Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by Svchost.exe and trojan


  • This topic is locked This topic is locked
45 replies to this topic

#1 btoasty

btoasty

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 02 December 2015 - 08:49 AM

Hello,

 

So 28 november I downloaded this program, called extreme-talk. They said it was a VoIP Program but after downloading it my task manager stopped working. (When I opened it, it automatically closed after 0.5-1.0 second). I fixed this by using /taskkill ExtremeTalk_Installer.exe /f /t. So now taskmanager started working again. 

 

But I'm afraid it has already found its way into my laptop and I am concerned about a keylogger of some sort tracking everything I do. I found 2 fake svchost.exe processes and terminated them and stopped them from booting up and start-up (both with taskmanager) and continued to use Hitmanpro and Adwcleaner and JRT.exe and such to clean my computer. I thought it was fine, but now I found .crusader in my system. (Its path is Windows/System32/.crusader, it is 9 kB and is dated from 28 november, which is why I am concerned). 

 

So my question is, if someone could help me clean my laptop from viruses and trojans, because even though I think it should be fine, I can't be entirely sure and thus, need some help from true experts. I also noticed my laptop takes longer to get to the point of logging in, although this could be because I'm running avast before any windows file now and am using DeepScreen mode and Aggresive Hardened Mode.

 

Thanks for reading and I hope someone can assist me on this journey :).

 

 

FRST scan log:

 

Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie:01-12-2015
Gestart door Gebruiker (Beheerder) op HSUKANG (02-12-2015 15:04:18)
Gestart vanaf C:\Users\Gebruiker\Downloads
Geladen Profielen: Gebruiker (Beschikbare Profielen: Gebruiker)
Platform: Windows 8.1 (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: Chrome)
Boot Modus: Normal
 
==================== Processen (gefilterd) =================
 
(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)
 
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Farbar) C:\Users\Gebruiker\Downloads\FRST64 (2).exe
 
 
==================== Register (gefilterd) ===========================
 
(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7660760 2015-02-17] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2015-02-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-02] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-29] (AVAST Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36713096 2015-11-05] (Dropbox, Inc.)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-06-18] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2293568898-1098462975-301995803-1002\...\Run: [Octoshape Streaming Services] => C:\Users\Gebruiker\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS)
HKU\S-1-5-21-2293568898-1098462975-301995803-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Gebruiker\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2293568898-1098462975-301995803-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-10] (Valve Corporation)
HKU\S-1-5-21-2293568898-1098462975-301995803-1002\...\MountPoints2: F - "F:\autorun.exe" 
HKU\S-1-5-18\...\Run: [Advanced SystemCare 8] => "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-29] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
 
==================== Internet (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{980B7BF3-F747-411B-83AE-9CB2DA47CA5D}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON14/8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON14/8
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON14/8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON14/8
HKU\S-1-5-21-2293568898-1098462975-301995803-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-2293568898-1098462975-301995803-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {08F5DA91-7A56-4A1E-80EE-1909A2C4B38D} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/1346-154357-12126-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/1346-154357-12126-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2293568898-1098462975-301995803-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-06-07] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-29] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-06-07] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-02] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-29] (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-02] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  Geen bestand
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-15] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-06-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-06-07] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [Geen bestand]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-03-11] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-02] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [Geen bestand]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-05-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2293568898-1098462975-301995803-1002: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Gebruiker\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1503240-0-npoctoshape.dll [2015-03-24] (Octoshape ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Gebruiker\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-06-05] (Octoshape ApS)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-29]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-11-29]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => niet gevonden
 
Chrome: 
=======
CHR Profile: C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (OkayFreedom) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\bckipplcmnfhblnpibpbehenelnkpecd [2015-07-13]
CHR Extension: (Adblock Plus) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-24]
CHR Extension: (AdBlock) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-24]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-11-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-29]
 
==================== Services (gefilterd) ========================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-29] (AVAST Software)
S4 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [Bestand niet getekend]
S3 celavimushost; C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [123608 2015-06-05] (altPUG LLC)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-10-18] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-10-18] (CyberLink)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-07] (Dropbox, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-12] (NVIDIA Corporation)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [Bestand niet getekend]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-12] (NVIDIA Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [Bestand niet getekend]
S4 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [99616 2014-03-05] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-06-03] ()
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2015-02-17] (Realtek Semiconductor)
S4 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4250624 2015-02-03] (A-Volute) [Bestand niet getekend]
S4 Survarium Update Service; C:\Program Files (x86)\Survarium\game\binaries\x86\survarium_service.exe [76408 2014-07-09] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2015-02-17] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-30] (Microsoft Corporation)
 
===================== Drivers (gefilterd) ==========================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-11-29] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-11-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-11-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-11-29] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [154256 2015-11-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-11-29] (AVAST Software)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 cfwids; C:\Windows\system32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 cpuz135; C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [24368 2012-08-11] (CPUID)
S3 EagleX64; geen ImagePath
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-02-17] (LogMeIn Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-02-16] (REALiX™)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-02] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2015-02-17] (Intel Corporation)
S3 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\system32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
U5 mfencbdc; C:\Windows\System32\Drivers\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [40664 2014-03-10] (The OpenVPN Project)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1205448 2015-02-17] (Ralink Technology, Corp.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [788696 2015-02-17] (Realsil Semiconductor Corporation)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [40640 2015-02-09] (Windows ® Win 7 DDK provider)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2015-02-17] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-03-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-03-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-30] (Microsoft Corporation)
S3 WinRing0_1_2_0; geen ImagePath
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S4 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
R1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
 
==================== NetSvcs (gefilterd) ===================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
 
==================== Een Maand Aangemaakt bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2015-12-02 15:04 - 2015-12-02 15:04 - 00032173 _____ C:\Users\Gebruiker\Downloads\FRST.txt
2015-12-02 15:04 - 2015-12-02 15:04 - 00000000 ____D C:\FRST
2015-12-02 15:03 - 2015-12-02 15:03 - 02350080 _____ (Farbar) C:\Users\Gebruiker\Downloads\FRST64 (2).exe
2015-12-02 15:01 - 2015-12-02 15:01 - 02350080 _____ (Farbar) C:\Users\Gebruiker\Downloads\FRST64 (1).exe
2015-12-02 14:59 - 2015-12-02 14:59 - 02350080 _____ (Farbar) C:\Users\Gebruiker\Downloads\FRST64.exe
2015-12-01 15:33 - 2015-12-02 14:38 - 00001080 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-01 15:33 - 2015-12-02 14:19 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-01 14:59 - 2015-12-01 14:59 - 00000123 _____ C:\Windows\ZAM_Guard.krnl.trace
2015-11-29 14:23 - 2015-11-29 14:23 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Gebruiker\Downloads\iExplore (1).exe
2015-11-29 14:21 - 2015-11-29 14:21 - 00000000 ____D C:\EEK
2015-11-29 14:16 - 2015-11-29 14:21 - 170275104 _____ C:\Users\Gebruiker\Downloads\EmsisoftEmergencyKit (1).exe
2015-11-29 14:01 - 2015-11-29 14:03 - 00260772 _____ C:\TDSSKiller.3.1.0.6_29.11.2015_14.01.49_log.txt
2015-11-29 14:01 - 2015-11-29 14:01 - 04376066 _____ C:\Users\Gebruiker\Downloads\tdsskiller.zip
2015-11-29 13:41 - 2015-11-29 13:41 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-11-29 13:40 - 2015-11-29 13:40 - 00224968 _____ (ESET) C:\Users\Gebruiker\Downloads\ESETPoweliksCleaner (1).exe
2015-11-29 13:40 - 2015-11-29 13:40 - 00000022 _____ C:\Users\Gebruiker\Downloads\ESETPoweliksCleaner (1).exe_20151129.134022.8760.zip
2015-11-29 13:26 - 2015-12-01 15:09 - 00000000 ____D C:\Users\Gebruiker\AppData\Local\CrashDumps
2015-11-29 13:23 - 2015-11-29 13:23 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-11-29 13:23 - 2015-11-29 13:22 - 00449992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-11-29 13:23 - 2015-11-29 13:22 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-11-29 13:23 - 2015-11-29 13:22 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-11-29 13:23 - 2015-11-29 13:22 - 00154256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-11-29 13:23 - 2015-11-29 13:22 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-11-29 13:23 - 2015-11-29 13:22 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-11-29 13:23 - 2015-11-29 13:22 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-11-29 13:23 - 2015-11-29 13:22 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-11-29 13:23 - 2015-11-29 13:21 - 01059656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-11-29 13:22 - 2015-11-29 13:22 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-11-29 13:21 - 2015-11-29 13:22 - 00606643 _____ C:\Users\Gebruiker\Downloads\Autoruns.zip
2015-11-29 12:52 - 2015-11-29 12:53 - 11230592 _____ (Enigma Software Group USA, LLC.) C:\Users\Gebruiker\Downloads\RegHunter-Installer.exe
2015-11-29 12:46 - 2015-11-29 12:46 - 00000000 _____ C:\autoexec.bat
2015-11-29 12:43 - 2015-11-29 12:43 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Gebruiker\Downloads\SpyHunter-Installer.exe
2015-11-29 01:19 - 2015-11-29 01:19 - 00991232 _____ C:\Users\Gebruiker\Downloads\MicrosoftFixit50267.msi
2015-11-29 00:13 - 2015-12-01 14:59 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2015-11-29 00:13 - 2015-11-29 12:42 - 00146981 _____ C:\Windows\ZAM.krnl.trace
2015-11-29 00:12 - 2015-11-29 00:13 - 05708792 _____ ( ) C:\Users\Gebruiker\Downloads\Zemana.AntiMalware.Setup (1).exe
2015-11-29 00:07 - 2015-11-29 14:35 - 00000000 ____D C:\AdwCleaner
2015-11-29 00:07 - 2015-11-29 00:07 - 05708792 _____ ( ) C:\Users\Gebruiker\Downloads\Zemana.AntiMalware.Setup.exe
2015-11-29 00:06 - 2015-11-29 00:06 - 01733632 _____ C:\Users\Gebruiker\Downloads\AdwCleaner.exe
2015-11-28 23:38 - 2015-11-29 13:34 - 00000000 _____ C:\Windows\system32\RzSurroundVADAudioDeviceManager_log.txt
2015-11-28 23:25 - 2015-11-28 23:26 - 11320518 _____ C:\Users\Gebruiker\Downloads\EmsisoftEmergencyKit.exe
2015-11-28 23:15 - 2015-12-01 14:59 - 00000000 ____D C:\Windows\SysWOW64\ZALSDK_uninst
2015-11-28 23:15 - 2015-11-29 00:13 - 00000000 ____D C:\Users\Gebruiker\AppData\Local\Zemana
2015-11-28 23:15 - 2014-12-30 13:31 - 07039960 _____ (Zemana Ltd.) C:\Windows\SysWOW64\ZALSDKCore.dll
2015-11-28 23:12 - 2015-11-28 23:13 - 14739888 _____ (Zemana Ltd. ) C:\Users\Gebruiker\Downloads\Zemana_AntiLogger_1.9.3.602.exe
2015-11-28 22:35 - 2015-11-28 22:35 - 00000000 ____D C:\ProgramData\RogueKiller
2015-11-28 22:34 - 2015-11-28 22:35 - 23719496 _____ C:\Users\Gebruiker\Downloads\RogueKillerX64.exe
2015-11-28 22:30 - 2015-11-28 22:30 - 00008602 _____ C:\Windows\system32\.crusader
2015-11-28 22:12 - 2015-11-28 22:12 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Gebruiker\Downloads\iExplore.exe
2015-11-28 21:43 - 2015-11-28 22:31 - 00000000 ____D C:\ProgramData\HitmanPro
2015-11-28 21:43 - 2015-11-28 21:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-11-28 21:43 - 2015-11-28 21:43 - 00000000 ____D C:\Program Files\HitmanPro
2015-11-28 21:42 - 2015-11-28 21:42 - 11337112 _____ (SurfRight B.V.) C:\Users\Gebruiker\Downloads\HitmanPro_x64.exe
2015-11-28 21:39 - 2015-11-28 21:39 - 00224968 _____ (ESET) C:\Users\Gebruiker\Downloads\ESETPoweliksCleaner.exe
2015-11-28 21:39 - 2015-11-28 21:39 - 00000022 _____ C:\Users\Gebruiker\Downloads\ESETPoweliksCleaner.exe_20151128.213930.200628.zip
2015-11-28 21:23 - 2015-11-28 21:23 - 01211904 _____ (Mozilla Corporation) C:\Users\Gebruiker\Downloads\ExtremeTalk_Install (2).exe
2015-11-28 21:06 - 2015-11-28 21:06 - 01686759 _____ C:\Users\Gebruiker\Downloads\PSTools.zip
2015-11-28 20:45 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-28 20:45 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-28 20:44 - 2015-11-28 20:46 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\2E2C72DC.sys
2015-11-28 20:41 - 2015-11-28 20:41 - 01211904 _____ (Mozilla Corporation) C:\Users\Gebruiker\Downloads\ExtremeTalk_Install (1).exe
2015-11-28 20:37 - 2015-11-28 20:37 - 01211904 _____ (Mozilla Corporation) C:\Users\Gebruiker\Downloads\ExtremeTalk_Install.exe
2015-11-27 19:14 - 2015-11-27 19:14 - 05772872 _____ C:\Users\Gebruiker\Downloads\raidcall-7-3-6-es-en-br-de-win (1).exe
2015-11-27 19:07 - 2015-11-27 19:07 - 00000006 ____S C:\ProgramData\9efb7a7a9a24c0af0afd85cc8f3dd601aff66bcb
2015-11-27 18:59 - 2015-11-27 18:59 - 06046176 _____ C:\Users\Gebruiker\Downloads\raidcall_v8.1.8 (5).exe
2015-11-27 18:54 - 2015-11-27 18:54 - 06046176 _____ C:\Users\Gebruiker\Downloads\raidcall_v8.1.8 (2).exe
2015-11-27 18:50 - 2015-11-27 18:50 - 05772872 _____ C:\Users\Gebruiker\Downloads\raidcall-7-3-6-es-en-br-de-win.exe
2015-11-27 18:46 - 2015-11-27 19:06 - 00000000 ____D C:\Program Files (x86)\RaidCall.RU
2015-11-27 18:46 - 2015-11-27 18:59 - 00000000 ____D C:\Users\Gebruiker\AppData\LocalLow\RCTW
2015-11-27 18:46 - 2015-11-27 18:46 - 06046176 _____ C:\Users\Gebruiker\Downloads\raidcall_v8.1.8 (1).exe
2015-11-27 18:46 - 2015-11-27 18:46 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\RCTW
2015-11-27 18:45 - 2015-11-27 18:45 - 06046176 _____ C:\Users\Gebruiker\Downloads\raidcall_v8.1.8.exe
2015-11-22 20:34 - 2015-11-22 20:35 - 31017664 _____ (TeamSpeak Systems GmbH) C:\Users\Gebruiker\Downloads\TeamSpeak3-Client-win64-3.0.18.2.exe
2015-11-21 18:55 - 2015-11-21 18:55 - 00000000 ____D C:\Users\Gebruiker\AppData\Local\GWX
2015-11-18 20:23 - 2015-11-26 20:36 - 00000000 ____D C:\Users\Gebruiker\Documents\Euro Truck Simulator 2
2015-11-10 16:42 - 2015-11-10 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-05 19:03 - 2015-11-06 15:14 - 00000364 _____ C:\Windows\Tasks\HPCeeScheduleForGebruiker.job
2015-11-05 19:03 - 2015-11-05 19:03 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForGebruiker
2015-11-05 15:04 - 2015-11-05 15:04 - 00150783 _____ C:\Users\Gebruiker\Downloads\uit_je_hoofdleertabellen_havo-vwo.pdf
2015-11-04 22:27 - 2015-11-04 22:27 - 00224216 _____ C:\Users\Gebruiker\Downloads\Orderbevestiging Spoordeelwinkel 10170850.zip
 
==================== Een Maand Gewijzigd bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2015-12-02 15:04 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2015-12-02 15:01 - 2014-04-23 14:10 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-02 14:56 - 2014-04-24 16:11 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-02 14:40 - 2015-06-07 18:29 - 00001036 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-12-02 14:23 - 2015-07-29 19:37 - 00000000 ____D C:\Users\Gebruiker\Documents\Registry Backup (CCleaner)
2015-12-02 14:21 - 2014-04-23 13:47 - 00000000 __RDO C:\Users\Gebruiker\SkyDrive
2015-12-02 14:19 - 2015-06-07 18:29 - 00001032 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-12-01 23:01 - 2014-04-23 12:58 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\TS3Client
2015-12-01 20:09 - 2014-04-18 16:21 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2293568898-1098462975-301995803-1002
2015-12-01 15:33 - 2014-04-23 11:41 - 00004052 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-01 15:33 - 2014-04-23 11:41 - 00003816 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-01 15:15 - 2014-04-23 13:55 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\uTorrent
2015-12-01 15:09 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2015-11-29 14:44 - 2014-01-21 23:26 - 00842236 _____ C:\Windows\system32\perfh013.dat
2015-11-29 14:44 - 2014-01-21 23:26 - 00178516 _____ C:\Windows\system32\perfc013.dat
2015-11-29 14:44 - 2013-08-26 07:09 - 01970564 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-29 14:36 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-29 14:35 - 2013-08-22 14:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-11-29 14:33 - 2014-05-12 18:06 - 00000000 ____D C:\Users\Gebruiker\Desktop\Utilities
2015-11-29 12:45 - 2014-04-18 16:15 - 00000000 ____D C:\Users\Gebruiker
2015-11-28 23:44 - 2014-04-23 11:57 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\IObit
2015-11-28 23:44 - 2014-04-23 11:57 - 00000000 ____D C:\ProgramData\IObit
2015-11-28 21:56 - 2014-04-23 14:18 - 00000000 ____D C:\Users\Gebruiker\Desktop\Malwarebytes Anti-Malware
2015-11-28 20:45 - 2014-04-23 14:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-27 18:46 - 2014-07-24 13:25 - 00000000 ____D C:\Users\Gebruiker\AppData\LocalLow\raidcall
2015-11-25 16:35 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-25 16:33 - 2014-05-25 15:27 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-24 15:46 - 2015-10-17 15:16 - 00000000 ____D C:\Users\Gebruiker\AppData\Local\LOOT
2015-11-22 20:36 - 2014-04-23 12:57 - 00000000 ____D C:\Users\Gebruiker\AppData\Local\TeamSpeak 3 Client
2015-11-18 17:30 - 2014-04-24 18:21 - 00000000 ____D C:\Users\Gebruiker\Desktop\Games
2015-11-18 17:29 - 2014-04-27 19:40 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-11-12 12:53 - 2014-04-23 12:58 - 00000000 ____D C:\Users\Gebruiker\AppData\Local\Overwolf
2015-11-10 16:42 - 2015-06-07 18:29 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-11-09 21:49 - 2014-04-24 16:12 - 00000000 ____D C:\Users\Gebruiker\Desktop\Game Utilities
2015-11-07 15:55 - 2014-04-23 13:08 - 00000000 ____D C:\Users\Gebruiker\AppData\Local\Akamai
 
==================== Bestanden in de root van sommige mappen =======
 
2015-09-08 15:46 - 2015-10-26 19:09 - 0000117 _____ () C:\Users\Gebruiker\AppData\Roaming\D2Info0
2015-09-08 15:46 - 2015-10-26 20:25 - 0000008 _____ () C:\Users\Gebruiker\AppData\Roaming\DofusAppId0_1
2015-09-08 19:28 - 2015-10-25 20:37 - 0000008 _____ () C:\Users\Gebruiker\AppData\Roaming\DofusAppId0_2
2015-09-11 21:00 - 2015-10-22 17:19 - 0000008 _____ () C:\Users\Gebruiker\AppData\Roaming\DofusAppId0_3
2015-09-13 19:09 - 2015-09-13 21:13 - 0000008 _____ () C:\Users\Gebruiker\AppData\Roaming\DofusAppId0_4
2015-09-19 21:58 - 2015-09-19 21:58 - 0000000 ____H () C:\Users\Gebruiker\AppData\Local\BIT4F2D.tmp
2015-08-14 19:38 - 2015-08-14 19:39 - 0000000 _____ () C:\Users\Gebruiker\AppData\Local\{A9A747EE-8229-4998-85AA-9C97EE010815}
2015-09-19 21:57 - 2015-09-19 21:57 - 0000000 _____ () C:\Users\Gebruiker\AppData\Local\{F15A769B-C1CE-47CF-9280-AFA5483CC4FF}
2015-11-27 19:07 - 2015-11-27 19:07 - 0000006 ____S () C:\ProgramData\9efb7a7a9a24c0af0afd85cc8f3dd601aff66bcb
 
Sommige bestanden in TEMP:
====================
C:\Users\Gebruiker\AppData\Local\Temp\05a45b6182ee976b11c5322202733102.dll
C:\Users\Gebruiker\AppData\Local\Temp\27fff54a706caf16275619fa9b79269c.dll
C:\Users\Gebruiker\AppData\Local\Temp\4c2459bebc146bfd821d90e28a2411ab.dll
C:\Users\Gebruiker\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Gebruiker\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Gebruiker\AppData\Local\Temp\sqlite3.dll
C:\Users\Gebruiker\AppData\Local\Temp\{AC0B411B-5271-4C34-9079-D0EE2322A991}-DropboxClient_3.8.8.exe
 
 
==================== Bamital & volsnap =================
 
(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)
 
C:\Windows\system32\winlogon.exe => Bestand is getekend
C:\Windows\system32\wininit.exe => Bestand is getekend
C:\Windows\explorer.exe => Bestand is getekend
C:\Windows\SysWOW64\explorer.exe => Bestand is getekend
C:\Windows\system32\svchost.exe => Bestand is getekend
C:\Windows\SysWOW64\svchost.exe => Bestand is getekend
C:\Windows\system32\services.exe => Bestand is getekend
C:\Windows\system32\User32.dll => Bestand is getekend
C:\Windows\SysWOW64\User32.dll => Bestand is getekend
C:\Windows\system32\userinit.exe => Bestand is getekend
C:\Windows\SysWOW64\userinit.exe => Bestand is getekend
C:\Windows\system32\rpcss.dll => Bestand is getekend
C:\Windows\system32\dnsapi.dll => Bestand is getekend
C:\Windows\SysWOW64\dnsapi.dll => Bestand is getekend
C:\Windows\system32\Drivers\volsnap.sys => Bestand is getekend
 
 
LastRegBack: 2015-11-22 14:09
 
==================== Eind van FRST.txt ============================

Attached Files


Edited by btoasty, 02 December 2015 - 09:08 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:19 PM

Posted 03 December 2015 - 09:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I thought it was fine, but now I found .crusader in my system. (Its path is Windows/System32/.crusader, it is 9 kB and is dated from 28 november,

This folder is always created when Hiimanpro is installed. I see nothing wrong with it.

===

Nothing supicious was found on your logs. This is just a cleanup.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  Geen bestand
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [Geen bestand]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [Geen bestand]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-11-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-29]
S3 WinRing0_1_2_0; geen ImagePath
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S4 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
R1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
AlternateDataStreams: C:\Windows\system32\Drivers\ijvugcof.sys:changelist
C:\Users\Gebruiker\AppData\Local\Temp\05a45b6182ee976b11c5322202733102.dll
C:\Users\Gebruiker\AppData\Local\Temp\27fff54a706caf16275619fa9b79269c.dll
C:\Users\Gebruiker\AppData\Local\Temp\4c2459bebc146bfd821d90e28a2411ab.dll
C:\Users\Gebruiker\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Gebruiker\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Gebruiker\AppData\Local\Temp\sqlite3.dll
C:\Users\Gebruiker\AppData\Local\Temp\{AC0B411B-5271-4C34-9079-D0EE2322A991}-DropboxClient_3.8.8.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Do you have any issues with this computer?

#3 btoasty

btoasty
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 03 December 2015 - 10:01 AM

Hello,

 

When doing the FRST fix, it freezes after 30 seconds or so, but it did create a Fixlog.txt file so I think it worked? I closed the program because it was freezing and after waiting 5 minutes it still was frozen. I've also restarted my laptop after closing FRST.

 

I have a slower boot-up time compared to before all this happened, and sometimes programs in my taskbar at my right hand side (programs like OneDrive, HP CoolSense, HP 3D Driveguard, Malware-Bytes Antimalware (!) and Nvidia configuration) closes, and what's more interesting is that Avast doesn't close itself.

 

Anyways, here's my fixlog:

 

Fix resultaat van Farbar Recovery Scan Tool (x64) Versie:01-12-2015
Gestart door Gebruiker (2015-12-03 15:40:50) Run:1
Gestart vanaf C:\Users\Gebruiker\Desktop\Utilities\Detectors of the Horse\FRST64
Geladen Profielen: Gebruiker (Beschikbare Profielen: Gebruiker)
Boot Modus: Normal
==============================================
 
fixlist inhoud:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  Geen bestand
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [Geen bestand]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [Geen bestand]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-11-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-29]
S3 WinRing0_1_2_0; geen ImagePath
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S4 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
R1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
AlternateDataStreams: C:\Windows\system32\Drivers\ijvugcof.sys:changelist
C:\Users\Gebruiker\AppData\Local\Temp\05a45b6182ee976b11c5322202733102.dll
C:\Users\Gebruiker\AppData\Local\Temp\27fff54a706caf16275619fa9b79269c.dll
C:\Users\Gebruiker\AppData\Local\Temp\4c2459bebc146bfd821d90e28a2411ab.dll
C:\Users\Gebruiker\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Gebruiker\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Gebruiker\AppData\Local\Temp\sqlite3.dll
C:\Users\Gebruiker\AppData\Local\Temp\{AC0B411B-5271-4C34-9079-D0EE2322A991}-DropboxClient_3.8.8.exe
 
End
*****************
 
Herstelpunt is succesfol gemaakt.
Proces succesvol afgesloten.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => waarde is succesvol verwijderd.
"HKCR\PROTOCOLS\Filter\application/x-mfe-ipt" => sleutel is succesvol verwijderd.
"HKCR\CLSID\{3EF5086B-5478-4598-A054-786C45D75692}" => sleutel is succesvol verwijderd.
"HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10" => sleutel is succesvol verwijderd.
"HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => sleutel is succesvol verwijderd.
Kon niet verplaatsen "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Gepland te verplaatsen bij herstart.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => sleutel is succesvol verwijderd.
Kon niet verplaatsen "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Gepland te verplaatsen bij herstart.
WinRing0_1_2_0 => dienst is succesvol verwijderd.
xhunter1 => dienst is succesvol verwijderd.
ZAM => dienst is succesvol verwijderd.
ZAM_Guard => Kon service niet stoppen.
ZAM_Guard => dienst is succesvol verwijderd.
C:\Windows\system32\Drivers\ijvugcof.sys => ":changelist" ADS is succesvol verwijderd..
C:\Users\Gebruiker\AppData\Local\Temp\05a45b6182ee976b11c5322202733102.dll => is succesvol verplaatst.
C:\Users\Gebruiker\AppData\Local\Temp\27fff54a706caf16275619fa9b79269c.dll => is succesvol verplaatst.
C:\Users\Gebruiker\AppData\Local\Temp\4c2459bebc146bfd821d90e28a2411ab.dll => is succesvol verplaatst.
C:\Users\Gebruiker\AppData\Local\Temp\jre-8u60-windows-au.exe => is succesvol verplaatst.
C:\Users\Gebruiker\AppData\Local\Temp\jre-8u65-windows-au.exe => is succesvol verplaatst.
C:\Users\Gebruiker\AppData\Local\Temp\sqlite3.dll => is succesvol verplaatst.
C:\Users\Gebruiker\AppData\Local\Temp\{AC0B411B-5271-4C34-9079-D0EE2322A991}-DropboxClient_3.8.8.exe => is succesvol verplaatst.

Edited by btoasty, 03 December 2015 - 10:02 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:19 PM

Posted 04 December 2015 - 07:46 AM

Looks like Avast is your Aantivirus protection.
You also have McAfee running in your logs and this may be causing some issues.

To to this McAfee's removal instructions page.
https://service.mcafee.com/webcenter/portal/cp/home/articleview;jsessionid=mb5tBUhtIyxVrVV8h8izrIVYM_gzxsKOuOee7Gu8pNzPspmtcJvF!-1880433370!467878031?articleId=TS101331&_afrLoop=572022909226974#!%40%40%3F_afrLoop%3D572022909226974%26articleId%3DTS101331%26centerWidth%3D100%25%26leftWidth%3D0%25%26rightWidth%3D0%25%26showFooter%3Dfalse%26showHeader%3Dfalse%26_adf.ctrl-state%3D127q6wkzbp_4

Download and run the version of the program that you have previously installed.

===

Run the Fabar tool and post a fresh FRST log for my review.

Let me know what problems persists.

#5 btoasty

btoasty
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 04 December 2015 - 09:30 AM

Hello,

 

I did the steps on the link you gave me. I don't have issues with my laptop, although boot-time is still pretty slow compared to before, don't know if it's a virus or something.

 

FRST.txt:

 

Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie:01-12-2015
Gestart door Gebruiker (Beheerder) op HSUKANG (04-12-2015 15:26:28)
Gestart vanaf C:\Users\Gebruiker\Desktop\Utilities\Detectors of the Horse\FRST64
Geladen Profielen: Gebruiker (Beschikbare Profielen: Gebruiker)
Platform: Windows 8.1 (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: Chrome)
Boot Modus: Normal
 
==================== Processen (gefilterd) =================
 
(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Gebruiker\Desktop\Utilities\Detectors of the Horse\FRST64\FRST64 (2).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Gebruiker\Desktop\Utilities\Detectors of the Horse\FRST64\FRST64 (2).exe
 
 
==================== Register (gefilterd) ===========================
 
(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7660760 2015-02-17] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2015-02-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-02] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-03] (AVAST Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36713096 2015-11-05] (Dropbox, Inc.)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-06-18] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2293568898-1098462975-301995803-1002\...\Run: [Octoshape Streaming Services] => C:\Users\Gebruiker\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS)
HKU\S-1-5-21-2293568898-1098462975-301995803-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Gebruiker\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2293568898-1098462975-301995803-1002\...\MountPoints2: F - "F:\autorun.exe" 
HKU\S-1-5-18\...\Run: [Advanced SystemCare 8] => "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-03] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
 
==================== Internet (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{980B7BF3-F747-411B-83AE-9CB2DA47CA5D}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON14/8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON14/8
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON14/8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON14/8
HKU\S-1-5-21-2293568898-1098462975-301995803-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-2293568898-1098462975-301995803-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {08F5DA91-7A56-4A1E-80EE-1909A2C4B38D} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/1346-154357-12126-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/1346-154357-12126-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2293568898-1098462975-301995803-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-06-07] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-29] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-06-07] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-02] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-29] (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-02] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-15] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-06-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-06-07] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-03-11] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-05-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2293568898-1098462975-301995803-1002: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Gebruiker\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1503240-0-npoctoshape.dll [2015-03-24] (Octoshape ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Gebruiker\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-06-05] (Octoshape ApS)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-03]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-03]
 
Chrome: 
=======
CHR Profile: C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (OkayFreedom) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\bckipplcmnfhblnpibpbehenelnkpecd [2015-07-13]
CHR Extension: (Adblock Plus) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-24]
CHR Extension: (AdBlock) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-24]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-29]
 
==================== Services (gefilterd) ========================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-03] (AVAST Software)
S4 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [Bestand niet getekend]
S3 celavimushost; C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [123608 2015-06-05] (altPUG LLC)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-10-18] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-10-18] (CyberLink)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-07] (Dropbox, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-12] (NVIDIA Corporation)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [Bestand niet getekend]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-12] (NVIDIA Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [Bestand niet getekend]
S4 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [99616 2014-03-05] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-06-03] ()
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2015-02-17] (Realtek Semiconductor)
S4 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4250624 2015-02-03] (A-Volute) [Bestand niet getekend]
S4 Survarium Update Service; C:\Program Files (x86)\Survarium\game\binaries\x86\survarium_service.exe [76408 2014-07-09] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2015-02-17] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-30] (Microsoft Corporation)
 
===================== Drivers (gefilterd) ==========================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [450504 2015-12-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-03] (AVAST Software)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 cpuz135; C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [24368 2012-08-11] (CPUID)
S3 EagleX64; geen ImagePath
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-02-17] (LogMeIn Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-02-16] (REALiX™)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-04] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2015-02-17] (Intel Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [40664 2014-03-10] (The OpenVPN Project)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1205448 2015-02-17] (Ralink Technology, Corp.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [788696 2015-02-17] (Realsil Semiconductor Corporation)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [40640 2015-02-09] (Windows ® Win 7 DDK provider)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2015-02-17] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-03-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-03-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-30] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (gefilterd) ===================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
 
==================== Een Maand Aangemaakt bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2015-12-04 15:12 - 2015-12-04 15:12 - 07480112 _____ (McAfee, Inc.) C:\Users\Gebruiker\Downloads\MCPR.exe
2015-12-03 22:13 - 2015-12-03 22:13 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-12-03 22:13 - 2015-12-03 22:13 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-12-03 22:13 - 2015-12-03 22:13 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-12-03 22:13 - 2015-12-03 22:13 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-12-03 22:13 - 2015-12-03 22:13 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-12-03 22:13 - 2015-12-03 22:13 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-12-03 22:13 - 2015-12-03 22:13 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-12-03 22:13 - 2015-12-03 22:13 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-12-03 22:13 - 2015-12-03 22:13 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-03 22:13 - 2015-12-03 22:12 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-12-03 22:12 - 2015-12-03 22:12 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-12-03 19:51 - 2015-12-03 22:20 - 00000364 _____ C:\Windows\Tasks\HPCeeScheduleForGebruiker.job
2015-12-03 19:51 - 2015-12-03 19:51 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForGebruiker
2015-12-03 15:03 - 2015-12-03 15:03 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-02 15:04 - 2015-12-04 15:26 - 00000000 ____D C:\FRST
2015-12-02 15:01 - 2015-12-02 15:01 - 02350080 _____ (Farbar) C:\Users\Gebruiker\Downloads\FRST64 (1).exe
2015-12-02 14:59 - 2015-12-02 14:59 - 02350080 _____ (Farbar) C:\Users\Gebruiker\Downloads\FRST64.exe
2015-12-01 15:33 - 2015-12-04 15:20 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-01 15:33 - 2015-12-03 21:38 - 00001080 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-01 14:59 - 2015-12-01 14:59 - 00000123 _____ C:\Windows\ZAM_Guard.krnl.trace
2015-11-29 14:23 - 2015-11-29 14:23 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Gebruiker\Downloads\iExplore (1).exe
2015-11-29 14:21 - 2015-11-29 14:21 - 00000000 ____D C:\EEK
2015-11-29 14:16 - 2015-11-29 14:21 - 170275104 _____ C:\Users\Gebruiker\Downloads\EmsisoftEmergencyKit (1).exe
2015-11-29 14:01 - 2015-11-29 14:03 - 00260772 _____ C:\TDSSKiller.3.1.0.6_29.11.2015_14.01.49_log.txt
2015-11-29 14:01 - 2015-11-29 14:01 - 04376066 _____ C:\Users\Gebruiker\Downloads\tdsskiller.zip
2015-11-29 13:41 - 2015-11-29 13:41 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-11-29 13:40 - 2015-11-29 13:40 - 00224968 _____ (ESET) C:\Users\Gebruiker\Downloads\ESETPoweliksCleaner (1).exe
2015-11-29 13:40 - 2015-11-29 13:40 - 00000022 _____ C:\Users\Gebruiker\Downloads\ESETPoweliksCleaner (1).exe_20151129.134022.8760.zip
2015-11-29 13:26 - 2015-12-03 15:57 - 00000000 ____D C:\Users\Gebruiker\AppData\Local\CrashDumps
2015-11-29 13:21 - 2015-11-29 13:22 - 00606643 _____ C:\Users\Gebruiker\Downloads\Autoruns.zip
2015-11-29 12:52 - 2015-11-29 12:53 - 11230592 _____ (Enigma Software Group USA, LLC.) C:\Users\Gebruiker\Downloads\RegHunter-Installer.exe
2015-11-29 12:46 - 2015-11-29 12:46 - 00000000 _____ C:\autoexec.bat
2015-11-29 12:43 - 2015-11-29 12:43 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Gebruiker\Downloads\SpyHunter-Installer.exe
2015-11-29 01:19 - 2015-11-29 01:19 - 00991232 _____ C:\Users\Gebruiker\Downloads\MicrosoftFixit50267.msi
2015-11-29 00:13 - 2015-12-03 15:54 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2015-11-29 00:13 - 2015-11-29 12:42 - 00146981 _____ C:\Windows\ZAM.krnl.trace
2015-11-29 00:12 - 2015-11-29 00:13 - 05708792 _____ ( ) C:\Users\Gebruiker\Downloads\Zemana.AntiMalware.Setup (1).exe
2015-11-29 00:07 - 2015-11-29 14:35 - 00000000 ____D C:\AdwCleaner
2015-11-29 00:07 - 2015-11-29 00:07 - 05708792 _____ ( ) C:\Users\Gebruiker\Downloads\Zemana.AntiMalware.Setup.exe
2015-11-29 00:06 - 2015-11-29 00:06 - 01733632 _____ C:\Users\Gebruiker\Downloads\AdwCleaner.exe
2015-11-28 23:38 - 2015-11-29 13:34 - 00000000 _____ C:\Windows\system32\RzSurroundVADAudioDeviceManager_log.txt
2015-11-28 23:25 - 2015-11-28 23:26 - 11320518 _____ C:\Users\Gebruiker\Downloads\EmsisoftEmergencyKit.exe
2015-11-28 23:15 - 2015-12-01 14:59 - 00000000 ____D C:\Windows\SysWOW64\ZALSDK_uninst
2015-11-28 23:15 - 2015-11-29 00:13 - 00000000 ____D C:\Users\Gebruiker\AppData\Local\Zemana
2015-11-28 23:15 - 2014-12-30 13:31 - 07039960 _____ (Zemana Ltd.) C:\Windows\SysWOW64\ZALSDKCore.dll
2015-11-28 23:12 - 2015-11-28 23:13 - 14739888 _____ (Zemana Ltd. ) C:\Users\Gebruiker\Downloads\Zemana_AntiLogger_1.9.3.602.exe
2015-11-28 22:35 - 2015-11-28 22:35 - 00000000 ____D C:\ProgramData\RogueKiller
2015-11-28 22:34 - 2015-11-28 22:35 - 23719496 _____ C:\Users\Gebruiker\Downloads\RogueKillerX64.exe
2015-11-28 22:30 - 2015-11-28 22:30 - 00008602 _____ C:\Windows\system32\.crusader
2015-11-28 22:12 - 2015-11-28 22:12 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Gebruiker\Downloads\iExplore.exe
2015-11-28 21:43 - 2015-11-28 22:31 - 00000000 ____D C:\ProgramData\HitmanPro
2015-11-28 21:43 - 2015-11-28 21:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-11-28 21:43 - 2015-11-28 21:43 - 00000000 ____D C:\Program Files\HitmanPro
2015-11-28 21:42 - 2015-11-28 21:42 - 11337112 _____ (SurfRight B.V.) C:\Users\Gebruiker\Downloads\HitmanPro_x64.exe
2015-11-28 21:39 - 2015-11-28 21:39 - 00224968 _____ (ESET) C:\Users\Gebruiker\Downloads\ESETPoweliksCleaner.exe
2015-11-28 21:39 - 2015-11-28 21:39 - 00000022 _____ C:\Users\Gebruiker\Downloads\ESETPoweliksCleaner.exe_20151128.213930.200628.zip
2015-11-28 21:23 - 2015-11-28 21:23 - 01211904 _____ (Mozilla Corporation) C:\Users\Gebruiker\Downloads\ExtremeTalk_Install (2).exe
2015-11-28 21:06 - 2015-11-28 21:06 - 01686759 _____ C:\Users\Gebruiker\Downloads\PSTools.zip
2015-11-28 20:45 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-28 20:45 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-28 20:44 - 2015-11-28 20:46 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\2E2C72DC.sys
2015-11-28 20:41 - 2015-11-28 20:41 - 01211904 _____ (Mozilla Corporation) C:\Users\Gebruiker\Downloads\ExtremeTalk_Install (1).exe
2015-11-28 20:37 - 2015-11-28 20:37 - 01211904 _____ (Mozilla Corporation) C:\Users\Gebruiker\Downloads\ExtremeTalk_Install.exe
2015-11-27 19:14 - 2015-11-27 19:14 - 05772872 _____ C:\Users\Gebruiker\Downloads\raidcall-7-3-6-es-en-br-de-win (1).exe
2015-11-27 19:07 - 2015-11-27 19:07 - 00000006 ____S C:\ProgramData\9efb7a7a9a24c0af0afd85cc8f3dd601aff66bcb
2015-11-27 18:59 - 2015-11-27 18:59 - 06046176 _____ C:\Users\Gebruiker\Downloads\raidcall_v8.1.8 (5).exe
2015-11-27 18:54 - 2015-11-27 18:54 - 06046176 _____ C:\Users\Gebruiker\Downloads\raidcall_v8.1.8 (2).exe
2015-11-27 18:50 - 2015-11-27 18:50 - 05772872 _____ C:\Users\Gebruiker\Downloads\raidcall-7-3-6-es-en-br-de-win.exe
2015-11-27 18:46 - 2015-11-27 19:06 - 00000000 ____D C:\Program Files (x86)\RaidCall.RU
2015-11-27 18:46 - 2015-11-27 18:59 - 00000000 ____D C:\Users\Gebruiker\AppData\LocalLow\RCTW
2015-11-27 18:46 - 2015-11-27 18:46 - 06046176 _____ C:\Users\Gebruiker\Downloads\raidcall_v8.1.8 (1).exe
2015-11-27 18:46 - 2015-11-27 18:46 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\RCTW
2015-11-27 18:45 - 2015-11-27 18:45 - 06046176 _____ C:\Users\Gebruiker\Downloads\raidcall_v8.1.8.exe
2015-11-22 20:34 - 2015-11-22 20:35 - 31017664 _____ (TeamSpeak Systems GmbH) C:\Users\Gebruiker\Downloads\TeamSpeak3-Client-win64-3.0.18.2.exe
2015-11-21 18:55 - 2015-11-21 18:55 - 00000000 ____D C:\Users\Gebruiker\AppData\Local\GWX
2015-11-18 20:23 - 2015-11-26 20:36 - 00000000 ____D C:\Users\Gebruiker\Documents\Euro Truck Simulator 2
2015-11-10 16:42 - 2015-11-10 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-05 15:04 - 2015-11-05 15:04 - 00150783 _____ C:\Users\Gebruiker\Downloads\uit_je_hoofdleertabellen_havo-vwo.pdf
2015-11-04 22:27 - 2015-11-04 22:27 - 00224216 _____ C:\Users\Gebruiker\Downloads\Orderbevestiging Spoordeelwinkel 10170850.zip
 
==================== Een Maand Gewijzigd bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2015-12-04 15:26 - 2014-01-21 23:26 - 00842236 _____ C:\Windows\system32\perfh013.dat
2015-12-04 15:26 - 2014-01-21 23:26 - 00178516 _____ C:\Windows\system32\perfc013.dat
2015-12-04 15:26 - 2013-08-26 07:09 - 01970564 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-04 15:20 - 2015-06-07 18:29 - 00001032 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-12-04 15:20 - 2014-04-23 14:10 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-04 15:20 - 2014-04-23 13:47 - 00000000 ___DO C:\Users\Gebruiker\SkyDrive
2015-12-04 15:19 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-04 15:18 - 2013-08-22 14:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-12-04 15:15 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-12-04 15:15 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2015-12-03 22:14 - 2014-04-24 16:11 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-03 22:13 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2015-12-03 22:09 - 2014-04-18 16:16 - 00000000 ____D C:\Users\Gebruiker\AppData\Local\Packages
2015-12-03 21:40 - 2015-06-07 18:29 - 00001036 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-12-03 21:01 - 2014-04-23 12:58 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\TS3Client
2015-12-03 20:14 - 2014-04-18 16:21 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2293568898-1098462975-301995803-1002
2015-12-02 15:07 - 2014-05-12 18:06 - 00000000 ____D C:\Users\Gebruiker\Desktop\Utilities
2015-12-02 14:23 - 2015-07-29 19:37 - 00000000 ____D C:\Users\Gebruiker\Documents\Registry Backup (CCleaner)
2015-12-01 15:33 - 2014-04-23 11:41 - 00004052 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-01 15:33 - 2014-04-23 11:41 - 00003816 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-01 15:15 - 2014-04-23 13:55 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\uTorrent
2015-11-29 12:45 - 2014-04-18 16:15 - 00000000 ____D C:\Users\Gebruiker
2015-11-28 23:44 - 2014-04-23 11:57 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\IObit
2015-11-28 23:44 - 2014-04-23 11:57 - 00000000 ____D C:\ProgramData\IObit
2015-11-28 21:56 - 2014-04-23 14:18 - 00000000 ____D C:\Users\Gebruiker\Desktop\Malwarebytes Anti-Malware
2015-11-28 20:45 - 2014-04-23 14:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-27 18:46 - 2014-07-24 13:25 - 00000000 ____D C:\Users\Gebruiker\AppData\LocalLow\raidcall
2015-11-25 16:35 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-25 16:33 - 2014-05-25 15:27 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-24 15:46 - 2015-10-17 15:16 - 00000000 ____D C:\Users\Gebruiker\AppData\Local\LOOT
2015-11-22 20:36 - 2014-04-23 12:57 - 00000000 ____D C:\Users\Gebruiker\AppData\Local\TeamSpeak 3 Client
2015-11-18 17:30 - 2014-04-24 18:21 - 00000000 ____D C:\Users\Gebruiker\Desktop\Games
2015-11-18 17:29 - 2014-04-27 19:40 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-11-12 12:53 - 2014-04-23 12:58 - 00000000 ____D C:\Users\Gebruiker\AppData\Local\Overwolf
2015-11-10 16:42 - 2015-06-07 18:29 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-11-09 21:49 - 2014-04-24 16:12 - 00000000 ____D C:\Users\Gebruiker\Desktop\Game Utilities
2015-11-07 15:55 - 2014-04-23 13:08 - 00000000 ____D C:\Users\Gebruiker\AppData\Local\Akamai
 
==================== Bestanden in de root van sommige mappen =======
 
2015-09-08 15:46 - 2015-10-26 19:09 - 0000117 _____ () C:\Users\Gebruiker\AppData\Roaming\D2Info0
2015-09-08 15:46 - 2015-10-26 20:25 - 0000008 _____ () C:\Users\Gebruiker\AppData\Roaming\DofusAppId0_1
2015-09-08 19:28 - 2015-10-25 20:37 - 0000008 _____ () C:\Users\Gebruiker\AppData\Roaming\DofusAppId0_2
2015-09-11 21:00 - 2015-10-22 17:19 - 0000008 _____ () C:\Users\Gebruiker\AppData\Roaming\DofusAppId0_3
2015-09-13 19:09 - 2015-09-13 21:13 - 0000008 _____ () C:\Users\Gebruiker\AppData\Roaming\DofusAppId0_4
2015-09-19 21:58 - 2015-09-19 21:58 - 0000000 ____H () C:\Users\Gebruiker\AppData\Local\BIT4F2D.tmp
2015-08-14 19:38 - 2015-08-14 19:39 - 0000000 _____ () C:\Users\Gebruiker\AppData\Local\{A9A747EE-8229-4998-85AA-9C97EE010815}
2015-09-19 21:57 - 2015-09-19 21:57 - 0000000 _____ () C:\Users\Gebruiker\AppData\Local\{F15A769B-C1CE-47CF-9280-AFA5483CC4FF}
2015-11-27 19:07 - 2015-11-27 19:07 - 0000006 ____S () C:\ProgramData\9efb7a7a9a24c0af0afd85cc8f3dd601aff66bcb
 
==================== Bamital & volsnap =================
 
(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)
 
C:\Windows\system32\winlogon.exe => Bestand is getekend
C:\Windows\system32\wininit.exe => Bestand is getekend
C:\Windows\explorer.exe => Bestand is getekend
C:\Windows\SysWOW64\explorer.exe => Bestand is getekend
C:\Windows\system32\svchost.exe => Bestand is getekend
C:\Windows\SysWOW64\svchost.exe => Bestand is getekend
C:\Windows\system32\services.exe => Bestand is getekend
C:\Windows\system32\User32.dll => Bestand is getekend
C:\Windows\SysWOW64\User32.dll => Bestand is getekend
C:\Windows\system32\userinit.exe => Bestand is getekend
C:\Windows\SysWOW64\userinit.exe => Bestand is getekend
C:\Windows\system32\rpcss.dll => Bestand is getekend
C:\Windows\system32\dnsapi.dll => Bestand is getekend
C:\Windows\SysWOW64\dnsapi.dll => Bestand is getekend
C:\Windows\system32\Drivers\volsnap.sys => Bestand is getekend
 
 
LastRegBack: 2015-12-03 20:14
 
==================== Eind van FRST.txt ============================

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:19 PM

Posted 04 December 2015 - 10:01 AM

Nothing supicious was found on your logs.

This however should be looked at.
You have many old versions of Java which may not be as secured as the latest version.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java x Update xx
===

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Wait for further instructions.

#7 btoasty

btoasty
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 04 December 2015 - 11:18 AM

Hello,

 

I have deleted 4 old versions of Java and installed the latest one from the link you gave me. I've attached the zipped file you asked for as well.

I ran TDSSKiller.exe and this is my logfile (it didn't need a reboot):

 

16:28:10.0204 0x0458  TDSS rootkit removing tool 3.1.0.7 Nov 29 2015 22:37:04
16:28:10.0204 0x0458  UEFI system
16:28:14.0053 0x0458  ============================================================
16:28:14.0053 0x0458  Current date / time: 2015/12/04 16:28:14.0053
16:28:14.0053 0x0458  SystemInfo:
16:28:14.0053 0x0458  
16:28:14.0053 0x0458  OS Version: 6.3.9600 ServicePack: 0.0
16:28:14.0053 0x0458  Product type: Workstation
16:28:14.0053 0x0458  ComputerName: HSUKANG
16:28:14.0053 0x0458  UserName: Gebruiker
16:28:14.0053 0x0458  Windows directory: C:\Windows
16:28:14.0053 0x0458  System windows directory: C:\Windows
16:28:14.0053 0x0458  Running under WOW64
16:28:14.0053 0x0458  Processor architecture: Intel x64
16:28:14.0053 0x0458  Number of processors: 4
16:28:14.0053 0x0458  Page size: 0x1000
16:28:14.0053 0x0458  Boot type: Normal boot
16:28:14.0053 0x0458  ============================================================
16:28:14.0241 0x0458  KLMD registered as C:\Windows\system32\drivers\93896272.sys
16:28:14.0773 0x0458  System UUID: {ABE314CE-F588-D6FF-16F5-FCF5657D1FBD}
16:28:15.0507 0x0458  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:28:15.0507 0x0458  ============================================================
16:28:15.0507 0x0458  \Device\Harddisk0\DR0:
16:28:15.0507 0x0458  GPT partitions:
16:28:15.0523 0x0458  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {0F802922-A25D-4F61-96ED-0C08EA6DDFDA}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
16:28:15.0523 0x0458  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {51236579-C66E-4898-96E9-2C679398EB10}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x82000
16:28:15.0523 0x0458  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {F33602AF-CC42-4DD6-B9D9-05C27D0A2F79}, Name: Microsoft reserved partition, StartLBA 0x14A800, BlocksNum 0x40000
16:28:15.0523 0x0458  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {21DA34C5-64F3-414E-A0D0-F6CCA7459B0B}, Name: Basic data partition, StartLBA 0x18A800, BlocksNum 0x7261E800
16:28:15.0523 0x0458  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {548D8961-B10F-441A-BD02-93300DEE624D}, Name: Basic data partition, StartLBA 0x727A9000, BlocksNum 0x1F5B000
16:28:15.0523 0x0458  MBR partitions:
16:28:15.0523 0x0458  ============================================================
16:28:15.0539 0x0458  C: <-> \Device\Harddisk0\DR0\Partition4
16:28:15.0570 0x0458  D: <-> \Device\Harddisk0\DR0\Partition5
16:28:15.0570 0x0458  ============================================================
16:28:15.0570 0x0458  Initialize success
16:28:15.0570 0x0458  ============================================================
16:28:17.0567 0x00c4  ============================================================
16:28:17.0567 0x00c4  Scan started
16:28:17.0567 0x00c4  Mode: Manual; 
16:28:17.0567 0x00c4  ============================================================
16:28:17.0567 0x00c4  KSN ping started
16:28:24.0476 0x00c4  KSN ping finished: true
16:28:26.0156 0x00c4  ================ Scan system memory ========================
16:28:26.0156 0x00c4  System memory - ok
16:28:26.0156 0x00c4  ================ Scan services =============================
16:28:28.0140 0x00c4  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
16:28:28.0156 0x00c4  1394ohci - ok
16:28:28.0172 0x00c4  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\Windows\system32\drivers\3ware.sys
16:28:28.0172 0x00c4  3ware - ok
16:28:28.0187 0x00c4  [ F39180029723D7779C80360F9E255709, F4831FEE79AAF4DB66BF58D3F89B8A6DD8F38CD546B3C653BFF7052DDA112CC6 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
16:28:28.0187 0x00c4  Accelerometer - ok
16:28:28.0218 0x00c4  [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:28:28.0234 0x00c4  ACPI - ok
16:28:28.0234 0x00c4  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
16:28:28.0234 0x00c4  acpiex - ok
16:28:28.0234 0x00c4  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
16:28:28.0234 0x00c4  acpipagr - ok
16:28:28.0250 0x00c4  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
16:28:28.0250 0x00c4  AcpiPmi - ok
16:28:28.0250 0x00c4  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
16:28:28.0250 0x00c4  acpitime - ok
16:28:28.0312 0x00c4  [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:28:28.0312 0x00c4  AdobeARMservice - ok
16:28:30.0222 0x00c4  [ B8F7DF2DD3AA8A5AA865162F011636AD, 733AC203ABEEC3295E2CB5FC623260406EA1CF8A4DD317C637F014C9D6612DEB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:28:30.0237 0x00c4  AdobeFlashPlayerUpdateSvc - ok
16:28:30.0253 0x00c4  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\Windows\system32\drivers\ADP80XX.SYS
16:28:30.0268 0x00c4  ADP80XX - ok
16:28:30.0284 0x00c4  [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:28:30.0284 0x00c4  AeLookupSvc - ok
16:28:30.0315 0x00c4  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\Windows\system32\drivers\afd.sys
16:28:30.0315 0x00c4  AFD - ok
16:28:30.0331 0x00c4  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:28:30.0331 0x00c4  agp440 - ok
16:28:30.0347 0x00c4  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache         C:\Windows\system32\DRIVERS\ahcache.sys
16:28:30.0347 0x00c4  ahcache - ok
16:28:30.0362 0x00c4  [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG             C:\Windows\System32\alg.exe
16:28:30.0362 0x00c4  ALG - ok
16:28:30.0362 0x00c4  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
16:28:30.0362 0x00c4  AmdK8 - ok
16:28:30.0378 0x00c4  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
16:28:30.0378 0x00c4  AmdPPM - ok
16:28:30.0378 0x00c4  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:28:30.0378 0x00c4  amdsata - ok
16:28:30.0409 0x00c4  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:28:30.0409 0x00c4  amdsbs - ok
16:28:30.0409 0x00c4  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:28:30.0425 0x00c4  amdxata - ok
16:28:30.0440 0x00c4  [ 9DCB42905F1EBF9CEC57EE5DF0BDA965, 4C888AAD0DDE01565FD7FBB6B70A500158CF2E4CECF9ADD4AFD302A993587269 ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
16:28:30.0440 0x00c4  AppHostSvc - ok
16:28:30.0456 0x00c4  [ 04951A9A937CBE28A2D3FEEA360B6D1F, D8AAF000BE4FE4B203DC2EB2A64F780A542E5238CE3F9952FD03277379B11529 ] AppID           C:\Windows\system32\drivers\appid.sys
16:28:30.0456 0x00c4  AppID - ok
16:28:30.0456 0x00c4  [ C0DC3F58214A227980AEB091CFD2F973, 0C3E8453C9F65ADA3E74C38C0E3AC3E0CBFD807B827097046265B38839E151E3 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:28:30.0456 0x00c4  AppIDSvc - ok
16:28:30.0487 0x00c4  [ 034ED41F13D9C1845C1E081F05B640DB, E4E17BA0B22C464DE60A6BF68D4D035D1B838DE4F0361029DED1AE00503E135C ] Appinfo         C:\Windows\System32\appinfo.dll
16:28:30.0487 0x00c4  Appinfo - ok
16:28:30.0518 0x00c4  [ 6EB87FDB59AABF6D19C927492DEA0D36, 36168F8CC75D16917A30FA1FACF57659BC2ADF870D20DEE93F851D5348E605BB ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:28:30.0518 0x00c4  Apple Mobile Device Service - ok
16:28:30.0534 0x00c4  [ CB12C47647D8BDAFAA94C0856B14128B, 5590C98095357C92563EF94800107D3611AA6ECA1A70BE463C03B279E618A6C4 ] AppReadiness    C:\Windows\system32\AppReadiness.dll
16:28:30.0550 0x00c4  AppReadiness - ok
16:28:30.0612 0x00c4  [ F7529BD3FFAC9C33D15F6DE3B7353B03, 8EF0A84C9687A246B60939A326E498121039E9CC617A7ABBA933EDD327F3467E ] AppXSvc         C:\Windows\system32\appxdeploymentserver.dll
16:28:30.0643 0x00c4  AppXSvc - ok
16:28:30.0659 0x00c4  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:28:30.0659 0x00c4  arcsas - ok
16:28:30.0847 0x00c4  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:28:30.0862 0x00c4  aspnet_state - ok
16:28:30.0878 0x00c4  [ 7BC1F2FC2A9D79E1EBBBF6D69AC3BA1F, 236265BE3F1B2130025A3A10152893BD0D18AD8965732361058B775F010539A2 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
16:28:30.0878 0x00c4  aswHwid - ok
16:28:30.0893 0x00c4  [ 82065730918234A15A3A7AD6153FF8F2, 8426FF72512F7C7456E9A648100BFD35AC43FA8C01F98493B036F78F13C1F2C8 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
16:28:30.0893 0x00c4  aswMonFlt - ok
16:28:30.0925 0x00c4  [ 2D6B49A071216796106E7804AB2BA7DC, 6A58A3B36EA05A24333482F87CFD315F73E56A64E46493E82E0FE9115E284168 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
16:28:30.0925 0x00c4  aswRdr - ok
16:28:30.0972 0x00c4  [ E46B51C99BB750A81AC6A68362475A5C, 2A61C09902B39696D151B9D5E6A60FFC3CF3EA02613EC64BBAB4DEE3C78838E2 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
16:28:30.0972 0x00c4  aswRvrt - ok
16:28:31.0034 0x00c4  [ A428CC308673A5E74F91D92E4A2B205D, 0A768AA4BD1CD22B5181EDA692F7CB9A43F627BB4FFEEFBB8CBC77A45107A443 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
16:28:31.0050 0x00c4  aswSnx - ok
16:28:31.0081 0x00c4  [ 5C0C4440A27074BBABC5D572DD29CA9B, 9545498B55994D427DB71F67B28C24804FECFE6BF225B24B067A7F0658429EDF ] aswSP           C:\Windows\system32\drivers\aswSP.sys
16:28:31.0081 0x00c4  aswSP - ok
16:28:31.0097 0x00c4  [ D9079E1A1C2A1F8ED5F37AF8E6CD3161, 629E3A642C5E3BEA65CDD2E08CAD69F9649A98BDA906678B51D3D2C9DB5BB253 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
16:28:31.0112 0x00c4  aswStm - ok
16:28:31.0112 0x00c4  [ 3BEC32A0B646D914921FD56AA39998C1, 8DB7CBF3DEF8EAE1D7D28C38B3A0FCD5C2A04D772078B907F35C66451355A04A ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
16:28:31.0128 0x00c4  aswVmm - ok
16:28:31.0128 0x00c4  [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:28:31.0128 0x00c4  AsyncMac - ok
16:28:31.0128 0x00c4  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:28:31.0128 0x00c4  atapi - ok
16:28:31.0159 0x00c4  [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
16:28:31.0159 0x00c4  AudioEndpointBuilder - ok
16:28:31.0206 0x00c4  [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:28:31.0222 0x00c4  Audiosrv - ok
16:28:31.0362 0x00c4  [ F5CB8703A4F51EE30E5C090C78073AA4, 90683F39E9AA315FFB66A9F014AD1BEBF19EA62908247C133455815F6632E578 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:28:31.0378 0x00c4  avast! Antivirus - ok
16:28:31.0393 0x00c4  [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:28:31.0393 0x00c4  AxInstSV - ok
16:28:31.0425 0x00c4  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
16:28:31.0440 0x00c4  b06bdrv - ok
16:28:31.0440 0x00c4  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
16:28:31.0440 0x00c4  BasicDisplay - ok
16:28:31.0456 0x00c4  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
16:28:31.0456 0x00c4  BasicRender - ok
16:28:31.0472 0x00c4  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\Windows\System32\drivers\bcmfn2.sys
16:28:31.0472 0x00c4  bcmfn2 - ok
16:28:31.0487 0x00c4  [ E07C80468D0C599BFF01D9D4EC7AEDC3, F675F455924DEC3FF69AD816DFEB6E74C804AEC3D3BFF7515953DB9D79C9B2D0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:28:31.0487 0x00c4  BDESVC - ok
16:28:31.0487 0x00c4  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\Windows\system32\drivers\Beep.sys
16:28:31.0487 0x00c4  Beep - ok
16:28:31.0518 0x00c4  [ 22A5582ACF0CEE97268D7868C69F35CE, 78A44C10966FE467D3FCC76BE37647AE2CC2BCA9DE5715AD9E643162B23C3A19 ] BFE             C:\Windows\System32\bfe.dll
16:28:31.0534 0x00c4  BFE - ok
16:28:31.0565 0x00c4  [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS            C:\Windows\System32\qmgr.dll
16:28:31.0581 0x00c4  BITS - ok
16:28:31.0628 0x00c4  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:28:31.0628 0x00c4  Bonjour Service - ok
16:28:31.0628 0x00c4  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:28:31.0628 0x00c4  bowser - ok
16:28:31.0659 0x00c4  [ E325BCD68EC0CF2E2EDD0AB7CC17C698, 4DEDEF91F6BD1CC8DBE118AC28CA6BD874449A053B9CDE9FFEB1C7B98501D938 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
16:28:31.0659 0x00c4  BrokerInfrastructure - ok
16:28:31.0675 0x00c4  [ 041A999E4FF9A7CDBE67357751881FB8, 356C52637EA715D6FA2B65BD311C9BF1635A582023434902EC2DE4A2448961F8 ] Browser         C:\Windows\System32\browser.dll
16:28:31.0690 0x00c4  Browser - ok
16:28:31.0690 0x00c4  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
16:28:31.0690 0x00c4  BthAvrcpTg - ok
16:28:31.0706 0x00c4  [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum         C:\Windows\System32\drivers\BthEnum.sys
16:28:31.0706 0x00c4  BthEnum - ok
16:28:31.0722 0x00c4  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
16:28:31.0722 0x00c4  BthHFEnum - ok
16:28:31.0722 0x00c4  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
16:28:31.0722 0x00c4  bthhfhid - ok
16:28:31.0737 0x00c4  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\Windows\System32\BthHFSrv.dll
16:28:31.0737 0x00c4  BthHFSrv - ok
16:28:31.0753 0x00c4  [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum       C:\Windows\System32\drivers\BthLEEnum.sys
16:28:31.0753 0x00c4  BthLEEnum - ok
16:28:31.0768 0x00c4  [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
16:28:31.0768 0x00c4  BTHMODEM - ok
16:28:31.0768 0x00c4  [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan          C:\Windows\System32\drivers\bthpan.sys
16:28:31.0768 0x00c4  BthPan - ok
16:28:31.0825 0x00c4  [ C37F4930795B771400C63C3C87E7A6C2, 0D0F54184B2DAA45F646E4F69B85C4411E8DFA88EB4763BB0F386055A420F217 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
16:28:31.0840 0x00c4  BTHPORT - ok
16:28:31.0856 0x00c4  [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv         C:\Windows\system32\bthserv.dll
16:28:31.0856 0x00c4  bthserv - ok
16:28:31.0872 0x00c4  [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
16:28:31.0872 0x00c4  BTHUSB - ok
16:28:31.0934 0x00c4  [ DEE40211AA700A0A9D7F95EC38DE0714, F3926D92D940311D7E1E7E656116B1B48C4D6B3AFC35017658C4EC3D0A33EF40 ] Cachedrv server C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
16:28:31.0950 0x00c4  Cachedrv server - ok
16:28:31.0965 0x00c4  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:28:31.0965 0x00c4  cdfs - ok
16:28:31.0981 0x00c4  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\Windows\System32\drivers\cdrom.sys
16:28:31.0981 0x00c4  cdrom - ok
16:28:32.0044 0x00c4  [ 93DD64509CCB5637691AD0551E8801A2, B133B3399C2455A33D64E2AC2D221CB63F7AEC4EA45BE76A770A73707C933F4E ] celavimushost   C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe
16:28:32.0059 0x00c4  celavimushost - ok
16:28:32.0075 0x00c4  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:28:32.0075 0x00c4  CertPropSvc - ok
16:28:32.0075 0x00c4  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\Windows\System32\drivers\circlass.sys
16:28:32.0090 0x00c4  circlass - ok
16:28:32.0106 0x00c4  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
16:28:32.0106 0x00c4  CLFS - ok
16:28:32.0200 0x00c4  [ 92547C9A6C5E9A3BEC689486C4885C4B, AB56F0BB2CBAB9AA6EA2E12F04F192271762DEBD7F6FBFB8CFAB6BA23121C295 ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
16:28:32.0247 0x00c4  ClickToRunSvc - ok
16:28:32.0262 0x00c4  [ 3E76A1547F2448BCEE3D2F4AE3931AB5, 31B41723FAA4210A86B1AE02D6C052BD8B738C4B89FB0177C1AE997D24BA5B8C ] CLVirtualDrive  C:\Windows\system32\DRIVERS\CLVirtualDrive.sys
16:28:32.0262 0x00c4  CLVirtualDrive - ok
16:28:32.0278 0x00c4  [ 39F71BF21E7F8EBE9B4810BC95EE26D6, 6134013F918D41A1AA8C814217A272F2C428FA3FE97DB66501FA50A488B0C991 ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
16:28:32.0278 0x00c4  clwvd - ok
16:28:32.0293 0x00c4  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
16:28:32.0293 0x00c4  CmBatt - ok
16:28:32.0309 0x00c4  [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG             C:\Windows\system32\Drivers\cng.sys
16:28:32.0309 0x00c4  CNG - ok
16:28:32.0325 0x00c4  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
16:28:32.0325 0x00c4  CompositeBus - ok
16:28:32.0325 0x00c4  COMSysApp - ok
16:28:32.0340 0x00c4  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\Windows\system32\drivers\condrv.sys
16:28:32.0340 0x00c4  condrv - ok
16:28:34.0215 0x00c4  [ 10A4DCE58A85F2B9321A5D69C8E611A9, 9EA09DC78C8E3444C145AF9D50E4728D5F5C36F425071D64BCF9A942B0C0AF76 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
16:28:34.0231 0x00c4  cphs - ok
16:28:34.0231 0x00c4  [ D0C2CAA17C7B6D2200E1B5AA9D07135E, 5B3705B47DC15F2B61CA3821B883B9CD114D83FCC3344D11EB1D3DF495D75ABE ] cpuz135         C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys
16:28:34.0231 0x00c4  cpuz135 - ok
16:28:34.0293 0x00c4  [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:28:34.0309 0x00c4  CryptSvc - ok
16:28:34.0449 0x00c4  [ 398AA4D2401AF8C831C90B96415F1DE5, 891B9E15A103744EA74C970DC489B8CFD326CEA0C51244E8E52B51ADADE2C0E8 ] CyberLink PowerDVD 12 Media Server Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
16:28:34.0465 0x00c4  CyberLink PowerDVD 12 Media Server Monitor Service - ok
16:28:34.0481 0x00c4  [ FF250422744FC22839C4CD8D111AF95B, B48A8B536B4A217CA205279D8D64F9F8766AA19CAF41A345679C0192A107616F ] CyberLink PowerDVD 12 Media Server Service C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
16:28:34.0496 0x00c4  CyberLink PowerDVD 12 Media Server Service - ok
16:28:34.0512 0x00c4  [ 389C998C64319CD97625B0550E52ECFA, DD0EDDD9C8412F78D2D2B648D67DA887C3040E05DF29F48F71299CB68FDDD0F8 ] dam             C:\Windows\system32\drivers\dam.sys
16:28:34.0512 0x00c4  dam - ok
16:28:34.0512 0x00c4  dbupdate - ok
16:28:34.0512 0x00c4  dbupdatem - ok
16:28:34.0543 0x00c4  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:28:34.0559 0x00c4  DcomLaunch - ok
16:28:34.0591 0x00c4  [ D249C3A58A4FCF755EF4C94F7047E015, 68C044CE2DB93FB502F85F6E081EA164F6E6DCBA6B3EE2A5CBDA122065E522F8 ] defragsvc       C:\Windows\System32\defragsvc.dll
16:28:34.0591 0x00c4  defragsvc - ok
16:28:34.0606 0x00c4  [ 8F387C2C99EE09C6E2AC316205F86A17, EC9E8AE72A21992AA118964E17090BA4503EB051273AD18185C95172F57328CE ] DeviceAssociationService C:\Windows\system32\das.dll
16:28:34.0622 0x00c4  DeviceAssociationService - ok
16:28:34.0638 0x00c4  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
16:28:34.0638 0x00c4  DeviceInstall - ok
16:28:34.0653 0x00c4  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
16:28:34.0653 0x00c4  Dfsc - ok
16:28:34.0653 0x00c4  [ 30710AEFCE721CEEE0F35EB6A01C263C, FB062EC86474D38BBC38E11E2618A9505001C287430B495C482977BBE58017C8 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
16:28:34.0653 0x00c4  dg_ssudbus - ok
16:28:34.0685 0x00c4  [ 05DE04005CE0D84D0E6AD21CAEB369C6, E6704A2A685BCFD560796D7C328F8E53DF0793DBDA590598A492D9070D109298 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:28:34.0685 0x00c4  Dhcp - ok
16:28:34.0731 0x00c4  [ 3ECB752A6963B1CBC9AD65ED89C8ACED, 1D47D2EBD2C8D2B9F8D2D12A5FD93E6B10335EB6B23252DDEA6DF2233655FA59 ] DiagTrack       C:\Windows\system32\diagtrack.dll
16:28:34.0763 0x00c4  DiagTrack - ok
16:28:34.0778 0x00c4  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\Windows\system32\drivers\disk.sys
16:28:34.0778 0x00c4  disk - ok
16:28:34.0794 0x00c4  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
16:28:34.0794 0x00c4  dmvsc - ok
16:28:34.0810 0x00c4  [ E9AE4FAE83FB38A2962F9032B24CEB3C, CC7D2D8C97CB779791613D76D6E4AF5D628C948C28BAC584C3C7F6A5A6036FBA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:28:34.0825 0x00c4  Dnscache - ok
16:28:34.0841 0x00c4  [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc         C:\Windows\System32\dot3svc.dll
16:28:34.0856 0x00c4  dot3svc - ok
16:28:34.0872 0x00c4  [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS             C:\Windows\system32\dps.dll
16:28:34.0872 0x00c4  DPS - ok
16:28:34.0888 0x00c4  [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:28:34.0888 0x00c4  drmkaud - ok
16:28:34.0903 0x00c4  [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
16:28:34.0903 0x00c4  DsmSvc - ok
16:28:34.0950 0x00c4  [ 313DCE665B57000B18CB26C6B6A10DFE, 6C332D4AD13A316C192321AB7E7597E66AF8E1688101FFD851E06C52128DBA52 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:28:34.0966 0x00c4  DXGKrnl - ok
16:28:34.0981 0x00c4  EagleX64 - ok
16:28:34.0981 0x00c4  [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost         C:\Windows\System32\eapsvc.dll
16:28:34.0981 0x00c4  Eaphost - ok
16:28:35.0091 0x00c4  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
16:28:35.0153 0x00c4  ebdrv - ok
16:28:35.0185 0x00c4  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS             C:\Windows\System32\lsass.exe
16:28:35.0185 0x00c4  EFS - ok
16:28:35.0200 0x00c4  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
16:28:35.0200 0x00c4  EhStorClass - ok
16:28:35.0216 0x00c4  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
16:28:35.0216 0x00c4  EhStorTcgDrv - ok
16:28:35.0216 0x00c4  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\Windows\System32\drivers\errdev.sys
16:28:35.0216 0x00c4  ErrDev - ok
16:28:35.0278 0x00c4  [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem     C:\Windows\system32\es.dll
16:28:35.0294 0x00c4  EventSystem - ok
16:28:35.0310 0x00c4  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\Windows\system32\drivers\exfat.sys
16:28:35.0310 0x00c4  exfat - ok
16:28:35.0325 0x00c4  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:28:35.0325 0x00c4  fastfat - ok
16:28:35.0372 0x00c4  [ 2BC8532ABF2B3756B78FA1DA54147DDE, DF65EE2AB0255A2CF3221085A6BE7C37E3DB6BFEED3BCADCDD69BB1049F6DCB1 ] Fax             C:\Windows\system32\fxssvc.exe
16:28:35.0403 0x00c4  Fax - ok
16:28:35.0403 0x00c4  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\Windows\System32\drivers\fdc.sys
16:28:35.0403 0x00c4  fdc - ok
16:28:35.0419 0x00c4  [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost         C:\Windows\system32\fdPHost.dll
16:28:35.0419 0x00c4  fdPHost - ok
16:28:35.0419 0x00c4  [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub        C:\Windows\system32\fdrespub.dll
16:28:35.0419 0x00c4  FDResPub - ok
16:28:35.0435 0x00c4  [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc           C:\Windows\system32\fhsvc.dll
16:28:35.0435 0x00c4  fhsvc - ok
16:28:35.0450 0x00c4  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:28:35.0466 0x00c4  FileInfo - ok
16:28:35.0481 0x00c4  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:28:35.0497 0x00c4  Filetrace - ok
16:28:35.0497 0x00c4  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
16:28:35.0513 0x00c4  flpydisk - ok
16:28:35.0544 0x00c4  [ 6592D192E2823C043EDBC010E7774053, C025A0EC5517DC3BD5D6656DC0F0F19021FB3D2EE90EC6194E1BD74E638EBBDC ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:28:35.0560 0x00c4  FltMgr - ok
16:28:35.0591 0x00c4  [ 6C068E7207F183FF3647E45D2599E80C, D65C9888522CA29596D5C8BEFF42356F0310E812117E72C1D612BA089C0940D9 ] FontCache       C:\Windows\system32\FntCache.dll
16:28:35.0622 0x00c4  FontCache - ok
16:28:35.0653 0x00c4  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:28:35.0653 0x00c4  FontCache3.0.0.0 - ok
16:28:35.0669 0x00c4  [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:28:35.0669 0x00c4  FsDepends - ok
16:28:35.0669 0x00c4  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:28:35.0669 0x00c4  Fs_Rec - ok
16:28:35.0685 0x00c4  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:28:35.0700 0x00c4  fvevol - ok
16:28:35.0716 0x00c4  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
16:28:35.0716 0x00c4  FxPPM - ok
16:28:35.0716 0x00c4  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:28:35.0716 0x00c4  gagp30kx - ok
16:28:35.0731 0x00c4  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:28:35.0731 0x00c4  GEARAspiWDM - ok
16:28:35.0747 0x00c4  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
16:28:35.0747 0x00c4  gencounter - ok
16:28:35.0836 0x00c4  [ B17D0BDBDDF4BD4709D6CA3147D409C0, B83F0D9891190226D2D7D50DE27B61B5FC04B6942C37B78856C45B3309527D9B ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
16:28:35.0867 0x00c4  GfExperienceService - ok
16:28:35.0899 0x00c4  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
16:28:35.0899 0x00c4  GPIOClx0101 - ok
16:28:35.0945 0x00c4  [ 69DB09F0263C637DA8568D404842466A, D042194266978AAD31E04DAF7018CD50754077212DC74A4D8AFF6BFEE80CDD20 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:28:35.0961 0x00c4  gpsvc - ok
16:28:36.0023 0x00c4  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:28:36.0023 0x00c4  gupdate - ok
16:28:36.0039 0x00c4  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:28:36.0055 0x00c4  gupdatem - ok
16:28:36.0055 0x00c4  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:28:36.0055 0x00c4  gusvc - ok
16:28:36.0070 0x00c4  [ 73357C27E5DA5D855657B2B6047799AE, A485124E2C44B5434798C195F2B7051F599D7335186E99CC58067830DE55D9EB ] Hamachi         C:\Windows\system32\DRIVERS\Hamdrv.sys
16:28:36.0070 0x00c4  Hamachi - ok
16:28:36.0117 0x00c4  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:28:36.0117 0x00c4  HdAudAddService - ok
16:28:36.0133 0x00c4  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
16:28:36.0133 0x00c4  HDAudBus - ok
16:28:36.0148 0x00c4  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
16:28:36.0148 0x00c4  HidBatt - ok
16:28:36.0164 0x00c4  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
16:28:36.0164 0x00c4  HidBth - ok
16:28:36.0180 0x00c4  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
16:28:36.0180 0x00c4  hidi2c - ok
16:28:36.0180 0x00c4  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\Windows\System32\drivers\hidir.sys
16:28:36.0180 0x00c4  HidIr - ok
16:28:36.0195 0x00c4  [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv         C:\Windows\system32\hidserv.dll
16:28:36.0195 0x00c4  hidserv - ok
16:28:36.0211 0x00c4  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
16:28:36.0211 0x00c4  HidUsb - ok
16:28:36.0211 0x00c4  [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:28:36.0211 0x00c4  hkmsvc - ok
16:28:36.0227 0x00c4  [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:28:36.0242 0x00c4  HomeGroupListener - ok
16:28:36.0258 0x00c4  [ 1A4DA1D6287B99033D144B436C23B656, D4D1EEB372E61512EA36A33F095E68C225B8E6C72CC57ED8BD00533F88012F40 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:28:36.0273 0x00c4  HomeGroupProvider - ok
16:28:36.0289 0x00c4  [ 77E81E788CC63E65272A7D247F441505, EA57947495A6FD5B6FCC06AD396AEEEEE44AA5EB924B1A4D71C81B1265120F7B ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
16:28:36.0289 0x00c4  HP Support Assistant Service - ok
16:28:36.0289 0x00c4  [ 8B8E6BD988EAF18C1B86704BF05E5C03, 84052C116032F3DC47B0D3A7A8FC8E86DF94DDB3136C866D8FC8A3DF23209DEC ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
16:28:36.0305 0x00c4  hpdskflt - ok
16:28:36.0352 0x00c4  [ D2946D9F020AE76E9CEF9B4A6DF838C0, C29CE594879385DA12B8EAA90B258905827B613839CCD820DE49215B68676995 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
16:28:36.0367 0x00c4  hpqwmiex - ok
16:28:36.0383 0x00c4  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:28:36.0383 0x00c4  HpSAMD - ok
16:28:36.0398 0x00c4  [ 0865F178E272C682B0689F1AA269128D, F8CC23EA339F0C917C3948FF35BEFE10664CCFF8796954898E41F4EC1618E5E1 ] hpsrv           C:\Windows\system32\Hpservice.exe
16:28:36.0398 0x00c4  hpsrv - ok
16:28:36.0430 0x00c4  [ FFE8CB95E972DEB7A4582488DD9E0CDA, E46D9762B34074603FCE932B72901525278001859F336BDF8C75243366D36E80 ] HPWMISVC        c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
16:28:36.0445 0x00c4  HPWMISVC - ok
16:28:36.0492 0x00c4  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:28:36.0508 0x00c4  HTTP - ok
16:28:38.0430 0x00c4  [ E5805896A55D4166C20F216249F40FA3, F426BF60D5B916E7A778EF24C49FE1FFE1B2977C2ABD2977FD5C38C6E6CB139F ] HWiNFO32        C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
16:28:38.0430 0x00c4  HWiNFO32 - ok
16:28:38.0445 0x00c4  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:28:38.0461 0x00c4  hwpolicy - ok
16:28:38.0461 0x00c4  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
16:28:38.0461 0x00c4  hyperkbd - ok
16:28:38.0477 0x00c4  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
16:28:38.0477 0x00c4  HyperVideo - ok
16:28:38.0492 0x00c4  [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
16:28:38.0492 0x00c4  i8042prt - ok
16:28:38.0508 0x00c4  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
16:28:38.0508 0x00c4  iaLPSSi_GPIO - ok
16:28:38.0523 0x00c4  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\Windows\System32\drivers\iaLPSSi_I2C.sys
16:28:38.0523 0x00c4  iaLPSSi_I2C - ok
16:28:38.0539 0x00c4  [ 60F6526DB3297C7324957EF3143F88FF, F0D4AF7E66CD42793C5137B4F5E66AFCE13253C3FF8D397921EA23CD04D49763 ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
16:28:38.0555 0x00c4  iaStorA - ok
16:28:38.0570 0x00c4  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\Windows\system32\drivers\iaStorAV.sys
16:28:38.0586 0x00c4  iaStorAV - ok
16:28:38.0618 0x00c4  [ 9D7AFC77C928460336642D6EFDB5BDEA, 9CF555B94A21D7A518B9228B6BE86679200FEC4219156D7D2183CDC906BA4548 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
16:28:38.0618 0x00c4  IAStorDataMgrSvc - ok
16:28:38.0649 0x00c4  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:28:38.0649 0x00c4  iaStorV - ok
16:28:38.0649 0x00c4  IEEtwCollectorService - ok
16:28:38.0868 0x00c4  [ 40E022751ECBBAEAB90C199F3B8358FC, 3C8B150AA67029ADF3221E76B37B9E277F38059EAF9F3E0EA380144600039156 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
16:28:38.0946 0x00c4  igfx - ok
16:28:39.0009 0x00c4  [ 57322EBB67A59FB64E228F31A84CA43D, 258DA26BDFAB635F145E55CF65CDFCFE4EB91454E3F930489E92810250EF9FD7 ] IKEEXT          C:\Windows\System32\ikeext.dll
16:28:39.0024 0x00c4  IKEEXT - ok
16:28:39.0055 0x00c4  [ 4011430BC9DA46ADFAE9915EFEC312FB, 925DDDA187AE7C46C94FBBFA18FC602260957B6BA891D65DFC09385B6DDEAB58 ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
16:28:39.0055 0x00c4  intaud_WaveExtensible - ok
16:28:39.0196 0x00c4  [ D2B1DA73B6E8769A1BE1A55693B7F1B3, FE26FEAD6A45E4596A7CA9689B66511C4BCB4686A1914505257648DCE048CA26 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:28:39.0259 0x00c4  IntcAzAudAddService - ok
16:28:39.0290 0x00c4  [ D6A22510D795928E8840619900D672B4, 296F232B0A6D42840A745E4706D2815F6D2E4279DBD90112CBFBFF8833B724AF ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
16:28:39.0290 0x00c4  IntcDAud - ok
16:28:39.0352 0x00c4  [ 0DB1E3F6189C628675F855C0EB510419, 989F539E82105019D2D81255369B96DC65826CD2A421DA09809155B26F69C555 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
16:28:39.0352 0x00c4  Intel® Capability Licensing Service Interface - ok
16:28:39.0399 0x00c4  [ 492AAF2FF66F437F0E796574B116EFC3, 6BF21C61ED05705DD58203952A750D1AB4D4B62F3A2B640BBBD9B85D1ECC3E5C ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
16:28:39.0415 0x00c4  Intel® Capability Licensing Service TCP IP Interface - ok
16:28:39.0462 0x00c4  [ 57739E742ABC085C2A4340D4404B4A8B, B4B85C35AC96D11F5940AFCB15A2B2A41D70E3C392E1D4D9353899FA140FF281 ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
16:28:39.0462 0x00c4  Intel® ME Service - ok
16:28:39.0477 0x00c4  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:28:39.0477 0x00c4  intelide - ok
16:28:39.0477 0x00c4  [ 7AA01AB1C110916825E6E1389F1B9AF2, E2885955AFA0908E194B1BC364C9582249B2B2AFFF93F17F3414F55B1E5F2C42 ] intelpep        C:\Windows\system32\drivers\intelpep.sys
16:28:39.0477 0x00c4  intelpep - ok
16:28:39.0477 0x00c4  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
16:28:39.0493 0x00c4  intelppm - ok
16:28:39.0493 0x00c4  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:28:39.0493 0x00c4  IpFilterDriver - ok
16:28:39.0540 0x00c4  [ ACFEE9487693C2BD573DFCA71D98E17C, A347FD476147CD3568EEE6993B46AFC05A66A4269094CA51572D0FD013FCB535 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:28:39.0555 0x00c4  iphlpsvc - ok
16:28:39.0555 0x00c4  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
16:28:39.0555 0x00c4  IPMIDRV - ok
16:28:39.0571 0x00c4  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:28:39.0571 0x00c4  IPNAT - ok
16:28:39.0602 0x00c4  [ E8D96F840994291789F0CDE6800AC1A4, 35B39474B6385DA828D4212047F5C94775FC3C55E8C72EAA503D763D86F9BFB7 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:28:39.0618 0x00c4  iPod Service - ok
16:28:39.0634 0x00c4  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:28:39.0634 0x00c4  IRENUM - ok
16:28:39.0634 0x00c4  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:28:39.0634 0x00c4  isapnp - ok
16:28:39.0649 0x00c4  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
16:28:39.0649 0x00c4  iScsiPrt - ok
16:28:39.0665 0x00c4  [ EE03564B7FAFE2E44EDA33D52E83B4A3, 53C917EEC92B813EB0C86B225E9887C9CDFDD7708AEA71BFAC0A3039E26D7BEB ] iwdbus          C:\Windows\System32\drivers\iwdbus.sys
16:28:39.0665 0x00c4  iwdbus - ok
16:28:39.0696 0x00c4  [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
16:28:39.0712 0x00c4  jhi_service - ok
16:28:39.0727 0x00c4  [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
16:28:39.0727 0x00c4  kbdclass - ok
16:28:39.0743 0x00c4  [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
16:28:39.0743 0x00c4  kbdhid - ok
16:28:39.0759 0x00c4  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
16:28:39.0759 0x00c4  kdnic - ok
16:28:39.0759 0x00c4  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso          C:\Windows\system32\lsass.exe
16:28:39.0774 0x00c4  KeyIso - ok
16:28:39.0790 0x00c4  [ 07071C1E3CD8F0F9114AAC8B072CA1E5, F72E49D9A77BBE28B135D5DDBD9037083D90400A6D61DA45B5D53C4ACFFAF932 ] KMWDFILTER      C:\Windows\System32\drivers\KMWDFILTER.sys
16:28:39.0790 0x00c4  KMWDFILTER - ok
16:28:39.0805 0x00c4  [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:28:39.0805 0x00c4  KSecDD - ok
16:28:39.0821 0x00c4  [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:28:39.0821 0x00c4  KSecPkg - ok
16:28:39.0837 0x00c4  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:28:39.0837 0x00c4  ksthunk - ok
16:28:39.0861 0x00c4  [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:28:39.0877 0x00c4  KtmRm - ok
16:28:39.0893 0x00c4  [ 793EACA6BAE9F481C2059BCB3743EB4A, 2624905C6B6A1227BD1CAC7D4FE55A5F6543E1278DAB31EC553748472D180D1D ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:28:39.0908 0x00c4  LanmanServer - ok
16:28:39.0924 0x00c4  [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:28:39.0939 0x00c4  LanmanWorkstation - ok
16:28:39.0955 0x00c4  [ 626D19F1771E1AE72208AE9A8F3082F7, 78FDB64545ED2EAE9F51C08120E21D2C3285208F6846BD8BBA08CAA839E7A0C4 ] lfsvc           C:\Windows\System32\GeofenceMonitorService.dll
16:28:39.0955 0x00c4  lfsvc - ok
16:28:39.0971 0x00c4  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:28:39.0971 0x00c4  lltdio - ok
16:28:39.0986 0x00c4  [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:28:39.0986 0x00c4  lltdsvc - ok
16:28:39.0986 0x00c4  [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:28:39.0986 0x00c4  lmhosts - ok
16:28:40.0033 0x00c4  [ 6A35B295812CE7064CFBCD9F254169CF, 561DD131FED6F90686D8C031B45B87B6D065C7E0C8804AEFCDE239725AAEE43E ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:28:40.0049 0x00c4  LMS - ok
16:28:40.0080 0x00c4  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:28:40.0096 0x00c4  LSI_SAS - ok
16:28:40.0096 0x00c4  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
16:28:40.0096 0x00c4  LSI_SAS2 - ok
16:28:40.0111 0x00c4  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\Windows\system32\drivers\lsi_sas3.sys
16:28:40.0127 0x00c4  LSI_SAS3 - ok
16:28:40.0127 0x00c4  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
16:28:40.0127 0x00c4  LSI_SSS - ok
16:28:40.0158 0x00c4  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\Windows\System32\lsm.dll
16:28:40.0174 0x00c4  LSM - ok
16:28:40.0205 0x00c4  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\Windows\system32\drivers\luafv.sys
16:28:40.0205 0x00c4  luafv - ok
16:28:40.0205 0x00c4  [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
16:28:40.0205 0x00c4  MBAMProtector - ok
16:28:40.0252 0x00c4  [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
16:28:40.0283 0x00c4  MBAMScheduler - ok
16:28:40.0314 0x00c4  [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
16:28:40.0330 0x00c4  MBAMService - ok
16:28:40.0484 0x00c4  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
16:28:40.0488 0x00c4  MBAMSwissArmy - ok
16:28:40.0494 0x00c4  [ 08DECFCB9BA97786165A69AB1015BC30, EDC8C8447B57BD412E2DEBCA9B5B1B58C19D40105DC7CE9520DE214081696B05 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
16:28:40.0496 0x00c4  MBAMWebAccessControl - ok
16:28:40.0511 0x00c4  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\Windows\system32\drivers\megasas.sys
16:28:40.0512 0x00c4  megasas - ok
16:28:40.0535 0x00c4  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\Windows\system32\drivers\megasr.sys
16:28:40.0544 0x00c4  megasr - ok
16:28:40.0566 0x00c4  [ 1BC9159CF58BABD89419072EA180A8F6, 6C9AB779C2355A341800A8F93AAAF9B19FAFF444CD6A7BD27C63D53F379A75EF ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
16:28:40.0569 0x00c4  MEIx64 - ok
16:28:40.0581 0x00c4  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS           C:\Windows\system32\mmcss.dll
16:28:40.0585 0x00c4  MMCSS - ok
16:28:40.0593 0x00c4  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\Windows\system32\drivers\modem.sys
16:28:40.0594 0x00c4  Modem - ok
16:28:40.0611 0x00c4  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\Windows\System32\drivers\monitor.sys
16:28:40.0612 0x00c4  monitor - ok
16:28:40.0631 0x00c4  [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
16:28:40.0633 0x00c4  mouclass - ok
16:28:40.0637 0x00c4  [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid          C:\Windows\System32\drivers\mouhid.sys
16:28:40.0638 0x00c4  mouhid - ok
16:28:40.0644 0x00c4  [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:28:40.0646 0x00c4  mountmgr - ok
16:28:40.0652 0x00c4  [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:28:40.0654 0x00c4  mpsdrv - ok
16:28:40.0681 0x00c4  [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:28:40.0700 0x00c4  MpsSvc - ok
16:28:40.0744 0x00c4  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:28:40.0747 0x00c4  MRxDAV - ok
16:28:40.0783 0x00c4  [ 7A1A3F213CDB3363D179D5014272025D, 6756F5B7D9FBF6839DB1FF4E94EA45B5499D7DF925E75581C96FBBA4BE131542 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:28:40.0791 0x00c4  mrxsmb - ok
16:28:40.0812 0x00c4  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:28:40.0817 0x00c4  mrxsmb10 - ok
16:28:40.0830 0x00c4  [ C910E5D18958914A66F0E45689D0B40A, AD7C91DD8A60A511E580DD56BACC97F85075A539E7C5D95040A8F870A621DAF4 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:28:40.0834 0x00c4  mrxsmb20 - ok
16:28:40.0849 0x00c4  [ E0927EFA25D473367C3341B9F5969779, B77A162BD3334557623674373D8EC2BE7CC0B359DF06304E467ABFFEE0530271 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
16:28:40.0851 0x00c4  MsBridge - ok
16:28:40.0856 0x00c4  [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC           C:\Windows\System32\msdtc.exe
16:28:40.0856 0x00c4  MSDTC - ok
16:28:40.0887 0x00c4  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:28:40.0887 0x00c4  Msfs - ok
16:28:40.0903 0x00c4  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
16:28:40.0903 0x00c4  msgpiowin32 - ok
16:28:40.0918 0x00c4  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:28:40.0918 0x00c4  mshidkmdf - ok
16:28:40.0918 0x00c4  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
16:28:40.0918 0x00c4  mshidumdf - ok
16:28:40.0918 0x00c4  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:28:40.0934 0x00c4  msisadrv - ok
16:28:40.0934 0x00c4  [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:28:40.0950 0x00c4  MSiSCSI - ok
16:28:40.0957 0x00c4  msiserver - ok
16:28:40.0962 0x00c4  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:28:40.0963 0x00c4  MSKSSRV - ok
16:28:40.0969 0x00c4  [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
16:28:40.0970 0x00c4  MsLldp - ok
16:28:40.0973 0x00c4  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:28:40.0973 0x00c4  MSPCLOCK - ok
16:28:40.0973 0x00c4  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:28:40.0973 0x00c4  MSPQM - ok
16:28:40.0989 0x00c4  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:28:40.0989 0x00c4  MsRPC - ok
16:28:41.0004 0x00c4  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
16:28:41.0004 0x00c4  mssmbios - ok
16:28:41.0004 0x00c4  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:28:41.0004 0x00c4  MSTEE - ok
16:28:41.0020 0x00c4  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
16:28:41.0020 0x00c4  MTConfig - ok
16:28:41.0036 0x00c4  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\Windows\system32\Drivers\mup.sys
16:28:41.0036 0x00c4  Mup - ok
16:28:41.0036 0x00c4  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
16:28:41.0036 0x00c4  mvumis - ok
16:28:41.0073 0x00c4  [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent        C:\Windows\system32\qagentRT.dll
16:28:41.0082 0x00c4  napagent - ok
16:28:41.0113 0x00c4  [ 26ACA481FAFEC59FE311D719E3027BBA, 16A24CCA95A38BDFE970580159F6ACAA13FF1B74CF2290B1B020D909F90D3347 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:28:41.0120 0x00c4  NativeWifiP - ok
16:28:41.0141 0x00c4  [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc          C:\Windows\System32\ncasvc.dll
16:28:41.0147 0x00c4  NcaSvc - ok
16:28:41.0157 0x00c4  [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService      C:\Windows\System32\ncbservice.dll
16:28:41.0164 0x00c4  NcbService - ok
16:28:41.0172 0x00c4  [ 2586C4C167499210DCBF3ECFD8CCE210, D8129FEDE9918BF4FB0057CC58700D4E08457060E810B9CC25CA0F598506ADB8 ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
16:28:41.0176 0x00c4  NcdAutoSetup - ok
16:28:41.0206 0x00c4  [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:28:41.0221 0x00c4  NDIS - ok
16:28:41.0237 0x00c4  [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:28:41.0241 0x00c4  NdisCap - ok
16:28:41.0257 0x00c4  [ B1AA3B19A2E596A59224F893E01A5A75, E08696CA5E087E51AC3E64D4FB8490EEADD612DDF30C9A94DD1BD1BA124B71B7 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
16:28:41.0257 0x00c4  NdisImPlatform - ok
16:28:41.0272 0x00c4  [ DC1D9F692C2AD84C214584C28501C1F7, 96FC0D1EC48FED963E02648541A2AAC8E72ED00D797EA8E3D0ED02F5EB4816C5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:28:41.0272 0x00c4  NdisTapi - ok
16:28:41.0288 0x00c4  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:28:41.0288 0x00c4  Ndisuio - ok
16:28:41.0303 0x00c4  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\Windows\System32\drivers\NdisVirtualBus.sys
16:28:41.0303 0x00c4  NdisVirtualBus - ok
16:28:41.0319 0x00c4  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:28:41.0319 0x00c4  NdisWan - ok
16:28:41.0335 0x00c4  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\Windows\system32\DRIVERS\ndiswan.sys
16:28:41.0335 0x00c4  NdisWanLegacy - ok
16:28:41.0335 0x00c4  [ 0BBE2FA30BAD58C9ADC01E4F84A3D2A1, 913AEC8A5F735C2EFDCB417E4077AB5A15457C601E6E88A1F4FA52C91E6E0BBF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:28:41.0350 0x00c4  NDProxy - ok
16:28:41.0350 0x00c4  [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
16:28:41.0350 0x00c4  Ndu - ok
16:28:41.0366 0x00c4  [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:28:41.0366 0x00c4  NetBIOS - ok
16:28:41.0382 0x00c4  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:28:41.0382 0x00c4  NetBT - ok
16:28:41.0382 0x00c4  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon        C:\Windows\system32\lsass.exe
16:28:41.0382 0x00c4  Netlogon - ok
16:28:41.0406 0x00c4  [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman          C:\Windows\System32\netman.dll
16:28:41.0406 0x00c4  Netman - ok
16:28:41.0444 0x00c4  [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm        C:\Windows\System32\netprofmsvc.dll
16:28:41.0456 0x00c4  netprofm - ok
16:28:41.0550 0x00c4  [ AFBE360851F0269F384D872319F09FE3, 637CB1412B9B283F9B976CF77F6ED5AD75574968CAB5588D170E73A12EB00BD3 ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
16:28:41.0585 0x00c4  netr28x - ok
16:28:41.0790 0x00c4  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:28:41.0843 0x00c4  NetTcpPortSharing - ok
16:28:41.0857 0x00c4  [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc          C:\Windows\System32\drivers\netvsc63.sys
16:28:41.0864 0x00c4  netvsc - ok
16:28:41.0883 0x00c4  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:28:41.0891 0x00c4  NlaSvc - ok
16:28:41.0914 0x00c4  [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] NPF             C:\Windows\system32\drivers\npf.sys
16:28:41.0916 0x00c4  NPF - ok
16:28:41.0932 0x00c4  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:28:41.0934 0x00c4  Npfs - ok
16:28:41.0938 0x00c4  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
16:28:41.0940 0x00c4  npsvctrig - ok
16:28:41.0949 0x00c4  [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi             C:\Windows\system32\nsisvc.dll
16:28:41.0952 0x00c4  nsi - ok
16:28:41.0958 0x00c4  [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:28:41.0959 0x00c4  nsiproxy - ok
16:28:42.0032 0x00c4  [ 038C77D577900EE39410662478BB0D50, A33AAFD5750245C17A47EC71F3C6EAD2E0925CAD34C65AB3E6CEE44756C668E6 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:28:42.0076 0x00c4  Ntfs - ok
16:28:42.0084 0x00c4  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\Windows\system32\drivers\Null.sys
16:28:42.0085 0x00c4  Null - ok
16:28:42.0389 0x00c4  [ 45F83C99EDF3253D047F692A42C1A51A, 08EC3CE5F00C9B70F52577FAD0561A8ECCD6C04F96468DBA67B4D4C82C77FA6D ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:28:42.0589 0x00c4  nvlddmkm - ok
16:28:42.0699 0x00c4  [ C2909BD26906E1D05D77B1D48B48E94A, 5642571FFDBDC63F0E3B1477337103517ABF7C50EBEDA63EF8E162E44C7B2538 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
16:28:42.0730 0x00c4  NvNetworkService - ok
16:28:42.0746 0x00c4  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:28:42.0746 0x00c4  nvraid - ok
16:28:42.0761 0x00c4  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:28:42.0761 0x00c4  nvstor - ok
16:28:42.0840 0x00c4  [ 60C9EC53F9CFBFBE38E9C79B88A6B19F, D89D6C62AB0A3224D850B639E4D7D7265BF183BEE0C60F27FEDDF0194504B078 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
16:28:42.0840 0x00c4  NvStreamKms - ok
16:28:43.0059 0x00c4  [ 5A773713C332F8760ABB915C24675E8F, DA453D341529B34188D5B235B17BD0FDAE84129539FC212F34B9FCC42DC0549C ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
16:28:43.0136 0x00c4  NvStreamSvc - ok
16:28:43.0167 0x00c4  [ 92C7B8287C185022F12253026FA33401, 96E466D17347DB3E789DD6DBF3604E51D4B86D3E49592B0EF6622BD278369F6C ] nvsvc           C:\Windows\system32\nvvsvc.exe
16:28:43.0183 0x00c4  nvsvc - ok
16:28:43.0214 0x00c4  [ 35DFC12FD7E44B7CB8CCD7E5A2B3975A, 36E0E39646636F6E027691E5C3903C51479B3F707BDEA40F460FD27E357DA14E ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
16:28:43.0214 0x00c4  nvvad_WaveExtensible - ok
16:28:43.0214 0x00c4  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:28:43.0214 0x00c4  nv_agp - ok
16:28:43.0292 0x00c4  [ 1300D100EF891C98504DE38624D3F639, 3F7D5A1BB725DC224E08EFC0D6A7F579FC78C64554BAF02D58A6624B91D6384E ] omniserv        C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
16:28:43.0292 0x00c4  omniserv - ok
16:28:43.0308 0x00c4  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:28:43.0324 0x00c4  ose - ok
16:28:43.0355 0x00c4  [ 0A9DF4250B7FF98A7D6D3A499A0139C1, FD3FB7EA8C226AAA9B2370F2F43C3ACBD02A5110BAF937A84913065A4110AB3F ] OverwolfUpdaterService C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
16:28:43.0355 0x00c4  OverwolfUpdaterService - ok
16:28:43.0371 0x00c4  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:28:43.0386 0x00c4  p2pimsvc - ok
16:28:43.0402 0x00c4  [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:28:43.0417 0x00c4  p2psvc - ok
16:28:43.0417 0x00c4  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\Windows\System32\drivers\parport.sys
16:28:43.0417 0x00c4  Parport - ok
16:28:43.0433 0x00c4  [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:28:43.0433 0x00c4  partmgr - ok
16:28:43.0464 0x00c4  [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:28:43.0464 0x00c4  PcaSvc - ok
16:28:43.0480 0x00c4  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\Windows\system32\drivers\pci.sys
16:28:43.0480 0x00c4  pci - ok
16:28:43.0496 0x00c4  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\Windows\system32\drivers\pciide.sys
16:28:43.0496 0x00c4  pciide - ok
16:28:43.0496 0x00c4  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:28:43.0496 0x00c4  pcmcia - ok
16:28:43.0511 0x00c4  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:28:43.0511 0x00c4  pcw - ok
16:28:43.0511 0x00c4  [ ED54A75050211DC77F9B98C41E026858, F92FB59ADE88469EAA50E91D43165C68CC32FDE11595A0069FD43103A674FE44 ] pdc             C:\Windows\system32\drivers\pdc.sys
16:28:43.0511 0x00c4  pdc - ok
16:28:43.0558 0x00c4  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:28:43.0558 0x00c4  PEAUTH - ok
16:28:45.0444 0x00c4  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:28:45.0451 0x00c4  PerfHost - ok
16:28:45.0507 0x00c4  [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla             C:\Windows\system32\pla.dll
16:28:45.0523 0x00c4  pla - ok
16:28:45.0539 0x00c4  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:28:45.0539 0x00c4  PlugPlay - ok
16:28:45.0539 0x00c4  PnkBstrA - ok
16:28:45.0554 0x00c4  [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:28:45.0554 0x00c4  PNRPAutoReg - ok
16:28:45.0570 0x00c4  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:28:45.0570 0x00c4  PNRPsvc - ok
16:28:45.0585 0x00c4  [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:28:45.0601 0x00c4  PolicyAgent - ok
16:28:45.0617 0x00c4  [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power           C:\Windows\system32\umpo.dll
16:28:45.0617 0x00c4  Power - ok
16:28:45.0617 0x00c4  [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:28:45.0617 0x00c4  PptpMiniport - ok
16:28:45.0804 0x00c4  [ 3C96A45CA3403A276B0F045C448EC27B, C0011DB8C5A85817CAF815CC0095EE2C1CDD5964DCD8EAF4C35A2495D6A873CC ] PrintNotify     C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
16:28:45.0851 0x00c4  PrintNotify - ok
16:28:45.0867 0x00c4  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\Windows\System32\drivers\processr.sys
16:28:45.0867 0x00c4  Processor - ok
16:28:45.0898 0x00c4  [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:28:45.0905 0x00c4  ProfSvc - ok
16:28:45.0913 0x00c4  [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:28:45.0916 0x00c4  Psched - ok
16:28:45.0930 0x00c4  [ E191D37BBA4BC9F57C8967D00DEFAD9B, 548072A2A730E3AA5243B2C794CB347A0535D7DFBFC0B4C807F426F6F7EB97A9 ] ptun0901        C:\Windows\system32\DRIVERS\ptun0901.sys
16:28:45.0931 0x00c4  ptun0901 - ok
16:28:45.0950 0x00c4  [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE           C:\Windows\system32\qwave.dll
16:28:45.0950 0x00c4  QWAVE - ok
16:28:45.0950 0x00c4  [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:28:45.0950 0x00c4  QWAVEdrv - ok
16:28:45.0966 0x00c4  [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:28:45.0966 0x00c4  RasAcd - ok
16:28:45.0966 0x00c4  [ 3EE5097945A7F680E320953271EB2D4F, 0B9F2B458177A654F65C5E862B7C55B35E20271B76D5E20A20F30D3223A1216F ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:28:45.0966 0x00c4  RasAgileVpn - ok
16:28:45.0982 0x00c4  [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto         C:\Windows\System32\rasauto.dll
16:28:45.0982 0x00c4  RasAuto - ok
16:28:46.0013 0x00c4  [ 1BD3022FD6E450B00DE560265638FD2A, 3878B443053DFFED62641BE8736891F426C7121EB8C4DB38FF0F218697133A6D ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:28:46.0013 0x00c4  Rasl2tp - ok
16:28:46.0044 0x00c4  [ 5C7B86EE33505E36026AFAAB62DA6364, 903BB1A355AC746BF09C2A7C87B068168648DB79DEF39AB1DC710B6A7A5F6556 ] RasMan          C:\Windows\System32\rasmans.dll
16:28:46.0044 0x00c4  RasMan - ok
16:28:46.0060 0x00c4  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:28:46.0060 0x00c4  RasPppoe - ok
16:28:46.0075 0x00c4  [ 2B0F1677CDD08967005F34488559BC6F, FFF168EBD171C0B85A448AD1A04F66534E889AE1DC128F68EA3F35D5996C8D39 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:28:46.0075 0x00c4  RasSstp - ok
16:28:46.0151 0x00c4  [ 67EAD2898F681B4ECA6E385AA39C8539, BD3D46234DD4FB6232CFF073E75CA8E35E06B416D205DCD6564E30D7548ED6F6 ] Razer Game Scanner Service C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
16:28:46.0151 0x00c4  Razer Game Scanner Service - ok
16:28:46.0183 0x00c4  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:28:46.0198 0x00c4  rdbss - ok
16:28:46.0198 0x00c4  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
16:28:46.0198 0x00c4  rdpbus - ok
16:28:46.0214 0x00c4  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
16:28:46.0214 0x00c4  RDPDR - ok
16:28:46.0230 0x00c4  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:28:46.0230 0x00c4  RdpVideoMiniport - ok
16:28:46.0230 0x00c4  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:28:46.0245 0x00c4  rdyboost - ok
16:28:46.0276 0x00c4  [ E515A287C8FAE901EB8FB42F168E14F2, 9AE8D608587713FD18BB728BADD402C86FFF06A67359B22ED9431705522BC310 ] ReFS            C:\Windows\system32\drivers\ReFS.sys
16:28:46.0308 0x00c4  ReFS - ok
16:28:46.0339 0x00c4  [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:28:46.0339 0x00c4  RemoteAccess - ok
16:28:46.0370 0x00c4  [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:28:46.0370 0x00c4  RemoteRegistry - ok
16:28:46.0386 0x00c4  [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM          C:\Windows\System32\drivers\rfcomm.sys
16:28:46.0386 0x00c4  RFCOMM - ok
16:28:46.0401 0x00c4  [ 83A6C2CAFE236652D1559640594A0EA8, 52360F17C9C70C9CEA3316560B40C4D89FD705ED7E6B6088C99FC54D4CC35EB5 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
16:28:46.0401 0x00c4  rpcapd - ok
16:28:46.0423 0x00c4  [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:28:46.0428 0x00c4  RpcEptMapper - ok
16:28:46.0437 0x00c4  [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator      C:\Windows\system32\locator.exe
16:28:46.0440 0x00c4  RpcLocator - ok
16:28:46.0473 0x00c4  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] RpcSs           C:\Windows\system32\rpcss.dll
16:28:46.0488 0x00c4  RpcSs - ok
16:28:46.0504 0x00c4  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:28:46.0504 0x00c4  rspndr - ok
16:28:46.0566 0x00c4  [ DD250F87140A66F56C1CCED90FD5D6D9, E9DA7DAAFB226ACF7F062FF653945A6AB10F02E68FB77DB15404A5739BEC915F ] rtbth           C:\Windows\System32\drivers\rtbth.sys
16:28:46.0582 0x00c4  rtbth - ok
16:28:46.0613 0x00c4  [ B85642BE0761159B63CFFC137384E17F, ACB04AC581EE475543AEA3003E3643DC2A007C4D3F1831C120F1D07BDAFF2FA4 ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
16:28:46.0613 0x00c4  RtkAudioService - ok
16:28:46.0660 0x00c4  [ CED833BA33C84E657C184D51B2E6AED9, C3F86AAF4AC3EB67CB2C9EAF019D9FE8777D2AA6DF00F21EAD8E6B6C19B4E4CF ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
16:28:46.0678 0x00c4  RTL8168 - ok
16:28:46.0705 0x00c4  [ 2926FBF7E054BDD5159AEABCA3EAE511, 41247B534F34A8E430266D73749140668C52519E139047186B0BC85373FC255A ] RTSPER          C:\Windows\system32\DRIVERS\RtsPer.sys
16:28:46.0707 0x00c4  RTSPER - ok
16:28:46.0722 0x00c4  [ F17F84511E7DFDEEAB646F0699A006D7, 5237937841FBD1F99A5D6161DEBA26182DDAF617CA98946EE7DB0AB67FC149EA ] rzpmgrk         C:\Windows\system32\drivers\rzpmgrk.sys
16:28:46.0722 0x00c4  rzpmgrk - ok
16:28:46.0738 0x00c4  [ FEF60A37301E1F5A3020FA3487FB2CD7, 0C925468C3376458D0E1EC65E097BD1A81A03901035C0195E8F6EF904EF3F901 ] rzpnk           C:\Windows\system32\drivers\rzpnk.sys
16:28:46.0738 0x00c4  rzpnk - ok
16:28:46.0754 0x00c4  [ 6F59DE8AD8A6946D9133550BA481E6AD, CE4DE15872C0E9694793FC73710A4C6A163A335C2BD44FF2EFC3B553A465B40E ] RZSURROUNDVADService C:\Windows\system32\drivers\RzSurroundVAD.sys
16:28:46.0754 0x00c4  RZSURROUNDVADService - ok
16:28:46.0933 0x00c4  [ 4B4A98A85F40EDDB22F61D645FD9441B, 9A7692263B03C48A28AA6C1A881F1B0F5DE72ECF4BB18D080CADDDBBEC694069 ] RzSurroundVADStreamingService C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
16:28:47.0011 0x00c4  RzSurroundVADStreamingService - ok
16:28:47.0011 0x00c4  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
16:28:47.0011 0x00c4  s3cap - ok
16:28:47.0027 0x00c4  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs           C:\Windows\system32\lsass.exe
16:28:47.0027 0x00c4  SamSs - ok
16:28:47.0042 0x00c4  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:28:47.0042 0x00c4  sbp2port - ok
16:28:47.0058 0x00c4  [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:28:47.0058 0x00c4  SCardSvr - ok
16:28:47.0089 0x00c4  [ 20AE08C7072DD0263651F7E6D60D0ACD, AF7981F5909B5B928F2D935E40C858E65F32C85433E0C9927557ADB29EFC98CC ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
16:28:47.0089 0x00c4  SCDEmu - ok
16:28:47.0089 0x00c4  [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
16:28:47.0105 0x00c4  ScDeviceEnum - ok
16:28:47.0124 0x00c4  [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:28:47.0126 0x00c4  scfilter - ok
16:28:47.0172 0x00c4  [ D3AE5DB16EAF913860EC28654CE00E6B, AD76B6044F7247C6E86F6DCB7CFD6B25BCA2B9F09A97A419F043A999E66726A2 ] Schedule        C:\Windows\system32\schedsvc.dll
16:28:47.0187 0x00c4  Schedule - ok
16:28:47.0207 0x00c4  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:28:47.0211 0x00c4  SCPolicySvc - ok
16:28:47.0224 0x00c4  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\Windows\System32\drivers\sdbus.sys
16:28:47.0229 0x00c4  sdbus - ok
16:28:47.0237 0x00c4  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
16:28:47.0239 0x00c4  sdstor - ok
16:28:47.0241 0x00c4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:28:47.0241 0x00c4  secdrv - ok
16:28:47.0241 0x00c4  [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon        C:\Windows\system32\seclogon.dll
16:28:47.0241 0x00c4  seclogon - ok
16:28:47.0272 0x00c4  [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS            C:\Windows\System32\sens.dll
16:28:47.0284 0x00c4  SENS - ok
16:28:47.0305 0x00c4  [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:28:47.0307 0x00c4  SensrSvc - ok
16:28:47.0322 0x00c4  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\Windows\system32\drivers\SerCx.sys
16:28:47.0322 0x00c4  SerCx - ok
16:28:47.0322 0x00c4  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\Windows\system32\drivers\SerCx2.sys
16:28:47.0338 0x00c4  SerCx2 - ok
16:28:47.0338 0x00c4  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\Windows\System32\drivers\serenum.sys
16:28:47.0338 0x00c4  Serenum - ok
16:28:47.0338 0x00c4  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\Windows\System32\drivers\serial.sys
16:28:47.0338 0x00c4  Serial - ok
16:28:47.0353 0x00c4  [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse        C:\Windows\System32\drivers\sermouse.sys
16:28:47.0353 0x00c4  sermouse - ok
16:28:47.0369 0x00c4  [ D5C3776CBD8BC307DCCA3FD4CE667A37, 98E4253B770C25914C91A6148E2EA15ED0EF37ADCB042A47252DBA135972BF74 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:28:47.0369 0x00c4  SessionEnv - ok
16:28:47.0385 0x00c4  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
16:28:47.0385 0x00c4  sfloppy - ok
16:28:47.0432 0x00c4  [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:28:47.0432 0x00c4  SharedAccess - ok
16:28:47.0478 0x00c4  [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:28:47.0506 0x00c4  ShellHWDetection - ok
16:28:47.0524 0x00c4  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
16:28:47.0525 0x00c4  SiSRaid2 - ok
16:28:47.0539 0x00c4  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:28:47.0540 0x00c4  SiSRaid4 - ok
16:28:47.0556 0x00c4  [ E6035ADBA3F13ACF1BEDA7B5D50FDBBB, A840D072395F2394E3B55A080F8F17CC3A02E8BCAFE8B8EC0374ECA1EFF05C23 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:28:47.0556 0x00c4  SkypeUpdate - ok
16:28:47.0577 0x00c4  [ 0224CD52A27E06F80A91621A633D64ED, F15C16F6851F79648E142B79F63B447EF387EF7C9A075BD2A7AAED626BFFB656 ] SmbDrv          C:\Windows\System32\drivers\Smb_driver_AMDASF.sys
16:28:47.0578 0x00c4  SmbDrv - ok
16:28:47.0595 0x00c4  [ 5A474BBF8689F73BD28AD224A4BD0102, 20FDEAE8EF71B6503BDF13035CF5A2C11B19347B54D684F6399DDBBC83413593 ] SmbDrvI         C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
16:28:47.0597 0x00c4  SmbDrvI - ok
16:28:47.0607 0x00c4  [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost         C:\Windows\System32\smphost.dll
16:28:47.0622 0x00c4  smphost - ok
16:28:47.0622 0x00c4  [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:28:47.0622 0x00c4  SNMPTRAP - ok
16:28:47.0652 0x00c4  [ 240C5C3793206725AA05665851E8C214, 96ADFB85EB1623EB00C251C1C6A1F441A1795F0EBFD10B17DD1CA58E3AE8A90D ] spaceport       C:\Windows\system32\drivers\spaceport.sys
16:28:47.0659 0x00c4  spaceport - ok
16:28:47.0673 0x00c4  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
16:28:47.0673 0x00c4  SpbCx - ok
16:28:47.0717 0x00c4  [ 2E3976C857D7230EC8D2B2276E688255, C0A6A84369CB3E709A6FFEBED2B38AB62D731B79D052D6D6FA8EF855BC428778 ] Spooler         C:\Windows\System32\spoolsv.exe
16:28:47.0736 0x00c4  Spooler - ok
16:28:47.0917 0x00c4  [ 46549AF7CB672BC8138264CC4100E9F8, 6434249FADB07A033FD40C37DF2B775CF0617CF0C3E7C170F2984BD3CE423794 ] sppsvc          C:\Windows\system32\sppsvc.exe
16:28:48.0026 0x00c4  sppsvc - ok
16:28:48.0042 0x00c4  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:28:48.0058 0x00c4  srv - ok
16:28:48.0089 0x00c4  [ 5BED3AB69797C8786EF70AEA8C33748B, 0474EE6C43D437CBA9848BCF25D1341B122D7E9F371A0FF3C62C83D14B2CB095 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:28:48.0105 0x00c4  srv2 - ok
16:28:48.0105 0x00c4  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:28:48.0120 0x00c4  srvnet - ok
16:28:48.0151 0x00c4  [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:28:48.0167 0x00c4  SSDPSRV - ok
16:28:48.0180 0x00c4  [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:28:48.0185 0x00c4  SstpSvc - ok
16:28:48.0194 0x00c4  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
16:28:48.0198 0x00c4  ssudmdm - ok
16:28:48.0223 0x00c4  [ 5852D5FADD589643B6C1B5BE9D257A50, 38DC6CEB0AA6AF4FD046A9CF7571E345E52D30471E248E2B99FC6D5622257145 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
16:28:48.0238 0x00c4  Steam Client Service - ok
16:28:48.0266 0x00c4  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
16:28:48.0267 0x00c4  stexstor - ok
16:28:48.0288 0x00c4  [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc          C:\Windows\System32\wiaservc.dll
16:28:48.0302 0x00c4  stisvc - ok
16:28:48.0323 0x00c4  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\Windows\system32\drivers\storahci.sys
16:28:48.0323 0x00c4  storahci - ok
16:28:48.0339 0x00c4  [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
16:28:48.0339 0x00c4  storflt - ok
16:28:48.0355 0x00c4  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\Windows\system32\drivers\stornvme.sys
16:28:48.0355 0x00c4  stornvme - ok
16:28:48.0370 0x00c4  [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc         C:\Windows\system32\storsvc.dll
16:28:48.0370 0x00c4  StorSvc - ok
16:28:48.0370 0x00c4  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\Windows\system32\drivers\storvsc.sys
16:28:48.0386 0x00c4  storvsc - ok
16:28:48.0386 0x00c4  [ 7EED09094BFED0487D8263742DA28296, 9D9F3680DE34F43E7CB42AA1A89B820ADBE29CDD9302240B38AC3CBF4B47A361 ] Survarium Update Service C:\Program Files (x86)\Survarium\game\binaries\x86\survarium_service.exe
16:28:48.0386 0x00c4  Survarium Update Service - ok
16:28:48.0386 0x00c4  [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc           C:\Windows\system32\svsvc.dll
16:28:48.0401 0x00c4  svsvc - ok
16:28:48.0417 0x00c4  [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum          C:\Windows\System32\drivers\swenum.sys
16:28:48.0417 0x00c4  swenum - ok
16:28:48.0433 0x00c4  [ 850EBB87584484DC16F917E7B6F4A304, C253D1DFFCDFB018432063602FB01DBCBDDD6E03458E5C366AABD4670F114B0C ] swprv           C:\Windows\System32\swprv.dll
16:28:48.0448 0x00c4  swprv - ok
16:28:48.0464 0x00c4  [ CDA92383EFB52846B7894280A559C330, 8ACE4212AD4ABD29B06950F8CABBDF1B4813A311FAE3C0A999E60E711FD236CC ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
16:28:48.0479 0x00c4  SynTP - ok
16:28:48.0708 0x00c4  [ EE9F01B61899A4576AC09EE7DD200A34, 6990E332CD11ABBB535535EC9079D87BBD4D0BE37119EBC5878A7320F2689F64 ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
16:28:48.0800 0x00c4  SynTPEnhService - ok
16:28:48.0867 0x00c4  [ 3DA26652B12E9AB43FD04976AC6DFD33, DEFE220D86197949E97342FE3487CD6A07DD2FFAF6D17A7C65419C2C1B9D1AB5 ] SysMain         C:\Windows\system32\sysmain.dll
16:28:48.0892 0x00c4  SysMain - ok
16:28:48.0903 0x00c4  [ FD4EA8E9232ADD51DC31C295DDEF2768, 3EA40D7376AB5AA5DA2BCF4745C79F7BF819363466967ECC3CD15ADECBFD7244 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
16:28:48.0907 0x00c4  SystemEventsBroker - ok
16:28:48.0907 0x00c4  [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\Windows\System32\TabSvc.dll
16:28:48.0922 0x00c4  TabletInputService - ok
16:28:48.0922 0x00c4  [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
16:28:48.0922 0x00c4  tap0901 - ok
16:28:48.0969 0x00c4  [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:28:48.0996 0x00c4  TapiSrv - ok
16:28:49.0071 0x00c4  [ 3C2DF97A21A9BBE6355B0A51F288EFFF, 47BBE47CFE2379B072AEEC360C4F207059BED9AD18C55FDF2AC0DA9CAD837BFB ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:28:49.0112 0x00c4  Tcpip - ok
16:28:49.0167 0x00c4  [ 3C2DF97A21A9BBE6355B0A51F288EFFF, 47BBE47CFE2379B072AEEC360C4F207059BED9AD18C55FDF2AC0DA9CAD837BFB ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:28:49.0205 0x00c4  TCPIP6 - ok
16:28:49.0237 0x00c4  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:28:49.0237 0x00c4  tcpipreg - ok
16:28:49.0268 0x00c4  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:28:49.0268 0x00c4  tdx - ok
16:28:49.0443 0x00c4  [ CC907C2FB839D3F92690A25FF8E463BE, 3CEE9BEA1ACB1086389AA4817D996431716EFEB4432EC4D59EEF1BA710C15B8C ] TeamViewer9     C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
16:28:49.0521 0x00c4  TeamViewer9 - ok
16:28:49.0543 0x00c4  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
16:28:49.0545 0x00c4  terminpt - ok
16:28:49.0557 0x00c4  [ 3D748E5558FD9A9F03182CB2330698DC, 70B2069AB7912EB49AB3ABD18D4B42CB94AC99CA6DE3F63F4888B8EAAC78AAA2 ] TermService     C:\Windows\System32\termsrv.dll
16:28:49.0588 0x00c4  TermService - ok
16:28:49.0604 0x00c4  [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes          C:\Windows\system32\themeservice.dll
16:28:49.0619 0x00c4  Themes - ok
16:28:49.0635 0x00c4  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER     C:\Windows\system32\mmcss.dll
16:28:49.0635 0x00c4  THREADORDER - ok
16:28:49.0635 0x00c4  [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
16:28:49.0651 0x00c4  TimeBroker - ok
16:28:49.0651 0x00c4  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\Windows\system32\drivers\tpm.sys
16:28:49.0666 0x00c4  TPM - ok
16:28:49.0666 0x00c4  [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks          C:\Windows\System32\trkwks.dll
16:28:49.0683 0x00c4  TrkWks - ok
16:28:49.0721 0x00c4  [ 887CC44830D3F367CAD17A0CA7CCA5C8, D4022A76433A11FD66D0F41A1EB4D6893BC5B22317E7E9E021739109EB493B44 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:28:49.0726 0x00c4  TrustedInstaller - ok
16:28:49.0754 0x00c4  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:28:49.0756 0x00c4  TsUsbFlt - ok
16:28:49.0762 0x00c4  [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
16:28:49.0763 0x00c4  TsUsbGD - ok
16:28:49.0770 0x00c4  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:28:49.0773 0x00c4  tunnel - ok
16:28:49.0774 0x00c4  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:28:49.0774 0x00c4  uagp35 - ok
16:28:49.0811 0x00c4  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
16:28:49.0813 0x00c4  UASPStor - ok
16:28:49.0835 0x20f0  Object required for P2P: [ 92547C9A6C5E9A3BEC689486C4885C4B ] ClickToRunSvc
16:28:49.0835 0x00c4  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
16:28:49.0841 0x00c4  UCX01000 - ok
16:28:49.0854 0x00c4  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:28:49.0860 0x00c4  udfs - ok
16:28:49.0875 0x00c4  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\Windows\System32\drivers\UEFI.sys
16:28:49.0875 0x00c4  UEFI - ok
16:28:49.0879 0x00c4  [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:28:49.0879 0x00c4  UI0Detect - ok
16:28:49.0879 0x00c4  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:28:49.0895 0x00c4  uliagpkx - ok
16:28:49.0900 0x00c4  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\Windows\System32\drivers\umbus.sys
16:28:49.0902 0x00c4  umbus - ok
16:28:49.0904 0x00c4  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\Windows\System32\drivers\umpass.sys
16:28:49.0904 0x00c4  UmPass - ok
16:28:49.0920 0x00c4  [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService    C:\Windows\System32\umrdp.dll
16:28:49.0920 0x00c4  UmRdpService - ok
16:28:49.0951 0x00c4  [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost        C:\Windows\System32\upnphost.dll
16:28:49.0951 0x00c4  upnphost - ok
16:28:49.0967 0x00c4  [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64       C:\Windows\System32\Drivers\usbaapl64.sys
16:28:49.0967 0x00c4  USBAAPL64 - ok
16:28:49.0982 0x00c4  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
16:28:49.0982 0x00c4  usbccgp - ok
16:28:50.0014 0x00c4  [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
16:28:50.0014 0x00c4  usbcir - ok
16:28:50.0029 0x00c4  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
16:28:50.0029 0x00c4  usbehci - ok
16:28:50.0061 0x00c4  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\Windows\System32\drivers\usbhub.sys
16:28:50.0061 0x00c4  usbhub - ok
16:28:50.0092 0x00c4  [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
16:28:50.0092 0x00c4  USBHUB3 - ok
16:28:50.0107 0x00c4  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\Windows\System32\drivers\usbohci.sys
16:28:50.0107 0x00c4  usbohci - ok
16:28:50.0123 0x00c4  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
16:28:50.0123 0x00c4  usbprint - ok
16:28:50.0139 0x00c4  [ F04D164C4168701A4E7835607722E5F1, 6F743CF2CF73945B4A4B1C4402744BC2FE1624F1346C194493AD2F7110F9EB35 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:28:50.0139 0x00c4  usbscan - ok
16:28:50.0154 0x00c4  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
16:28:50.0154 0x00c4  USBSTOR - ok
16:28:50.0170 0x00c4  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
16:28:50.0170 0x00c4  usbuhci - ok
16:28:50.0186 0x00c4  [ 18F744E8CCEB2670040EBAF7AD77B8C6, C5E2DF4EA0D946B4DA67DE29FA9D0F079DED35EC59B98E532C4C2D5F8E86DA0A ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
16:28:50.0186 0x00c4  usbvideo - ok
16:28:50.0201 0x00c4  [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
16:28:50.0201 0x00c4  USBXHCI - ok
16:28:50.0217 0x00c4  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc        C:\Windows\system32\lsass.exe
16:28:50.0217 0x00c4  VaultSvc - ok
16:28:50.0217 0x00c4  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:28:50.0217 0x00c4  vdrvroot - ok
16:28:50.0248 0x00c4  [ E3EF58D4123B5AA29C8E19825AF84A5E, FB1046722BC643E955DBC3B1459DBF2A6D575EBA2BCF7B20A0FA51E3993835E2 ] vds             C:\Windows\System32\vds.exe
16:28:50.0279 0x00c4  vds - ok
16:28:50.0279 0x00c4  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
16:28:50.0279 0x00c4  VerifierExt - ok
16:28:50.0326 0x00c4  [ F6ECFD6128A16A4851CFE98D4E01B011, C349893E8D7FB9B510A3FAD040F70C3C72B0ACDD5F6EB336951849F9E953717D ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
16:28:50.0342 0x00c4  vhdmp - ok
16:28:50.0357 0x00c4  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:28:50.0357 0x00c4  viaide - ok
16:28:50.0357 0x00c4  [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus           C:\Windows\system32\drivers\vmbus.sys
16:28:50.0373 0x00c4  vmbus - ok
16:28:50.0373 0x00c4  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
16:28:50.0373 0x00c4  VMBusHID - ok
16:28:50.0406 0x00c4  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
16:28:50.0416 0x00c4  vmicguestinterface - ok
16:28:50.0424 0x00c4  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
16:28:50.0424 0x00c4  vmicheartbeat - ok
16:28:50.0439 0x00c4  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
16:28:50.0455 0x00c4  vmickvpexchange - ok
16:28:50.0471 0x00c4  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv         C:\Windows\System32\ICSvc.dll
16:28:50.0471 0x00c4  vmicrdv - ok
16:28:50.0486 0x00c4  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
16:28:50.0502 0x00c4  vmicshutdown - ok
16:28:50.0502 0x00c4  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync    C:\Windows\System32\ICSvc.dll
16:28:50.0518 0x00c4  vmictimesync - ok
16:28:50.0539 0x00c4  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss         C:\Windows\System32\ICSvc.dll
16:28:50.0545 0x00c4  vmicvss - ok
16:28:50.0561 0x00c4  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:28:50.0561 0x00c4  volmgr - ok
16:28:50.0576 0x00c4  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:28:50.0576 0x00c4  volmgrx - ok
16:28:50.0592 0x00c4  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:28:50.0592 0x00c4  volsnap - ok
16:28:50.0607 0x00c4  [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci            C:\Windows\System32\drivers\vpci.sys
16:28:50.0607 0x00c4  vpci - ok
16:28:50.0623 0x00c4  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:28:50.0623 0x00c4  vsmraid - ok
16:28:50.0670 0x00c4  [ 3B7F9612439EA47151EC5EAB232C1C3F, CA08CCB14CB46512F72E2C20454242B18BC57E34C55B42A37B7EC27B79242CDC ] VSS             C:\Windows\system32\vssvc.exe
16:28:50.0701 0x00c4  VSS - ok
16:28:50.0748 0x00c4  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
16:28:50.0748 0x00c4  VSTXRAID - ok
16:28:50.0764 0x00c4  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:28:50.0764 0x00c4  vwifibus - ok
16:28:50.0779 0x00c4  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:28:50.0779 0x00c4  vwififlt - ok
16:28:50.0779 0x00c4  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
16:28:50.0779 0x00c4  vwifimp - ok
16:28:50.0811 0x00c4  [ 7599E582CA3A6AAA95A18FFE1172D339, A0410778FBBC4302EA91CF24B944427410B4706535F1192504D4F34C3ED4503E ] W32Time         C:\Windows\system32\w32time.dll
16:28:50.0829 0x00c4  W32Time - ok
16:28:50.0846 0x00c4  [ A22546B0093EBBDE03C52E56C3391373, 0C28D5C6A4E4EF12ABF0195409CAED17E07DEA22FB330D99FEEF847CBBC04A4E ] w3logsvc        C:\Windows\system32\inetsrv\w3logsvc.dll
16:28:50.0848 0x00c4  w3logsvc - ok
16:28:50.0867 0x00c4  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
16:28:50.0867 0x00c4  WacomPen - ok
16:28:50.0867 0x00c4  [ B41F3E5780D97CFD44A717153AD9CF2C, 6133104D9E5BCFDCDF55E3C52AA701766102A8F86D3F2667BBBF7168E3B3E2AB ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
16:28:50.0867 0x00c4  Wanarp - ok
16:28:50.0867 0x00c4  [ B41F3E5780D97CFD44A717153AD9CF2C, 6133104D9E5BCFDCDF55E3C52AA701766102A8F86D3F2667BBBF7168E3B3E2AB ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:28:50.0883 0x00c4  Wanarpv6 - ok
16:28:50.0899 0x00c4  [ 9BAE40BD31E3EE0B0C70BEF167E0A2BC, 2419AC815C95F2629E1832973501983D06F788728755605D42D6C8565C3CBBF1 ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
16:28:50.0919 0x00c4  WAS - ok
16:28:50.0955 0x00c4  [ 61692DB39AD3DF2F29392D68EAA7BB93, 854D4B9C7DD1676968598ED973500650ECEC02C420E44C0B3957C24F073AA5FB ] wbengine        C:\Windows\system32\wbengine.exe
16:28:50.0986 0x00c4  wbengine - ok
16:28:51.0002 0x00c4  [ 3BC1D1D56637A32CD91C8AE08E2484AA, 9EE1BD3FB0D289E25F3DDD0D8F67DC1C701A6B1D5418FADF348D0E642B1DEBEB ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:28:51.0017 0x00c4  WbioSrvc - ok
16:28:51.0033 0x00c4  [ A07CFC4B593D15B6BF06813C3B5B33BF, B57BD918E2AFF9943B51A24B95E0C4D3482B4DF73C0E2421E8CC67C2BC7A4C70 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
16:28:51.0054 0x00c4  Wcmsvc - ok
16:28:51.0070 0x00c4  [ D2726823DF7E19F213F4805A9D6D145F, A7F582C99918D204264D3B374F70D75984BDA5805203041E3DECB8153D16E102 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:28:51.0081 0x00c4  wcncsvc - ok
16:28:51.0099 0x00c4  [ 846C02A8B48CBD921A3D6AB521AA0DC4, B07573A774A6C65D24E5718DC25DF378270EB5B40221CA5A53B21D47838381D3 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:28:51.0103 0x00c4  WcsPlugInService - ok
16:28:51.0106 0x00c4  [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
16:28:51.0106 0x00c4  WdBoot - ok
16:28:51.0137 0x00c4  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:28:51.0137 0x00c4  Wdf01000 - ok
16:28:51.0153 0x00c4  [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
16:28:51.0153 0x00c4  WdFilter - ok
16:28:51.0168 0x00c4  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:28:51.0168 0x00c4  WdiServiceHost - ok
16:28:51.0168 0x00c4  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:28:51.0184 0x00c4  WdiSystemHost - ok
16:28:51.0184 0x00c4  [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv        C:\Windows\system32\Drivers\WdNisDrv.sys
16:28:51.0184 0x00c4  WdNisDrv - ok
16:28:51.0200 0x00c4  WdNisSvc - ok
16:28:51.0215 0x00c4  [ 91B18D7A1702ED589E67C6C81052B955, 5D1DA8B86106A28E50BBCCB36527CC130D41201F5BE1D3DC5F1D6F7ECCF807BA ] WebClient       C:\Windows\System32\webclnt.dll
16:28:51.0215 0x00c4  WebClient - ok
16:28:51.0231 0x00c4  [ 3274312F263882B51B964329FAF49734, 99A020377ACF0762BE5ECD2D68EB5E1497B9D59963247E725F7F96FB5DF41FAD ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:28:51.0231 0x00c4  Wecsvc - ok
16:28:51.0247 0x00c4  [ 7CDD84E0023A0C5C230B06A7965EC65E, 6EC7DC18C76D66CF9A893C3DD20F9BE3ADD76546F9A9BA42CE4F24854709F9D9 ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
16:28:51.0247 0x00c4  WEPHOSTSVC - ok
16:28:51.0262 0x00c4  [ 959534ACF085C137D2D094384EF89C45, D029F440789FE170A1C46217C6DE6D78DC0188A5CF33FCCC17FA65D3BC80C2B7 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:28:51.0262 0x00c4  wercplsupport - ok
16:28:51.0262 0x00c4  [ 82BCCF5FBE47AC9E8CBA2020994DFB3F, EA96C6BD98A701B465D0780EC10BDA92E45FE636D60C1385813AA3B456D8B931 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:28:51.0278 0x00c4  WerSvc - ok
16:28:51.0278 0x00c4  [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
16:28:51.0278 0x00c4  WFPLWFS - ok
16:28:51.0293 0x00c4  [ E06AFE2F94BA7CFA2FE4FD2A449E60E2, 99A81E16366E9E77905D873B0246E4C11B383FE1E99E0E1D9A07FAD4E52EA9E4 ] WiaRpc          C:\Windows\System32\wiarpc.dll
16:28:51.0293 0x00c4  WiaRpc - ok
16:28:51.0293 0x00c4  [ 867BCC69ED9C31C501465EB0E8BA9DFA, 678B7FF4D4E8624514301956CDA7FB451159BBFC83FF2E4E5E7DADAE3C7AB2EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:28:51.0293 0x00c4  WIMMount - ok
16:28:51.0309 0x00c4  WinDefend - ok
16:28:51.0356 0x00c4  [ DD079EC8F44DCA3A176B345C6ADEFB66, 6CD9371B83EA23D2181891FAE1DB285BC111A78C35F374E57666ED09860C91A9 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
16:28:51.0387 0x00c4  WinHttpAutoProxySvc - ok
16:28:51.0629 0x00c4  [ 9DB490F3E823C5C3C070644B96CB9D59, 81937D0B331E43C7C61514E60B3AD51370C5201F7B4D12F8534840D91EDC32DD ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:28:51.0645 0x00c4  Winmgmt - ok
16:28:51.0723 0x00c4  [ 9CE162EB9057CF079736F4DD00FC0D6C, 412C34557866D2A3B3CDAFA5A03B87C01AACF75E349802E511098B20137028D9 ] WinRM           C:\Windows\system32\WsmSvc.dll
16:28:51.0770 0x00c4  WinRM - ok
16:28:51.0785 0x00c4  [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb          C:\Windows\System32\drivers\WinUsb.sys
16:28:51.0785 0x00c4  WinUsb - ok
16:28:51.0785 0x00c4  [ 4F2A80D65AE6F845776E2F06AE6782ED, 2455537C048115435D9EDE4B18F9F54C43912076AEF36BDEFEC35AF2140B8B2E ] WirelessButtonDriver C:\Windows\System32\drivers\WirelessButtonDriver64.sys
16:28:51.0801 0x00c4  WirelessButtonDriver - ok
16:28:51.0832 0x00c4  [ 3F5EF31C6AA204B099EE76497DF80A26, CBE648A4E7E1D98A3D8C72582C1CB3C2FD2329EAA24EE4DCAD271AAA6F4D82CE ] WlanSvc         C:\Windows\System32\wlansvc.dll
16:28:51.0863 0x00c4  WlanSvc - ok
16:28:51.0919 0x00c4  [ 5F56C0DE776C7AE43AF749845BFAA1EF, 837993C5853B7E682C7FB8401B7F5D951FFD15E5659EBB1B01DC3F5719ACEE19 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
16:28:51.0934 0x00c4  wlidsvc - ok
16:28:51.0950 0x00c4  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
16:28:51.0950 0x00c4  WmiAcpi - ok
16:28:51.0982 0x00c4  [ 7AFAC828F52D62F304A911EC32F42EEE, 4EDCF4149069413A166169F2E23F7505F47B39B7EC319E1EF6D2C46CD140AA24 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:28:51.0994 0x00c4  wmiApSrv - ok
16:28:52.0006 0x00c4  WMPNetworkSvc - ok
16:28:52.0021 0x00c4  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\Windows\system32\drivers\Wof.sys
16:28:52.0021 0x00c4  Wof - ok
16:28:52.0092 0x00c4  [ 61BF52E9FFAB27A0B6D621BE26088373, 81291D52C381360E69D51E7DEB05CFAC651A7E9EF781CA23062C0583D0C94708 ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
16:28:52.0127 0x00c4  workfolderssvc - ok
16:28:52.0152 0x00c4  [ 182561A14F2E93E81E66FE3700D17A5A, FB9A06058A8BCCEDCDC5BF8899D9B2FBA5752C262C5FC6D2B8338884F3303D12 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
16:28:52.0154 0x00c4  wpcfltr - ok
16:28:52.0160 0x00c4  [ 4E6A0F60DA7EF050D3D26417CD4D24E9, E6B3BFB007B641D41F8532ED086F92CB3D86E210023DBFAA9AD8152A9FD33CCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:28:52.0164 0x00c4  WPCSvc - ok
16:28:52.0172 0x00c4  [ 618A19EB31ECA7B7F2AA0207BAF598A5, CB18CF9B781EAB3D775F8201F294A7135E058D6C963D2CC759DCA14D95EED538 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:28:52.0179 0x00c4  WPDBusEnum - ok
16:28:52.0194 0x00c4  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
16:28:52.0195 0x00c4  WpdUpFltr - ok
16:28:52.0205 0x00c4  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:28:52.0207 0x00c4  ws2ifsl - ok
16:28:52.0227 0x00c4  [ 9654DE19551093CD73874281E1573C94, 5E3513EC0CB180D90904BE8970AB64A4434279E8C467AE2CF693254E47B1D11E ] wscsvc          C:\Windows\System32\wscsvc.dll
16:28:52.0233 0x00c4  wscsvc - ok
16:28:52.0237 0x00c4  WSearch - ok
16:28:52.0314 0x20f0  Object send P2P result: true
16:28:52.0323 0x00c4  [ 95B6670E6933E1DEE19686C55BE709A0, 4B9EB8F1712B7959A71F6DA445D29BD09B25EEFC6B30D736EFE30163D79B233E ] WSService       C:\Windows\System32\WSService.dll
16:28:52.0339 0x20f0  Object required for P2P: [ 45F83C99EDF3253D047F692A42C1A51A ] nvlddmkm
16:28:52.0401 0x00c4  WSService - ok
16:28:52.0560 0x00c4  [ E000163D322E5BD8E5165C1475A9F9B6, DE60F03B1EE91B658854B4C2FD30E5FBD26E4016EF68964FFC748AEF74A9EE7A ] wuauserv        C:\Windows\system32\wuaueng.dll
16:28:52.0625 0x00c4  wuauserv - ok
16:28:52.0645 0x00c4  [ D537815E450A149752C15868392AD1F3, 8788CE493349299DB36E409C8CC3C6EA08301FA492C95D9D556E00BC13A05F13 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:28:52.0660 0x00c4  WudfPf - ok
16:28:52.0660 0x00c4  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
16:28:52.0660 0x00c4  WUDFRd - ok
16:28:52.0676 0x00c4  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFSensorLP    C:\Windows\System32\drivers\WUDFRd.sys
16:28:52.0676 0x00c4  WUDFSensorLP - ok
16:28:52.0692 0x00c4  [ 9CDC2059A23E3C9B57696178508777E7, B680A2E2EDA5C8C6A547E7D9B2F2F8E6407C3EA0A01B82A4B88D48A27913A597 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:28:52.0707 0x00c4  wudfsvc - ok
16:28:52.0707 0x00c4  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdFs       C:\Windows\System32\drivers\WUDFRd.sys
16:28:52.0707 0x00c4  WUDFWpdFs - ok
16:28:52.0723 0x00c4  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdMtp      C:\Windows\System32\drivers\WUDFRd.sys
16:28:52.0723 0x00c4  WUDFWpdMtp - ok
16:28:52.0754 0x00c4  [ 2FA9794CA36147756F3FDFD6CA29B46F, 4B86DC38C2411C281686E9A4E64DA6FB2992E39391371F78E012D6D8BB85123F ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:28:52.0754 0x00c4  WwanSvc - ok
16:28:52.0770 0x00c4  ================ Scan global ===============================
16:28:52.0832 0x00c4  [ C89780A6F58D113C28A96D85D1261DC5, 185114F33A60916C7904E4A0F278CA43258454343E614F01F0DAFA98BAC981B1 ] C:\Windows\system32\basesrv.dll
16:28:52.0864 0x00c4  [ 00DD4D2ACC2E72155A8AAA82018BEC0D, 9D7CA68B4A81240477FCC85A3CC11EF986093F9D6228A6C5AC608EDAD664068C ] C:\Windows\system32\winsrv.dll
16:28:52.0910 0x00c4  [ 9C1833ABD62876856836C5AE55C7CE86, 0A21E2C8B2FF3B0438C86DA7151A548F9C6F5C62CD402CBBEDB435994C8508F1 ] C:\Windows\system32\sxssrv.dll
16:28:52.0957 0x00c4  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\Windows\system32\services.exe
16:28:52.0957 0x00c4  [ Global ] - ok
16:28:52.0957 0x00c4  ================ Scan MBR ==================================
16:28:52.0973 0x00c4  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
16:28:52.0989 0x00c4  \Device\Harddisk0\DR0 - ok
16:28:52.0989 0x00c4  ================ Scan VBR ==================================
16:28:52.0989 0x00c4  [ 8726E36EC97CF615FEBEFE0AC63FFC05 ] \Device\Harddisk0\DR0\Partition1
16:28:53.0020 0x00c4  \Device\Harddisk0\DR0\Partition1 - ok
16:28:53.0045 0x00c4  [ B47A36F0286419AE2F286ED5B70423D3 ] \Device\Harddisk0\DR0\Partition2
16:28:53.0064 0x00c4  \Device\Harddisk0\DR0\Partition2 - ok
16:28:53.0073 0x00c4  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
16:28:53.0073 0x00c4  \Device\Harddisk0\DR0\Partition3 - ok
16:28:53.0089 0x00c4  [ 57980CAC0B81B986E5D3753DCCD14495 ] \Device\Harddisk0\DR0\Partition4
16:28:53.0105 0x00c4  \Device\Harddisk0\DR0\Partition4 - ok
16:28:53.0120 0x00c4  [ E178BAC6E08D1A992B8FD5C4800F2914 ] \Device\Harddisk0\DR0\Partition5
16:28:53.0136 0x00c4  \Device\Harddisk0\DR0\Partition5 - ok
16:28:53.0136 0x00c4  ================ Scan generic autorun ======================
16:28:53.0405 0x00c4  [ 26E56C4065A4AFB61F38CE9F9DB2BBB9, F969A8EB22CB9F8A5F9E47E7DD53F14F5AF813665DE8A465895A5C216DFA927A ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
16:28:53.0514 0x00c4  RTHDVCPL - ok
16:28:53.0545 0x00c4  [ 829B05FC19F71A9F6B77E126A8876D1F, CC7519DDE36C6C2CBCDF8C48FA5EFC9CA0D70856EDA6C38724E2333F719158F3 ] C:\Windows\system32\igfxtray.exe
16:28:53.0562 0x00c4  IgfxTray - ok
16:28:53.0596 0x00c4  [ 0C00C1914ABA8C86B084C1BD980867B5, EAE84166B81B02343D4F81508AFBED3CCC6B9CD19BC3A10D7041F4A9FF3CBC40 ] C:\Windows\system32\hkcmd.exe
16:28:53.0611 0x00c4  HotKeysCmds - ok
16:28:53.0637 0x00c4  [ 712066A5167491F7B9226B45E14981EA, E5FF7228836AA204F5E5BFF2A8809FF97A5B3E08DDCA7629A08F87CE5715F080 ] C:\Windows\system32\igfxpers.exe
16:28:53.0650 0x00c4  Persistence - ok
16:28:53.0817 0x00c4  [ 88DA2E50CBCD4C062632EE34923C5913, A0EEFC404049798B2319C90F8FB3A9A42323204DB89182F7A968B8723F913B79 ] C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
16:28:53.0864 0x00c4  SimplePass - ok
16:28:53.0880 0x00c4  [ B5F08FCC816B933D8EC1FACCE62B2A12, 950A1764E90EE11BCC033C30BD823855AA92E62479AF6ECA762F491FF670A125 ] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
16:28:53.0880 0x00c4  OPBHOBroker - ok
16:28:53.0895 0x00c4  [ 1C8F76268DE368A288C6AFB2F00F348F, CB25D1332C694CD460038FC2A5CD1D223AEECBBEDD1768B0F6727219EEF16ABA ] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
16:28:53.0895 0x00c4  OPBHOBrokerDesktop - ok
16:28:53.0999 0x00c4  [ 6BE70A935DFD72F47C29757305B50B1E, 6E76D7CA8C417750C2AFAD45344F5863CEA7798A2993716E21DE1997789D1746 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
16:28:54.0030 0x00c4  NvBackend - ok
16:28:54.0046 0x00c4  [ 6E0BDFBEEED65B017F2E4C2C910B0520, 54D798C2E2804DCDB84E9650EA4A032C669B10C586B396D5505F16235D83882C ] C:\Windows\system32\rundll32.exe
16:28:54.0046 0x00c4  ShadowPlay - ok
16:28:54.0046 0x00c4  SynTPEnh - ok
16:28:54.0108 0x00c4  [ 56C262B2CFDE9A101455CE6A60762C6C, 66504DC72530E788962CF7D88EE14804098CE52675BA3143A291694D31036E10 ] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
16:28:54.0114 0x00c4  AccelerometerSysTrayApplet - ok
16:28:54.0171 0x00c4  [ 33040C4D7902CF7FB7C54311B17FB1F3, D803FFC394219B984DBF84C759AE6B56F4F04D4C6CBF593A4FEEAF9ADCE99138 ] C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
16:28:54.0187 0x00c4  YouCam Service - ok
16:28:54.0250 0x00c4  [ 0E33C03867675B923DCAF0A36DD646CA, 18B5EAB49C0DC20B45E7DF5C2BCE1799E5E3FDE79D0161F17C7F898140A91289 ] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
16:28:54.0265 0x00c4  HPMessageService - ok
16:28:54.0638 0x00c4  [ 8A312D5764B4FC4C55CEDDEED4652CF1, C4E726C9C77614CD32D5B76DA2E9A049EC490C2392D9A94B84712BCBF47BA7C6 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
16:28:54.0736 0x00c4  AvastUI.exe - ok
16:28:54.0783 0x00c4  Dropbox - ok
16:28:54.0814 0x20f0  Object send P2P result: true
16:28:54.0908 0x00c4  [ 80086ED442941DE2CA18CB6DAE8C1422, F7BE958F2E8E17970C238E3806F4A742B12DA09EB21093BD6371CF4B580C5BE4 ] C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
16:28:54.0939 0x00c4  Aeria Ignite - ok
16:28:55.0017 0x00c4  [ 625A825BF08C306CBF90AE79E444F17C, 23BEC341E0331D53D03042C20AE8566D556200E1D37DE9DAD453D6219C48A761 ] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
16:28:55.0033 0x00c4  Razer Synapse - ok
16:28:55.0071 0x00c4  [ F655E4A1AED366E96E5D5AA397E0F255, F8573CCA72FA25079B8CE2FC5D30379487E2905B109C73C741FAB31589FA49E1 ] C:\Program Files (x86)\QuickTime\QTTask.exe
16:28:55.0078 0x00c4  QuickTime Task - ok
16:28:55.0096 0x00c4  [ 793D7221E5EC69EA615349A13B702B8C, 1545C9634A6599FE4B35419B1B40932797FE2E7DF0B5F27D6698810CC075CF86 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
16:28:55.0105 0x00c4  SunJavaUpdateSched - ok
16:28:55.0222 0x00c4  [ 614FEE71F590258B37787E264CD52013, 61B401518CB92F43D76DE72C928005A7E3233FF26406E073313BA0753CF4C31E ] C:\Users\Gebruiker\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
16:28:55.0238 0x00c4  Octoshape Streaming Services - ok
16:28:55.0464 0x00c4  [ F2AD1B265908797F8A5E21E0312F2F25, 2A6A612F7D52D297385C43E77AD0CD37B28F33ED2AF89098F5E66B812B838A52 ] C:\Users\Gebruiker\AppData\Local\Akamai\netsession_win.exe
16:28:55.0536 0x00c4  Akamai NetSession Interface - ok
16:28:55.0536 0x00c4  Waiting for KSN requests completion. In queue: 178
16:28:56.0548 0x00c4  Waiting for KSN requests completion. In queue: 178
16:28:57.0561 0x00c4  Waiting for KSN requests completion. In queue: 178
16:28:58.0034 0x2430  Object required for P2P: [ 8A312D5764B4FC4C55CEDDEED4652CF1 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
16:28:58.0565 0x00c4  Waiting for KSN requests completion. In queue: 7
16:28:59.0572 0x00c4  Waiting for KSN requests completion. In queue: 7
16:29:00.0506 0x2430  Object send P2P result: true
16:29:00.0522 0x2430  Object required for P2P: [ 793D7221E5EC69EA615349A13B702B8C ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
16:29:00.0584 0x00c4  Waiting for KSN requests completion. In queue: 3
16:29:01.0594 0x00c4  Waiting for KSN requests completion. In queue: 3
16:29:02.0597 0x00c4  Waiting for KSN requests completion. In queue: 3
16:29:03.0613 0x00c4  Waiting for KSN requests completion. In queue: 3
16:29:04.0616 0x00c4  Waiting for KSN requests completion. In queue: 3
16:29:05.0631 0x00c4  Waiting for KSN requests completion. In queue: 3
16:29:06.0647 0x00c4  Waiting for KSN requests completion. In queue: 3
16:29:07.0522 0x2430  Object send P2P result: true
16:29:07.0679 0x00c4  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated )
16:29:07.0679 0x00c4  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 11.1.2245.1540 ), 0x41000 ( enabled : updated )
16:29:07.0679 0x00c4  Win FW state via NFP2: enabled ( trusted )
16:29:10.0071 0x00c4  ============================================================
16:29:10.0071 0x00c4  Scan finished
16:29:10.0071 0x00c4  ============================================================
16:29:10.0086 0x26ec  Detected object count: 0
16:29:10.0086 0x26ec  Actual detected object count: 0
 
END OF LOG FILE FROM TDSSKILLER (This wasn't part of it!).
 
Log file of aswMBR.exe:
 
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-12-04 16:43:21
-----------------------------
16:43:21.192    OS Version: Windows x64 6.2.9200 
16:43:21.192    Number of processors: 4 586 0x4501
16:43:21.192    ComputerName: HSUKANG  UserName: 
16:43:33.445    Initialize success
16:43:33.445    VM: initialized successfully
16:43:33.461    VM: Intel CPU BiosDisabled 
16:43:35.215    AVAST engine defs: 15120402
16:43:39.330    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002f
16:43:39.330    Disk 0 Vendor: ST1000LM014-1EJ164 HPM2 Size: 953869MB BusType: 8
16:43:39.548    Disk 0 MBR read successfully
16:43:39.564    Disk 0 MBR scan
16:43:39.564    Disk 0 unknown MBR code
16:43:39.580    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
16:43:39.595    Disk 0 scanning C:\Windows\system32\drivers
16:43:44.872    Service scanning
16:43:56.153    Modules scanning
16:43:56.161    Disk 0 trace - called modules:
16:43:56.177    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys storport.sys hal.dll iaStorA.sys 
16:43:56.177    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001a0355060]
16:43:56.193    3 CLASSPNP.SYS[fffff8012d58f27b] -> nt!IofCallDriver -> [0xffffe001a0356960]
16:43:56.193    5 hpdskflt.sys[fffff8012d9f042b] -> nt!IofCallDriver -> [0xffffe0019e5b8cf0]
16:43:56.193    7 ACPI.sys[fffff8012ca2e7aa] -> nt!IofCallDriver -> \Device\0000002f[0xffffe0019e5b7060]
16:44:07.096    AVAST engine scan C:\Windows
16:44:22.286    AVAST engine scan C:\Windows\system32
16:49:06.642    AVAST engine scan C:\Windows\system32\drivers
16:49:29.847    AVAST engine scan C:\Users\Gebruiker
17:12:18.231    AVAST engine scan C:\ProgramData
17:16:09.123    Disk 0 statistics 4954901/0/0 @ 1,84 MB/s
17:16:09.139    Scan finished successfully
17:16:22.073    Disk 0 MBR has been saved successfully to "C:\Users\Gebruiker\Desktop\MBR.dat"
17:16:22.089    The log file has been saved successfully to "C:\Users\Gebruiker\Desktop\aswMBR.txt"
 
 

Attached Files

  • Attached File  MBR.zip   144bytes   0 downloads


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:19 PM

Posted 05 December 2015 - 07:46 AM

Boot sector is OK.

Lets check further.

You will need to temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Click the Options in bold the following options are available to you.
Select only the check boxes for the options in bold.

Running Processes
Installed Programs
Startup Information
FireFox look
Chrome Look
Do a Quick Scan


Do a Quick Scan
HijackThis log
Uninstall list
Shortcut Fix
Do a Deep Scan
Installer List
IE Default
Silent Runner
System Restore Info
Symlink Check
Reset Chrome
System Specs
Recently created
Empty Temp
Auto Clean



Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.
Do
Please attach the zoek-results.log in your reply. It's probably too long to post.

How to:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.

Make sure you Enable your AV Program.

#9 btoasty

btoasty
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 05 December 2015 - 09:34 AM

Hello,

 

I did what you asked and attached the file.

Attached Files



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:19 PM

Posted 05 December 2015 - 11:59 AM

The only suspicous file is the file in bold.

C:\Users\Gebruiker\Downloads\iExplore.exe

Are you running the Internet explorer from the Downloads folder?

This browser is normally run in one of these default folder.
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

Remove the file in the Download folder if you have the proper one in the Default folder.

Restart the computer and let me know if the problem persists.

#11 btoasty

btoasty
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 05 December 2015 - 01:52 PM

Hello,

 

I got that iExplore.exe from a download from here: https://malwaretips.com/blogs/malware-removal-guide-for-windows/ 

It's at STEP 2, it says it renamed the RKILL.exe in order to trick my AV into letting it run or something.

 

I'm not running Internet Explorer from the download folder either (if I use it at all, my main browser is google chrome).

I have deleted it and will reboot now. I'll edit this post after reboot to see if it worked.

 

It still starts up rather slowly, what I noticed as well is that instead of showing my usual picture before logging in (I'm using windows 8.1) it shows another picture that I never used. Waiting a bit makes it load my normal picture and when I try to continue without it turning into my normal picture it says : Please wait a moment.


Edited by btoasty, 05 December 2015 - 02:01 PM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:19 PM

Posted 06 December 2015 - 07:30 AM


This is the only reference to IObit programs on your computer and is being started at RUN time.

Lets remove it.


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CloseProcesses:

HKU\S-1-5-18\...\Run: [Advanced SystemCare 8] => "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.
========

Any improvement?

#13 btoasty

btoasty
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 06 December 2015 - 08:10 AM

Hello,

 

I've done what you said and I'll restarting now. Will edit my post when it's done with results.

EDIT: I've done the restart but it's still pretty slow, I'm sorry if I'm taking a lot of your time with this.

 

Here's the fixlog:

 

Fix resultaat van Farbar Recovery Scan Tool (x64) Versie:05-12-2015
Gestart door Gebruiker (2015-12-06 14:03:41) Run:2
Gestart vanaf C:\Users\Gebruiker\Desktop\Utilities\Detectors of the Horse\FRST64
Geladen Profielen: Gebruiker (Beschikbare Profielen: Gebruiker)
Boot Modus: Normal
==============================================
 
fixlist inhoud:
*****************
start
 
CloseProcesses:
 
HKU\S-1-5-18\...\Run: [Advanced SystemCare 8] => "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
 
End
*****************
 
Proces succesvol afgesloten.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 8 => waarde is succesvol verwijderd.
 
 
Het systeem moest herstart worden.
 
==== Eind van Fixlog 14:03:42 ====

Edited by btoasty, 06 December 2015 - 08:21 AM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:19 PM

Posted 06 December 2015 - 09:18 AM


Try this.

How to perform a clean boot in Windows Vista, W7, W8.
http://support.microsoft.com/kb/929135

Read and follow the instructions on the page before proceeding.

Did you find any conflicting issues?
===

#15 btoasty

btoasty
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 06 December 2015 - 02:31 PM

Hello,

 

Am I to compare boot-time in clean boot and boot-time in normal boot? Or do I have to check what's causing the longer boot-time?

Thanks for having the patience with me.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users