AA6 ] VMAuthdService  C:\Program Files\VMware\VMware Player\vmware-authd.exe
19:55:24.0188 0x1de4  VMAuthdService - ok
19:55:24.0235 0x1de4  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
19:55:24.0251 0x1de4  vmbus - ok
19:55:24.0266 0x1de4  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
19:55:24.0298 0x1de4  VMBusHID - ok
19:55:24.0329 0x1de4  [ D644FFEA14778DDA59BDA8492BCED4B6, 5146A0181AEED5727C729DE451B3F2070FF8DD4A0B32AD6BD3DEB42232B5FAE1 ] vmci            C:\Windows\system32\DRIVERS\vmci.sys
19:55:24.0344 0x1de4  vmci - ok
19:55:24.0360 0x1de4  [ BB8308E2D22FD9959CFA172968219942, 26DF8EF7346BEF94C598C1ACF9E69FB076D14B4F34926F952FA795828BC71687 ] vmkbd           C:\Windows\system32\drivers\VMkbd.sys
19:55:24.0391 0x1de4  vmkbd - ok
19:55:24.0422 0x1de4  [ 872DE8E16A2821804D8E4EC76A1E38B4, 346C2EDE1A0AEA3A1B2D4C3066B1AF94FFC00B5D3401E323C0FD46D8D824C563 ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
19:55:24.0438 0x1de4  VMnetAdapter - ok
19:55:24.0469 0x1de4  [ 2ECECADD1F5AE56F297B81F2AC464B03, 6EA6EDE53AE420EF750A14045399AAD77D07C80324C0C60E74127E350C7E7090 ] VMnetBridge     C:\Windows\system32\DRIVERS\vmnetbridge.sys
19:55:24.0485 0x1de4  VMnetBridge - ok
19:55:24.0516 0x1de4  [ AB4E68124161EF07A38E4F4E6221AF2C, 935828FC2E42CEE69A66BE0EA2BB92BE37451D02FF530288CD090853595C8E42 ] VMnetDHCP       C:\Windows\system32\vmnetdhcp.exe
19:55:24.0547 0x1de4  VMnetDHCP - ok
19:55:24.0563 0x1de4  [ EF61588FAED07D76055B89E44F59BD2F, C86105661548820AD9D502CFCBB6DD0FF5396DD87EEF9197C376347B403494D6 ] VMnetuserif     C:\Windows\system32\drivers\vmnetuserif.sys
19:55:24.0578 0x1de4  VMnetuserif - ok
19:55:24.0672 0x1de4  [ 21C8747CF038796D59A5B88A4BAAC7B4, 36BF51A2C299A95C62669C2E0152A5F1EC754DC8CCE615EBBF370F3FD6D019DB ] VMUSBArbService C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
19:55:24.0719 0x1de4  VMUSBArbService - ok
19:55:24.0766 0x1de4  [ 8145DB09B337E674AD909AAB39F58A42, CFB785A4F0ADB48995C5D289CCD79B624AABE1DD4D05F96901A1149519E6E758 ] VMware NAT Service C:\Windows\system32\vmnat.exe
19:55:24.0797 0x1de4  VMware NAT Service - ok
19:55:24.0844 0x1de4  [ BC63B2A23C0CD294250B4A7BA5CFD050, 56AA1DD5F9EC78DA2D3FC5F64AA18CADCCFB01D0C17EF7A261512619BEF1B229 ] vmx86           C:\Windows\system32\Drivers\vmx86.sys
19:55:24.0859 0x1de4  vmx86 - ok
19:55:24.0875 0x1de4  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:55:24.0906 0x1de4  volmgr - ok
19:55:24.0937 0x1de4  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:55:24.0968 0x1de4  volmgrx - ok
19:55:25.0000 0x1de4  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:55:25.0015 0x1de4  volsnap - ok
19:55:25.0062 0x1de4  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:55:25.0078 0x1de4  vsmraid - ok
19:55:25.0109 0x1de4  [ 843081D296F617DDFAE4D70F2564C852, A2F0A31AE740850996E1595E0C21E3365387B049480999ACA8DE2AE5394232E2 ] vsock           C:\Windows\system32\drivers\vsock.sys
19:55:25.0124 0x1de4  vsock - ok
19:55:25.0202 0x1de4  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
19:55:25.0296 0x1de4  VSS - ok
19:55:25.0312 0x1de4  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:55:25.0344 0x1de4  vwifibus - ok
19:55:25.0344 0x1de4  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:55:25.0375 0x1de4  vwififlt - ok
19:55:25.0391 0x1de4  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
19:55:25.0406 0x1de4  vwifimp - ok
19:55:25.0437 0x1de4  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
19:55:25.0500 0x1de4  W32Time - ok
19:55:25.0531 0x1de4  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:55:25.0547 0x1de4  WacomPen - ok
19:55:25.0578 0x1de4  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:55:25.0625 0x1de4  WANARP - ok
19:55:25.0625 0x1de4  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:55:25.0671 0x1de4  Wanarpv6 - ok
19:55:25.0734 0x1de4  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
19:55:25.0827 0x1de4  wbengine - ok
19:55:25.0890 0x1de4  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:55:25.0937 0x1de4  WbioSrvc - ok
19:55:25.0968 0x1de4  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:55:26.0015 0x1de4  wcncsvc - ok
19:55:26.0046 0x1de4  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:55:26.0077 0x1de4  WcsPlugInService - ok
19:55:26.0093 0x1de4  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:55:26.0124 0x1de4  Wd - ok
19:55:26.0171 0x1de4  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:55:26.0217 0x1de4  Wdf01000 - ok
19:55:26.0249 0x1de4  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:55:26.0280 0x1de4  WdiServiceHost - ok
19:55:26.0280 0x1de4  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:55:26.0311 0x1de4  WdiSystemHost - ok
19:55:26.0342 0x1de4  [ 55C70654420DBF429604FD567E6F3CD3, 22191B049BCA76EF13AEDF8078E452E6B35E998A75AD63F14C542B541EA9F67D ] WebClient       C:\Windows\System32\webclnt.dll
19:55:26.0405 0x1de4  WebClient - ok
19:55:26.0436 0x1de4  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:55:26.0483 0x1de4  Wecsvc - ok
19:55:26.0498 0x1de4  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:55:26.0545 0x1de4  wercplsupport - ok
19:55:26.0576 0x1de4  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
19:55:26.0623 0x1de4  WerSvc - ok
19:55:26.0639 0x1de4  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:55:26.0685 0x1de4  WfpLwf - ok
19:55:26.0701 0x1de4  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:55:26.0732 0x1de4  WIMMount - ok
19:55:26.0826 0x1de4  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
19:55:26.0887 0x1de4  WinDefend - ok
19:55:26.0918 0x1de4  WinHttpAutoProxySvc - ok
19:55:26.0981 0x1de4  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:55:27.0029 0x1de4  Winmgmt - ok
19:55:27.0107 0x1de4  [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:55:27.0185 0x1de4  WinRM - ok
19:55:27.0248 0x1de4  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:55:27.0279 0x1de4  WinUsb - ok
19:55:27.0331 0x1de4  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:55:27.0393 0x1de4  Wlansvc - ok
19:55:27.0440 0x1de4  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:55:27.0456 0x1de4  WmiAcpi - ok
19:55:27.0487 0x1de4  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:55:27.0518 0x1de4  wmiApSrv - ok
19:55:27.0612 0x1de4  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
19:55:27.0690 0x1de4  WMPNetworkSvc - ok
19:55:27.0721 0x1de4  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:55:27.0752 0x1de4  WPCSvc - ok
19:55:27.0783 0x1de4  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:55:27.0814 0x1de4  WPDBusEnum - ok
19:55:27.0846 0x1de4  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:55:27.0892 0x1de4  ws2ifsl - ok
19:55:27.0924 0x1de4  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\system32\wscsvc.dll
19:55:27.0986 0x1de4  wscsvc - ok
19:55:28.0033 0x1de4  WsDrvInst - ok
19:55:28.0033 0x1de4  WSearch - ok
19:55:28.0251 0x1de4  [ A7A67674E51F2B050AAC4C477297EEE2, FA6DA2AA7869A99AB3D19509D7F2411E5E2C9ADB6D8DB97D7B8FAF1F6E160687 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:55:28.0392 0x1de4  wuauserv - ok
19:55:28.0423 0x1de4  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:55:28.0454 0x1de4  WudfPf - ok
19:55:28.0501 0x1de4  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:55:28.0532 0x1de4  WUDFRd - ok
19:55:28.0548 0x1de4  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:55:28.0579 0x1de4  wudfsvc - ok
19:55:28.0610 0x1de4  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:55:28.0672 0x1de4  WwanSvc - ok
19:55:28.0719 0x1de4  ================ Scan global ===============================
19:55:28.0750 0x1de4  [ 5E7C5DE85AF978495C3A9A0B720B9811, 142CDEBED78E3BAEE8D2DBF6A97CE26313932024010548EC2E570CAE480AF7C3 ] C:\Windows\system32\basesrv.dll
19:55:28.0782 0x1de4  [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\Windows\system32\winsrv.dll
19:55:28.0813 0x1de4  [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\Windows\system32\winsrv.dll
19:55:28.0844 0x1de4  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
19:55:28.0891 0x1de4  [ 0780A42DBD7D9969F9BF4A19AA4285B5, 8EA41124A4E97732C5DAA616457FBA7111CB38986F3427FA776ED00BC1407171 ] C:\Windows\system32\services.exe
19:55:28.0906 0x1de4  [ Global ] - ok
19:55:28.0906 0x1de4  ================ Scan MBR ==================================
19:55:28.0922 0x1de4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:55:29.0234 0x1de4  \Device\Harddisk0\DR0 - ok
19:55:29.0234 0x1de4  ================ Scan VBR ==================================
19:55:29.0250 0x1de4  [ DCEC687D01B9A5B542E622C39A7664C6 ] \Device\Harddisk0\DR0\Partition1
19:55:29.0250 0x1de4  \Device\Harddisk0\DR0\Partition1 - ok
19:55:29.0265 0x1de4  [ C9801A4C2B9F20140519737B41322A7D ] \Device\Harddisk0\DR0\Partition2
19:55:29.0265 0x1de4  \Device\Harddisk0\DR0\Partition2 - ok
19:55:29.0296 0x1de4  [ 6C74E5305F941BE7CF5BACE3100EC8C4 ] \Device\Harddisk0\DR0\Partition3
19:55:29.0296 0x1de4  \Device\Harddisk0\DR0\Partition3 - ok
19:55:29.0296 0x1de4  ================ Scan generic autorun ======================
19:55:29.0411 0x1de4  [ 1A8E60B5D28A1BE5E0F1681DE005F27F, 61BADC438CD6537D5E564F85A8526940FAC7D2BA0291E4ADBFC0FDA0B0D60B33 ] C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe
19:55:29.0473 0x1de4  StartCCC - ok
19:55:29.0504 0x1de4  [ 6FF2721124AEAEC319740A0D0FEC19F1, 79DB5A5FE98D6D2231A9053247507D9F6C45E3A4614E19695FC281E9B98CC4E0 ] C:\PROGRA~1\Raptr\raptrstub.exe
19:55:29.0520 0x1de4  Raptr - ok
19:55:29.0582 0x1de4  [ B4B897A882333BE66B5C8C81699DC846, 61DB3F3501BE3BF662A0AB50882100E5B0103B2CEFA3EFEF359AAF12D25C67FC ] C:\Program Files\PowerISO\PWRISOVM.EXE
19:55:29.0613 0x1de4  PWRISOVM.EXE - ok
19:55:29.0645 0x1de4  [ 51138BEEA3E2C21EC44D0932C71762A8, 5AD3C37E6F2B9DB3EE8B5AEEDC474645DE90C66E3D95F8620C48102F1EBA4124 ] C:\Windows\system32\rundll32.exe
19:55:29.0676 0x1de4  Logitech Download Assistant - ok
19:55:29.0769 0x1de4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\sidebar.exe
19:55:29.0847 0x1de4  Sidebar - ok
19:55:30.0099 0x1de4  [ F34001FB7E4EA94D404339CD8B15D84C, 7E76FD43729CE6B6F29C2ED4F6B41BE3232390D9E6224F65AB506C0846BB557D ] C:\Users\stq\AppData\Roaming\Spotify\SpotifyWebHelper.exe
19:55:30.0208 0x1de4  Spotify Web Helper - ok
19:55:30.0302 0x1de4  [ 16E1EA189D721E60D17D1BC8E0392702, F9B8B1EFCF5C0D12FC444EE1D910CE5342814BEA83F9E221F8931E0F28AAE569 ] C:\Program Files\Google\Chrome\Application\chrome.exe
19:55:30.0348 0x1de4  GoogleChromeAutoLaunch_E4367A6D867C2E6B9B1A2DE5C3DCCC3D - ok
19:55:30.0348 0x1de4  Waiting for KSN requests completion. In queue: 64
19:55:31.0349 0x1de4  Waiting for KSN requests completion. In queue: 64
19:55:32.0350 0x1de4  Waiting for KSN requests completion. In queue: 64
19:55:33.0352 0x1de4  Waiting for KSN requests completion. In queue: 64
19:55:34.0418 0x1de4  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.3.2225.1172 ), 0x41000 ( enabled : updated )
19:55:34.0449 0x1de4  Win FW state via NFP2: enabled ( trusted )
19:55:37.0528 0x1de4  ============================================================
19:55:37.0528 0x1de4  Scan finished
19:55:37.0528 0x1de4  ============================================================
19:55:37.0528 0x12f8  Detected object count: 0
19:55:37.0528 0x12f8  Actual detected object count: 0


#8 sarpstacus

sarpstacus
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 07 September 2015 - 12:34 PM

I also want to state something pretty important. My computer involves a lot of sensitive data for me. Their deletion, that I can handle. But if they are stolen, it might be a HUGE problem for me. This is why I wanted to learn if it is possible to tell if I'm infected. Right now, to know if I'm infected or not (by some software that can steal stuff from my PC or take screenshots) is almost as important as cleaning them for me. So if it is possible to tell it, or if you're suspected of such a thing based on your review of the logs, I'd really appreciate it a lot if you tell it Jürgen. Danke!



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:57 PM

Posted 07 September 2015 - 12:43 PM

(by some software that can steal stuff from my PC or take screenshots) is almost as important as cleaning them for me. So if it is possible to tell it, or if you're suspected of such a thing based on your review of the logs, I'd really appreciate it a lot if you tell it Jürgen. Danke!

 

Based on the scan results until now,  I don't see an indication that your computer is infected.

 

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:

settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.

esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 sarpstacus

sarpstacus
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 07 September 2015 - 02:35 PM

Hello Jürgen. I'm still running ESET and it took pretty long. That's why I stopped replying. First of all I want to thank you a lot for your answer. Because not only does my CPU lock upto %100 sometimes, it also gets pretty laggy and leads upto shutting itself down (due overheating/especially during Skype). I kinda figured overheating might be caused by CPU locking to %100 but I couldn't find a logical reason for it to do so. So first thing to cross my mind was of course being infected. But so far it looks so good. Maybe I should take it to a spec for cleaning the ventilation. I'll post the logs once it is done. Again, thanks for help!



#11 sarpstacus

sarpstacus
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 07 September 2015 - 02:39 PM

Here's ESET log:
 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=a2e7b8a46ece1d4e89f841a03f01ebef
# end=init
# utc_time=2015-09-07 06:09:18
# local_time=2015-09-07 09:09:18 (+0200, GTB Yaz Saati)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Init
Update Download
Update Finalize
Updated modules version: 25646
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=a2e7b8a46ece1d4e89f841a03f01ebef
# end=updated
# utc_time=2015-09-07 06:12:19
# local_time=2015-09-07 09:12:19 (+0200, GTB Yaz Saati)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=a2e7b8a46ece1d4e89f841a03f01ebef
# engine=25646
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-09-07 07:36:27
# local_time=2015-09-07 10:36:27 (+0200, GTB Yaz Saati)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 13541 193285778 0 0
# scanned=132262
# found=5
# cleaned=0
# scan_time=5047
sh=4B4A4011537CCA817795DB11A99C4F9807303D51 ft=1 fh=ae08d5900fc18963 vn="a variant of Win32/HackTool.Crack.CX potentially unsafe application" ac=I fn="C:\Program Files\Sports Interactive\Football Manager 2015\3dm_ceg.dll"
sh=9039B78C2DFEE0CD90AB7F6EF569C929C0431588 ft=1 fh=eec10bb4fb065aca vn="a variant of Win32/Adware.SpeedingUpMyPC.AH application" ac=I fn="C:\Users\remzi\Downloads\DriverDownloader.exe"
sh=9B270BE1FD4C1EDB289D58E91589C7F7647D7B1A ft=1 fh=1d8be44095b89823 vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\stq\AppData\Roaming\BitTorrent\updates\7.9.3_40299.exe"
sh=9B270BE1FD4C1EDB289D58E91589C7F7647D7B1A ft=1 fh=1d8be44095b89823 vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\stq\Downloads\BitTorrent.exe"
sh=FA90DE8E3AE78B73FF3192CA5F0782DC51805141 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.CX potentially unsafe application" ac=I fn="C:\Users\stq\Downloads\Football Manager 2015 v15.1.3 _.7z"


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:57 PM

Posted 08 September 2015 - 02:27 AM

Looking good, ESET hasn't found any active malware.

 

 

Maybe I should take it to a spec for cleaning the ventilation.

 

Yes, that's a good idea. I think the issue isn't related to malware.


goGMWSt.gifCRACKED SOFTWARE WARNING

Participating in the use of cracked/pirated/keygen software is not only illegal but also a security risk.

Malware authors promote and release cracked software to spread their infections. I strongly recommend you refrain from participating in this activity; your computer will be repeatedly infected otherwise. Simply visiting a cracked software site can result in infection via drive-by exploits of vulnerable software.

Cracked software will make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to reformat your Hard Drive and reinstall your Operating System. Please read the following articles for more information.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 sarpstacus

sarpstacus
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 08 September 2015 - 06:23 AM

Hello Jürgen! Thanks for your answers a lot. After realizing that my computer gets glitchy when I move it around too quickly, I started to believe the problem is hardware-centered. Probably something with motherboard or memory slots. Gonna get it to a spec as soon as I can. Glad to know it is infection-free since that'd be a BIG problem for me. Dankeschön a lot for your help and have a nice day!



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:57 PM

Posted 08 September 2015 - 11:16 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users